CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by NIST in the U.S..
Contents
Comparison with NESSIE
There is some overlap, and some conflict, between the NESSIE selections and the CRYPTREC draft recommendations. Both efforts include some of the best cryptographers in the world therefore conflicts in their selections and recommendations should be examined with care. For instance, CRYPTREC recommends several 64 bit block ciphers while NESSIE selected none, but CRYPTREC was obliged by its terms of reference to take into account existing standards and practices, while NESSIE was not. Similar differences in terms of reference account for CRYPTREC recommending at least one stream cipher, RC4, while the NESSIE report specifically said that it was notable that they had not selected any of those considered. RC4 is widely used in the SSL/TLS protocols; nevertheless, CRYPTREC recommended that it only be used with 128-bit keys. Essentially the same consideration led to CRYPTREC's inclusion of 160-bit message digest algorithms, despite their suggestion that they be avoided in new system designs. Also, CRYPTREC was unusually careful to examine variants and modifications of the techniques, or at least to discuss their care in doing so; this resulted in particularly detailed recommendations regarding them.
Background and sponsors
CRYPTREC includes members from Japanese academia, industry, and government. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by
Responsibilities
It is also the organization providing technical evaluation and recommendations in regard to regulations implementing Japanese laws: examples include that on Electronic Signatures and Certification Services (Law 102 of FY2000, taking effect as from April 2001), the Basic Law on the Formulation of an Advanced Information and Telecommunications Network Society of 2000 (Law 144 of FY2000), and the Public Individual Certification Law of December 2002. Furthermore, CRYPTEC has responsibilities with regard to the Japanese contribution to the ISO/IEC JTC 1/SC27 standardization effort.
Selection
First release in 2003, many Japanese ciphers were selected for "e-Government Recommended Ciphers List"; CIPHERUNICORN-E (NEC), Hierocrypt-L1 (Toshiba), MISTY1 (Mitsubishi Electric) as 64 bit block ciphers, Camellia (Nippon Telegraph and Telephone, Mitsubishi Electric), CIPHERUNICORN-A (NEC), Hierocrypt-3 (Toshiba), SC2000(Fujitsu) as 128 bit block ciphers, MUGI, MULTI-S01 (Hitachi) as stream ciphers.
Revised release in 2013, list was divided to three, "e-Government Recommended Ciphers List", "Candidate Recommended Ciphers List", and "Monitored Ciphers List". Most of Japanese ciphers listed in previous list (except for Camellia) have moved from "Recommended Ciphers List" to "Candidate Recommended Ciphers List". There were several new proposals like CLEFIA (Sony) as 128 bit block cipher, KCipher-2 (KDDI), Enocoro-128v2 (Hitachi) as stream ciphers, however, only KCipher-2 has been listed on "e-Government Recommended Ciphers List". The reason why most of Japanese ciphers have not been selected as "Recommended Ciphers" is not that these ciphers are unsafe, but that these ciphers are not widely used in commercial products, open-source projects, governmental systems, international standards. There is possibility that ciphers listed on "Candidate Recommended Ciphers List" will be moved to "e-Government Recommended Ciphers List" when they are used in many systems.
In addition, 128 bit RC4 and SHA-1 are listed on "Monitored Ciphers List". These are unsafe and only permitted to keep compatibilities with old systems.