CRYPTREC
Encyclopedia
CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union
's NESSIE
project and to the Advanced Encryption Standard process
run by NIST in the U.S.
.
, RC4
, while the NESSIE report specifically said that it was notable that they had not selected any of those considered. RC4 is widely used in the SSL/TLS
protocols; nevertheless, CRYPTREC recommended that it only be used with 128-bit keys. Essentially the same consideration led to CRYPTREC's inclusion of 160-bit message digest algorithms, despite their suggestion that they be avoided in new system designs. Also, CRYPTREC was unusually careful to examine variants and modifications of the techniques, or at least to discuss their care in doing so; this resulted in particularly detailed recommendations regarding them.
, industry
, and government
. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by
/IEC
JTC 1/SC27 standardization effort.
The Committee has issued reports on its progress in 2001, 2002, and 2003, and produced a draft report and recommendation in August 2003. The draft report recommends many cryptographic algorithms, protocols, and techniques, but some of them are recommended only conditionally. The list below includes the conditions noted (in italics).
indispensable cryptographic techniques (not submitted to CRYPTREC):
specific evaluation targets (not submitted to CRYPTREC):
submitted techniques:
Public Key Algorithms (aka asymmetric key algorithms w/ public/private key property)
Symmetric Key Cipher Algorithms
Cryptographic Hash Algorithms (256-bit or larger digests are to be preferred in new designs. The two 160-bit digest algorithms listed are acceptable if already included in a current public key specification)
Cryptographic Pseudo-Random Number Generators—those listed are examples only, none is recommended
European Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
's NESSIE
NESSIE
NESSIE was a European research project funded from 2000–2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC project, but with notable differences from both...
project and to the Advanced Encryption Standard process
Advanced Encryption Standard process
The Advanced Encryption Standard , the block cipher ratified as a standard by National Institute of Standards and Technology of the United States , was chosen using a process markedly more open and transparent than its predecessor, the aging Data Encryption Standard...
run by NIST in the U.S.
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
.
Comparison with NESSIE
There is some overlap, and some conflict, between the NESSIE selections and the CRYPTREC draft recommendations. Both efforts include some of the best cryptographers in the world therefore conflicts in their selections and recommendations should be examined with care. For instance, CRYPTREC recommends several 64 bit block ciphers while NESSIE selected none, but CRYPTREC was obliged by its terms of reference to take into account existing standards and practices, while NESSIE was not. Similar differences in terms of reference account for CRYPTREC recommending at least one stream cipherStream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
, RC4
RC4
In cryptography, RC4 is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer and WEP...
, while the NESSIE report specifically said that it was notable that they had not selected any of those considered. RC4 is widely used in the SSL/TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
protocols; nevertheless, CRYPTREC recommended that it only be used with 128-bit keys. Essentially the same consideration led to CRYPTREC's inclusion of 160-bit message digest algorithms, despite their suggestion that they be avoided in new system designs. Also, CRYPTREC was unusually careful to examine variants and modifications of the techniques, or at least to discuss their care in doing so; this resulted in particularly detailed recommendations regarding them.
Background and sponsors
CRYPTREC includes members from Japanese academiaAcademia
Academia is the community of students and scholars engaged in higher education and research.-Etymology:The word comes from the akademeia in ancient Greece. Outside the city walls of Athens, the gymnasium was made famous by Plato as a center of learning...
, industry
Industry
Industry refers to the production of an economic good or service within an economy.-Industrial sectors:There are four key industrial economic sectors: the primary sector, largely raw material extraction industries such as mining and farming; the secondary sector, involving refining, construction,...
, and government
Government
Government refers to the legislators, administrators, and arbitrators in the administrative bureaucracy who control a state at a given time, and to the system of government by which they are organized...
. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by
- the Ministry of Economy Trade and Industry,
- the Ministry of Public Management, Home Affairs and Post and Telecommunications,
- the Telecommunications Advancement Organization, and
- the Information-Technology Promotion Agency.
Responsibilities
It is also the organization providing technical evaluation and recommendations in regard to regulations implementing Japanese laws: examples include that on Electronic Signatures and Certification Services (Law 102 of FY2000, taking effect as from April 2001), the Basic Law on the Formulation of an Advanced Information and Telecommunications Network Society of 2000 (Law 144 of FY2000), and the Public Individual Certification Law of December 2002. Furthermore, CRYPTEC has responsibilities with regard to the Japanese contribution to the ISOInternational Organization for Standardization
The International Organization for Standardization , widely known as ISO, is an international standard-setting body composed of representatives from various national standards organizations. Founded on February 23, 1947, the organization promulgates worldwide proprietary, industrial and commercial...
/IEC
International Electrotechnical Commission
The International Electrotechnical Commission is a non-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies – collectively known as "electrotechnology"...
JTC 1/SC27 standardization effort.
Techniques evaluated
The Committee issued public calls for submissions in June 2000 and in August 2001, and received a total of 63 submissions. In addition it compiled a list of techniques which were not directly submitted but which have been adopted as recommended techniques elsewhere and judged important (called indispensable cryptographic techniques), or whose evaluation was requested by other organizations or which had special legal significance in Japan (called specific evaluation target techniques).The Committee has issued reports on its progress in 2001, 2002, and 2003, and produced a draft report and recommendation in August 2003. The draft report recommends many cryptographic algorithms, protocols, and techniques, but some of them are recommended only conditionally. The list below includes the conditions noted (in italics).
Evaluated techniques (as of 2002)
NB: there is overlap between the two 'not submitted' groups. This arose from the history and has no other meaning.indispensable cryptographic techniques (not submitted to CRYPTREC):
- Public Key Algorithms (aka asymmetric key w/ public/private key property algorithms)
- authentication
- signature
- DSADigital Signature AlgorithmThe Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...
(NIST Digital Signature Algorithm from the Digital Signature Standard FIPS Pub 186-2; ANSI X9.30, part 1) - ECDSA (ANSI X9.62) (Elliptic Curve Digital Signature Algorithm; ANSI X9.62, SEC1 by Standards for Efficient Cryptography Group - 2000)
- RSASSA-PKCS1 v1.5
- DSA
- confidentiality
- key agreement
- Diffie-Hellman (Diffie-Hellman -- ANSI X9.42-2001 specification only)
- Symmetric Key Cipher Algorithms
- 64-bit block ciphers
- DESData Encryption StandardThe Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
(NBSNational Institute of Standards and TechnologyThe National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...
(NIST)/NSA, FIPS Pub, and other, std) - Triple DESTriple DESIn cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
(Tuchman et al., FIPS Pub, and other, std)
- DES
- 128-bit block ciphers
- AESAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
(NIST Advanced Encryption Standard, FIPS Pub std)
- AES
- 64-bit block ciphers
- Cryptographic Hash Algorithms
-
- MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
(Message Digest algorithm 5 (Rivest)) - RIPEMD-160 RIPE project Message Digest at 160-bit length
- SHA-1 (NIST/NSA Secure Hash Algorithm -- 160 bit digest)
- SHA-256 (... 256 bit digest)
- SHA-384 (... 384 bit digest)
- SHA-512 (... 512 bit digest)
- MD5
-
- Cryptographic Pseudo-Random Number Generators
-
- PRNG for DSADigital Signature AlgorithmThe Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...
in FIPSFederal Information Processing StandardA Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
Pub 186-2 Appendix 3 - PRNG in ANSIAmerican National Standards InstituteThe American National Standards Institute is a private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. The organization also coordinates U.S. standards with international...
X9ASC X9The Accredited Standards Committee X9 - Financial Industry Global Standards, mission is to develop, establish, maintain, and promote standards for the Financial Services Industry in order to facilitate delivery of financial services and products. ASC X9, Inc...
.42-2001 Annex C.1/C.2 - PRNG in ANSI X9.62-1998 Annex A.4
- PRNG in ANSI X9.63-2001 Annex A.4
- PRNG for general purpose FIPSFederal Information Processing StandardA Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
Pub 186-2 (inc change notice 1) Appendix 3.1 - PRNG in FIPSFederal Information Processing StandardA Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
Pub 186-2 (inc change notice 1) revised Appendix 3.1/3.2
- PRNG for DSA
-
specific evaluation targets (not submitted to CRYPTREC):
- Public Key Algorithms (aka asymmetric key w/ public/private key property algorithms)
- authentication
- signature
- DSA
- ECDSA (in ANSI X9.62)
- ESIGN (Nippon Telegraph and Telephone)
- RSASSA-PKCS1 v1.5 (RSA Labs, 2002)
- TSA-ESIGN (Trisection Size Hash ESIGN -- NTT)
- confidentiality
- RSAES-PKCS1 v1.5 (RSA Labs)
- key agreement -- none in this group
- Symmetric Key Cipher Algorithms
-
- DESData Encryption StandardThe Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
/Triple DESTriple DESIn cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
(40, 56 & 168 bit keys) - RC2RC2In cryptography, RC2 is a block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5 and RC6....
(40 & 128 bit keys) - SEEDSEEDSEED is a block cipher developed by the Korean Information Security Agency. It is used broadly throughout South Korean industry, but seldom found elsewhere. It gained popularity in Korea because 40 bit SSL was not considered strong enough , so the Korean Information Security Agency developed its...
(S Korean Government standard block cipher, 128 bit key)
- DES
- stream ciphers
- RC4 (40 & 128 bit keys)
-
- Cryptographic Hash Algorithms -- none in this group
- Cryptographic Pseudo-Random Number Generators -- none in this group
submitted techniques:
- Public Key Algorithms (aka asymmetric key w/ public/private key property algorithms)
- authentication
- signature
- ECDSA(SEC1)
- ESIGN
- RSA-PSS
- confidentiality
- ECIES(SEC1) (formerly ECAES, SECG 2000)
- HIME(R) (Hitachi)
- key agreement
- ECDH(SEC1) (SECG 2000)
- PSEC-KEM
- RSA-OAEP
- Symmetric Key Cipher Algorithms
- 64-bit block ciphers
- Hierocrypt-L1
- MISTY1MISTY1In cryptography, MISTY1 is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric.MISTY1 is one of the selected algorithms in the European NESSIE project, and has been recommended for Japanese government use by the CRYPTREC project."MISTY" can stand for "Mitsubishi...
- CIPHERUNICORN-ECIPHERUNICORN-EIn cryptography, CIPHERUNICORN-E is a block cipher created by NEC in 1998. It is among the cryptographic techniques recommended for Japanese government use by CRYPTREC....
- 128-bit block ciphers
- CamelliaCamellia (cipher)In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...
- CIPHERUNICORN-ACIPHERUNICORN-AIn cryptography, CIPHERUNICORN-A is a block cipher created by NEC in 2000. It is among the cryptographic techniques recommended for Japanese government use by CRYPTREC....
- Hierocrypt-3
- RC6RC6In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard competition. The algorithm was one of the five finalists, and was also submitted to the...
(by Rivest; withdrawn by submitter and not further evaluated) - SC2000SC2000In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. SC2000 is one of the cryptographic techniques recommended for Japanese government use by CRYPTREC....
- Camellia
- stream ciphers
- MUGIMUGIIn cryptography, MUGI is a pseudorandom number generator designed for use as a stream cipher. It has been recommended for Japanese government use by the CRYPTREC project.MUGI takes a 128-bit secret key and a 128-bit initial vector...
- MULTI-S01MULTI-S01In cryptography, MULTI-S01 , is an encryption algorithm based on a pseudorandom number generator . MULTI-S01 is an encryption scheme preserving both confidentiality and data integrity. The scheme defines a pair of algorithms; the encryption, the corresponding decryption with verification...
- MUGI
- 64-bit block ciphers
- Cryptographic Hash Algorithms -- none submitted
- Cryptographic Pseudo-Random Number Generators -- none submitted
Recommended techniques (as of Nov 2002, pub in Aug 2003 draft report)
NB: italics denote contingent recommendation condition(s)Public Key Algorithms (aka asymmetric key algorithms w/ public/private key property)
- authentication -- none recommended
- signature
- DSA
- ECDSA (ANSI X9.62, SEC 1) (empirically secure)
- ---ESIGN (forgeable factor discovered does not have provable security)
- ---TSH-ESIGN (does not have provable security)
- RSA-PSS (provably secure)
- RSASSA-PKCS1 v1.5 (empirically secure)
- confidentiality
- ---ECIES (vulnerable to chosen plaintext attacks)
- ---HIME(R) (no provable security, specification errors)
- RSA-OAEP (provably secure)
- RSAES-PKCS1 v1.5 (Permitted 'for the time being' (as empirically secure), due to use in SSL3.0/TSL1.0 -- use only with maximum caution)
- key agreement
- DH (empirically secure)
- ECDH (empirically secure)
- PSEC-KEM (recommended only in Data Encapsulation Mechanism construction w/ elliptic curve parameters as defined by SEC 1)
Symmetric Key Cipher Algorithms
- 64-bit block ciphers (128 bit block ciphers are preferable if possible)
- CIPHERUNICORN-E
- Hierocrypt-L1
- MISTY1
- 3-key Triple DES (Permitted 'for the time being' if used as specified in FIPS Pub 46-3, and if specified as a de facto standard)
- 128-bit block ciphers -- only 128-bit block ciphers are recommended
- AES
- Camellia
- CIPHERUNICORN-A
- Hierocrypt-3
- SC2000
- stream ciphers
- MUG1
- MULTI-S01
- RC4 (128-bit keys only)
Cryptographic Hash Algorithms (256-bit or larger digests are to be preferred in new designs. The two 160-bit digest algorithms listed are acceptable if already included in a current public key specification)
- RIPEMD-160 (160 bit digest)
- SHA-1 (160 bit digest)
- SHA-256
- SHA-384
- SHA-512
Cryptographic Pseudo-Random Number Generators—those listed are examples only, none is recommended
- RPNG based on SHA-1 in ANSI X9.42-2001 Annex C.1
- PRNG based on SHA-1 for general purposes in FIPS Pub 186-2 (inc change notice 1) Appendix 3.1
- PRNG based on SHA-1 for general purposes in FIPS Pub 186-2 (inc change notice 1) revised Appendix 3.1