CRYPTREC is the Cryptography Research and Evaluation Committees set up by the

Japanese Government The Government of Japan consists of legislative, executive and judiciary branches and is based on popular sovereignty. The Government runs under the framework established by the Constitution of Japan, adopted in 1947. It is a unitary state, c ...

to evaluate and recommend

cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

techniques for government and industrial use. It is comparable in many respects to the

European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been des ...

NESSIE NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Gov ...

project and to the

Advanced Encryption Standard process The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more ...

run by

National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...

in the

U.S. The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territori ...

Comparison with NESSIE

There is some overlap, and some conflict, between the NESSIE selections and the CRYPTREC draft recommendations. Both efforts include some of the best cryptographers in the world therefore conflicts in their selections and recommendations should be examined with care. For instance, CRYPTREC recommends several 64 bit block ciphers while NESSIE selected none, but CRYPTREC was obliged by its terms of reference to take into account existing standards and practices, while NESSIE was not. Similar differences in terms of reference account for CRYPTREC recommending at least one

stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream ...

RC4 In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...

, while the NESSIE report specifically said that it was ''notable'' that they had not selected any of those considered. RC4 is widely used in the

SSL/TLS Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

protocols; nevertheless, CRYPTREC recommended that it only be used with 128-bit keys. Essentially the same consideration led to CRYPTREC's inclusion of 160-bit message digest algorithms, despite their suggestion that they be avoided in new system designs. Also, CRYPTREC was unusually careful to examine variants and modifications of the techniques, or at least to discuss their care in doing so; this resulted in particularly detailed recommendations regarding them.

Background and sponsors

CRYPTREC includes members from Japanese

academia An academy (Attic Greek: Ἀκαδήμεια; Koine Greek Ἀκαδημία) is an institution of secondary education, secondary or tertiary education, tertiary higher education, higher learning (and generally also research or honorary membershi ...

industry Industry may refer to: Economics * Industry (economics), a generally categorized branch of economic activity * Industry (manufacturing), a specific branch of economic activity, typically in factories with machinery * The wider industrial sector ...

, and

government A government is the system or group of people governing an organized community, generally a state. In the case of its broad associative definition, government normally consists of legislature, executive, and judiciary. Government is a ...

. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by *the Ministry of Economy Trade and Industry, *the Ministry of Public Management, Home Affairs and Post and Telecommunications, *the Telecommunications Advancement Organization, and *the Information-Technology Promotion Agency.

Responsibilities

It is also the organization that provides technical evaluation and recommendations concerning regulations that implement Japanese laws. Examples include the Electronic Signatures and Certification Services (Law 102 of FY2000, taking effect as from April 2001), the Basic Law on the Formulation of an Advanced Information and Telecommunications Network Society of 2000 (Law 144 of FY2000), and the Public Individual Certification Law of December 2002. Furthermore, CRYPTEC has responsibilities with regard to the Japanese contribution to the

ISO ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...

IEC The International Electrotechnical Commission (IEC; in French: ''Commission électrotechnique internationale'') is an international standards organization that prepares and publishes international standards for all electrical, electronic and r ...

JTC 1/SC27 standardization effort.

Selection

In the first release in 2003, many Japanese ciphers were selected for the "e-Government Recommended Ciphers List": CIPHERUNICORN-E (

NEC is a Japanese multinational information technology and electronics corporation, headquartered in Minato, Tokyo. The company was known as the Nippon Electric Company, Limited, before rebranding in 1983 as NEC. It provides IT and network soluti ...

), Hierocrypt-L1 (

Toshiba , commonly known as Toshiba and stylized as TOSHIBA, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. Its diversified products and services include power, industrial and social infrastructure system ...

), and

MISTY1 In cryptography, MISTY1 (or MISTY-1) is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric. MISTY1 is one of the selected algorithms in the European NESSIE project, and has been among the cryptographic tech ...

(

Mitsubishi Electric , established on 15 January 1921, is a Japanese multinational electronics and electrical equipment manufacturing company headquartered in Tokyo, Japan. It is one of the core companies of Mitsubishi. The products from MELCO include elevators an ...

) as 64 bit block ciphers,

Camellia ''Camellia'' (pronounced or ) is a genus of flowering plants in the family Theaceae. They are found in eastern and southern Asia, from the Himalayas east to Japan and Indonesia. There are more than 220 described species, with some controversy ...

(

Nippon Telegraph and Telephone , commonly known as NTT, is a Japanese telecommunications company headquartered in Tokyo, Japan. Ranked 55th in Fortune Global 500, ''Fortune'' Global 500, NTT is the fourth largest telecommunications company in the world in terms of revenue, as w ...

), CIPHERUNICORN-A (NEC),

Hierocrypt-3 In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. They were submitted to the NESSIE project, but were not selected. Both algorithms were among the cryptographic techniques recommended for Japanese gove ...

(Toshiba), and

SC2000 In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. It was among the cryptographic techniques recommended for Japanese government use by CRYPTR ...

(

Fujitsu is a Japanese multinational information and communications technology equipment and services corporation, established in 1935 and headquartered in Tokyo. Fujitsu is the world's sixth-largest IT services provider by annual revenue, and the la ...

) as 128 bit block ciphers, and finally

MUGI In cryptography, MUGI is a pseudorandom number generator (PRNG) designed for use as a stream cipher. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" ...

and

MULTI-S01 In cryptography, MULTI-S01 (pronounced ''multi-ess-zero-one''), is an encryption algorithm based on a pseudorandom number generator (PRNG). MULTI-S01 is an encryption scheme preserving both confidentiality and data integrity. The scheme defines a pa ...

(

Hitachi () is a Japanese multinational corporation, multinational Conglomerate (company), conglomerate corporation headquartered in Chiyoda, Tokyo, Japan. It is the parent company of the Hitachi Group (''Hitachi Gurūpu'') and had formed part of the Ni ...

) as stream ciphers. In the revised release of 2013, the list was divided into three: "e-Government Recommended Ciphers List", "Candidate Recommended Ciphers List", and "Monitored Ciphers List". Most of the Japanese ciphers listed in the previous list (except for Camellia) have moved from the "Recommended Ciphers List" to the "Candidate Recommended Ciphers List". There were several new proposals, such as CLEFIA (

Sony , commonly stylized as SONY, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. As a major technology company, it operates as one of the world's largest manufacturers of consumer and professional ...

) as a 128 bit block cipher as well as KCipher-2 (

KDDI () is a Japanese telecommunications operator formed on October 1, 2000 through the merger of DDI Corp. (Daini-Denden Inc.), KDD (Kokusai Denshin Denwa) Corp. (itself a former listed state-owned enterprise privatized in 1998), and IDO Corp. It h ...

) and Enocoro-128v2 (Hitachi) as stream ciphers. However, only KCipher-2 has been listed on the "e-Government Recommended Ciphers List". The reason why most Japanese ciphers have not been selected as "Recommended Ciphers" is not that these ciphers are necessarily unsafe, but that these ciphers are not widely used in commercial products, open-source projects, governmental systems, or international standards. There is the possibility that ciphers listed on "Candidate Recommended Ciphers List" will be moved to the "e-Government Recommended Ciphers List" when they are utilized more widely. In addition, 128 bit

and

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...

are listed on "Monitored Ciphers List". These are unsafe and only permitted to remain compatible with old systems. After the revision in 2013, there are several updates such as addition of

ChaCha20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

Poly1305 Poly1305 is a universal hash family designed by Daniel J. Bernstein for use in cryptography. As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a key shared ...

EdDSA In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature scheme ...

and

SHA-3 SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...

, move of

Triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...

to Monitored list, and deletion of

, etc.

CRYPTREC Ciphers List

e-Government Recommended Ciphers List

*Public key ciphers **Signature *** DSA ***

ECDSA In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. Key and signature-size As with elliptic-curve cryptography in general, the b ...

*** RSA-PSS *** RSASSA-PKCS1-v1_5 **Confidentiality *** RSA-OAEP **Key exchange *** DH *** ECDH *Symmetric key ciphers **64-bit block ciphers ***N/A **128-bit block ciphers *** AES ***

**Stream ciphers *** KCipher-2 *Hash functions **

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...

**SHA-384 **SHA-512 *Modes of operation **Encryption modes *** CBC *** CFB *** CTR *** OFB **Authenticated encryption modes *** CCM *** GCM *Message authentication codes ** CMAC **

HMAC In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret ...

*Authenticated encryption **N/A *Entity authentication **ISO/IEC 9798-2 **ISO/IEC 9798-3

Candidate Recommended Ciphers List

*Public key ciphers **Signature ***

**Confidentiality ***N/A **Key exchange *** PSEC-KEM *Symmetric key ciphers **64-bit block ciphers *** CIPHERUNICORN-E *** Hierocrypt-L1 ***

**128-bit block ciphers *** CIPHERUNICORN-A *** CLEFIA ***

***

**Stream ciphers ***

*** Enocoro-128v2 ***

*Hash functions ** SHA-512/256 ** SHA3-256 **SHA3-384 **SHA3-512 **SHAKE128 **SHAKE256 *Modes of operation **Encryption modes *** XTS **Authenticated encryption modes ***N/A *Message authentication codes ** PC-MAC-AES *Authenticated encryption **

*Entity authentication **ISO/IEC 9798-4

Monitored Ciphers List

*Public key ciphers **Signature ***N/A **Confidentiality *** RSAES-PKCS1-v1_5 **Key exchange ***N/A *Symmetric key ciphers **64-bit block ciphers *** 3-key Triple DES **128-bit block ciphers ***N/A **Stream ciphers ***N/A *Hash functions ** RIPEMD-160 **

*Modes of operation **Encryption modes ***N/A **Authenticated encryption modes ***N/A *Message authentication codes **

CBC-MAC In cryptography, a cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code (MAC) from a block cipher. The message is encrypted with some block cipher algorithm in cipher block cha ...

*Authenticated encryption **N/A *Entity authentication **N/A

References

External links

*
The list of ciphers that should be referred to in the procurement for the e-Government system (CRYPTREC Ciphers List)
(in Japanese) {{Cryptography navbox , block Cryptography standards Government research Standards of Japan