CRYPTREC

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.

Comparison with NESSIE

There are differences between the recommendations of CRYPTREC and the NESSIE project, reflecting their differing mandates and evaluation criteria.[1][2]

For example, CRYPTREC included certain 64-bit block ciphers in its recommended list, while NESSIE did not select any 64-bit block ciphers in its final portfolio.[3][4]

Similarly, CRYPTREC listed RC4 among its recommended stream ciphers, although it noted limitations regarding key length and usage, whereas NESSIE did not select RC4 in its final recommendations.[5][6]

Background and sponsors

CRYPTREC includes members from Japanese academia, industry, and government. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by

  • the Ministry of Economy Trade and Industry,
  • the Ministry of Public Management, Home Affairs and Post and Telecommunications,
  • the Telecommunications Advancement Organization, and
  • the Information-Technology Promotion Agency.

Responsibilities

CRYPTREC provides technical evaluation and recommendations relating to the implementation of Japanese information security legislation.[7]

Its advisory role has included legislation such as the Electronic Signatures and Certification Business Act (Act No. 102 of 2000), which came into effect in April 2001; the Basic Act on the Formation of an Advanced Information and Telecommunications Network Society (Act No. 144 of 2000); and the Public Personal Authentication Services Act of 2002.[8]

CRYPTREC also contributes to Japan’s participation in international standardization activities, including ISO/IEC JTC 1/SC 27 (Information security, cybersecurity and privacy protection).[9]

Selection

In the first release in 2003,[10] many Japanese ciphers were selected for the "e-Government Recommended Ciphers List": CIPHERUNICORN-E (NEC), Hierocrypt-L1 (Toshiba), and MISTY1 (Mitsubishi Electric) as 64 bit block ciphers, Camellia (Nippon Telegraph and Telephone, Mitsubishi Electric), CIPHERUNICORN-A (NEC), Hierocrypt-3 (Toshiba), and SC2000 (Fujitsu) as 128 bit block ciphers, and finally MUGI and MULTI-S01 (Hitachi) as stream ciphers.

In the revised release of 2013,[11] the list was divided into three: "e-Government Recommended Ciphers List", "Candidate Recommended Ciphers List", and "Monitored Ciphers List". Most of the Japanese ciphers listed in the previous list (except for Camellia) have moved from the "Recommended Ciphers List" to the "Candidate Recommended Ciphers List". There were several new proposals, such as CLEFIA (Sony) as a 128 bit block cipher as well as KCipher-2 (KDDI) and Enocoro-128v2 (Hitachi) as stream ciphers. However, only KCipher-2 has been listed on the "e-Government Recommended Ciphers List". The reason why most Japanese ciphers have not been selected as "Recommended Ciphers" is not that these ciphers are necessarily unsafe, but that these ciphers are not widely used in commercial products, open-source projects, governmental systems, or international standards. There is the possibility that ciphers listed on "Candidate Recommended Ciphers List" will be moved to the "e-Government Recommended Ciphers List" when they are utilized more widely.

In addition, 128 bit RC4 and SHA-1 are listed on "Monitored Ciphers List". These are unsafe and only permitted to remain compatible with old systems.

After the revision in 2013, there are several updates such as addition of ChaCha20-Poly1305, EdDSA and SHA-3, move of Triple DES to Monitored list, and deletion of RC4, etc.

CRYPTREC Ciphers List

As of March 2023

  • Public key ciphers
    • Signature
      • N/A
    • Confidentiality
      • N/A
    • Key exchange
      • PSEC-KEM
  • Symmetric key ciphers
  • Hash functions
    • N/A
  • Modes of operation
    • Encryption modes
      • N/A
    • Authenticated encryption modes
      • N/A
  • Message authentication codes
    • PC-MAC-AES
  • Authenticated encryption
    • N/A
  • Entity authentication
    • N/A

Monitored Ciphers List

  • Public key ciphers
  • Symmetric key ciphers
    • 64-bit block ciphers
    • 128-bit block ciphers
      • N/A
    • Stream ciphers
      • N/A
  • Hash functions
  • Modes of operation
    • Encryption modes
      • N/A
    • Authenticated encryption modes
      • N/A
  • Message authentication codes
  • Authenticated encryption
    • N/A
  • Entity authentication
    • N/A

References

  1. ^ "NESSIE Final Report". NESSIE Project. European Commission. Retrieved 22 February 2026.
  2. ^ "CRYPTREC Report". CRYPTREC. Ministry of Economy, Trade and Industry (Japan). Retrieved 22 February 2026.
  3. ^ NESSIE Final Report
  4. ^ CRYPTREC Report
  5. ^ CRYPTREC Report
  6. ^ NESSIE Final Report
  7. ^ "About CRYPTREC". CRYPTREC Secretariat. Ministry of Economy, Trade and Industry (Japan). Retrieved 22 February 2026.
  8. ^ "Electronic Signatures and Certification Business Act". Japanese Law Translation Database System. Ministry of Justice (Japan). Retrieved 22 February 2026.
  9. ^ "ISO/IEC JTC 1/SC 27". ISO. International Organization for Standardization. Retrieved 22 February 2026.
  10. ^ "e-Government recommended ciphers list" (PDF). CRYPTREC. 2003-02-20. Archived from the original (PDF) on 2018-04-17. Retrieved 2018-08-16.
  11. ^ "Specifications of e-Government Recommended Ciphers". CRYPTREC. 2018-07-02. Retrieved 2018-08-16.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.