A cipher processing configuration, of which the resistance against various attacks is improved, having a high security level is realized. In a cipher processing configuration in which a nonlinear transformation process and a linear transformation process are repeatedly performed for state data formed from a plurality of elements, a linear transformation unit performs a matrix operation applying a quasi-MDS matrix and a substitution process. As the substitution process, a substitution process is performed which satisfies the following (Condition 1) and (Condition A). (Condition 1) According to the substitution process of the substitution unit for the input X, each column element of the output Y is configured by elements of four mutually-different columns of the input X (Condition A) In a case where the substitution process performed by the substitution unit for the input X is repeatedly performed continuously twice, each column element of the output Y is configured by elements of three or more mutually-different columns of the input X.