CRYPTREC

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by NIST in the U.S..

Comparison with NESSIE

There is some overlap, and some conflict, between the NESSIE selections and the CRYPTREC draft recommendations. Both efforts include some of the best cryptographers in the world^{[citation needed]} therefore conflicts in their selections and recommendations should be examined with care. For instance, CRYPTREC recommends several 64 bit block ciphers while NESSIE selected none, but CRYPTREC was obliged by its terms of reference to take into account existing standards and practices, while NESSIE was not. Similar differences in terms of reference account for CRYPTREC recommending at least one stream cipher, RC4, while the NESSIE report specifically said that it was notable that they had not selected any of those considered. RC4 is widely used in the SSL/TLS protocols; nevertheless, CRYPTREC recommended that it only be used with 128-bit keys. Essentially the same consideration led to CRYPTREC's inclusion of 160-bit message digest algorithms, despite their suggestion that they be avoided in new system designs. Also, CRYPTREC was unusually careful to examine variants and modifications of the techniques, or at least to discuss their care in doing so; this resulted in particularly detailed recommendations regarding them.

Background and sponsors

CRYPTREC includes members from Japanese academia, industry, and government. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by

the Ministry of Economy Trade and Industry,
the Ministry of Public Management, Home Affairs and Post and Telecommunications,
the Telecommunications Advancement Organization, and
the Information-Technology Promotion Agency.

Responsibilities

It is also the organization providing technical evaluation and recommendations in regard to regulations implementing Japanese laws: examples include that on Electronic Signatures and Certification Services (Law 102 of FY2000, taking effect as from April 2001), the Basic Law on the Formulation of an Advanced Information and Telecommunications Network Society of 2000 (Law 144 of FY2000), and the Public Individual Certification Law of December 2002. Furthermore, CRYPTEC has responsibilities with regard to the Japanese contribution to the ISO/IEC JTC 1/SC27 standardization effort.

Selection

In March, 2013, the CRYPTREC list was updated for the first time in 10 years.^[1] Camellia was announced as has been selected for adoption in Japan's new e-Government Recommended Ciphers List as the only 128-bit block cipher encryption algorithm developed in Japan.^[2]

Japanese e-Government Recommended Ciphers List

Public key ciphers
- Signature
  - DSA: NIST FIPS 186-2
  - ECDSA: Certicom
  - RSA-PSS^{[note 1]}: PCKS#1, RSA Laboratories
  - RSASSA-PKCS1-v1_5^{[note 1]}: PCKS#1, RSA Laboratories
- Confidentiality
  - RSA-OAEP^{[note 1]}: PCKS#1, RSA Laboratories
- Key exchange
  - DH: NIST SP 800-56A Revision 1
  - ECDH: NIST SP 800-56A Revision 1
Symmetric key ciphers
- 64-bit block ciphers^{[note 2]}
  - 3-key Triple DES^{[note 3]}: NIST SP 800-67 Revision 1
- 128-bit block ciphers
  - AES: NIST FIPS PUB 197
  - Camellia: Nippon Telegraph and Telephone, Mitsubishi Electric
- Stream ciphers
  - KCipher-2: KDDI
Hash functions
- SHA-256: NIST FIPS PUB 180-4
- SHA-384: NIST FIPS PUB 180-4
- SHA-512: NIST FIPS PUB 180-4
Modes of operation
- Encryption modes
  - CBC: NIST SP 800-38A
  - CFB: NIST SP 800-38A
  - CTR: NIST SP 800-38A
  - OFB: NIST SP 800-38A
- Authenticated encryption modes
  - CCMNIST SP 800-38C
  - GCM^{[note 4]}: NIST SP 800-38D
Message authentication codes
- CMAC: NIST SP 800-38B
- HMAC: NIST FIPS PUB 198-1
Entity authentication
- ISO/IEC 9798-2: ISO/IEC 9798-2:2008
- ISO/IEC 9798-3: ISO/IEC 9798-3:1998, ISO/IEC 9798-3:1998/Amd 1:2010

Candidate Recommended Ciphers List

Public key ciphers
- Signature
  - N/A
- Confidentiality
  - N/A
- Key exchange
  - PSEC-KEM^{[note 5]}: Nippon Telegraph and Telephone
Symmetric key ciphers
- 64-bit block ciphers^{[note 6]}
  - CIPHERUNICORN-E: NEC
  - Hierocrypt#Hierocrypt-L1: Toshiba
  - MISTY1: Mitsubishi Electric
- 128-bit block ciphers
  - CIPHERUNICORN-A: NEC
  - CLEFIA: Sony
  - Hierocrypt-3: Toshiba
  - SC2000: Fujitsu
- Stream ciphers
  - MUGI: Hitachi
  - Enocoro-128v2: Hitachi
  - MULTI-S01^{[note 7]}: Hitachi
Hash functions
- N/A
Modes of operation
- N/A
- Authenticated encryption modes
  - N/A
Message authentication codes
- PC-MAC-AES: NEC
Entity authentication
- ISO/IEC 9798-4: ISO/IEC 9798-4:1999

Monitored Ciphers List

Public key ciphers
- Signature
  - N/A
- Confidentiality
  - RSAES-PKCS1-v1_5^{[note 8]}^{[note 9]}: PCKS#1, RSA Laboratories
- Key exchange
  - N/A
Symmetric key ciphers
- 64-bit block ciphers
  - N/A
- 128-bit block ciphers
  - N/A
- Stream ciphers
  - 128-bit RC4^{[note 10]}: RSA Laboratories
Hash functions
- RIPEMD-160: Hans Dobbertin, Antoon Bosselaers, Bart Preneel
- SHA-1^{[note 8]}: NIST FIPS PUB 180-4
Modes of operation
- N/A
- Authenticated encryption modes
  - N/A
Message authentication codes
- CBC-MAC^{[note 10]}: ISO/IEC 9797-1:2011
Entity authentication
- N/A

Notes

^ ^a ^b ^c Use of RSA-1024 is permitted based on Japanese government guideline.
^ 128 bit block ciphers are preferable if possible
^ Permitted 'for the time being' if used as specified in FIPS Pub 46-3, and if specified as a de facto standard
^ Initial vector (IV) should be 96 bytes.
^ Only permitted as KEM (Key Encapsulating Mechanism)–DEM (Data Encapsulating Mechanism)
^ 128 bit block ciphers are preferable if possible
^ Size of the plaintext should be multiples of 64 bit.
^ ^a ^b Use of RSA-1024 and SHA-1 is permitted based on Japanese government guideline.
^ Permitted 'for the time being' based on the results in use of SSL 3.0 / TLS 1.0, 1.1, 1.2.
^ ^a ^b limited to SSL3.0 / TLS1.0 or higher Cite error: The named reference "note-10" was defined multiple times with different content (see the help page).

References

^ "Specifications of e-Government Recommended Ciphers". 2013-03-26.
^ "Camellia Encryption Algorithm Selected for New e-Government Recommended Ciphers List". 2013-03-26.

External links

Main CRYPTREC Web page

[note-1-3] Use of RSA-1024 is permitted based on Japanese government guideline.

[note-2-4] 128 bit block ciphers are preferable if possible

[note-3-5] Permitted 'for the time being' if used as specified in FIPS Pub 46-3, and if specified as a de facto standard

[note-4-6] Initial vector (IV) should be 96 bytes.

[note-5-7] Only permitted as KEM (Key Encapsulating Mechanism)–DEM (Data Encapsulating Mechanism)

[note-6-8] 128 bit block ciphers are preferable if possible

[note-7-9] Size of the plaintext should be multiples of 64 bit.

[note-8-10] Use of RSA-1024 and SHA-1 is permitted based on Japanese government guideline.

[note-9-11] Permitted 'for the time being' based on the results in use of SSL 3.0 / TLS 1.0, 1.1, 1.2.

[note-10-12] ted to SSL3.0 / TLS1.0 or higher Cite error: The named reference "note-10" was defined multiple times with different content (see the help page).

[1] "Specifications of e-Government Recommended Ciphers". 2013-03-26.

[2] "Camellia Encryption Algorithm Selected for New e-Government Recommended Ciphers List". 2013-03-26.

[1]

[2]

[note 1]

[note 2]

[note 3]

[note 4]

[note 5]

[note 6]

[note 7]

[note 8]

[note 9]

[note 10]