In this paper the authors consider several means of encrypting data so that arithmetic operations can be performed on the data without decryption. They limit themselves to cases in which the operation performed on both plaintext and ciphertext is integer modular addition. For this reason, they are limited to encryption algorithms that are either affine or linear functions or compositions thereof. This causes difficulties, because if the key is not changed with every encryption, the algorithms can be broken by discovery of a very small number of plaintext-ciphertext pairs, while if the key is changed with every encryption, the cost and risks of key management may become prohibitive because a different key is needed for each data item as well as for each update. These difficulties are noted by the authors.

It should be emphasized that many of the problems described by the authors may be avoided by choosing an encryption function so that the operation performed on the ciphertext is something other than modular addition. Thus this paper, while it presents an adequate discussion of a certain aspect of the subject, should not be taken as the final word on the feasibility of processing encrypted data.

This paper is full of misprints and misleading notation that make it hard to understand. Most notable are the following. Wherever f_k(P₁,P₂) appears, it should be replaced by f_k(P₁ + P₂). In the second equation in section 2.2, f_k⁻¹(C₁ + C₂) should be replaced by f_k⁻¹(C₁ + P₂). In section 4.2, f_k1 through f_k64 should be replaced by f_k1⁻¹ through f_k64⁻¹. In section 4.2, the second appearance of M_i should be replaced by P₁.