CRYPTREC (Cryptography Research and Evaluation Committees)

1. CRYPTREC(Cryptography Research and Evaluation Committees) 2003.2.5 Office of IT Security Policy Ministry of Economy, Trade and Industry Japan

2. Background of CRYPTREC • e-JAPAN Priority Policy Program (March 29, 2001) • The e-Japan Strategy sets goals to make Japan the world's most advanced IT nation within five years. • By 2003, an electronic government (e-government), which treats electronic information in the same way as information on papers, will be realized. • Promotion of standardization of cryptographic technologies by FY2002 (MPHPT and METI) • Action Plan for Ensuring IT Security of Electronic Government (October 10, 2001) • MPHPT and METI should aim at adopting a list concerning recommended cryptographic algorithm by FY 2002 for the purpose of facilitating procurement by an electronic government. • e-JAPAN Priority Policy Program 2002(June 18, 2002) • Evaluation and standardization of cryptographic technologies to be used for an electronic government by FY 2002 (MPHPT and METI).

3. Major Activities of CRYPTREC • CRYPTREC 2000 (May 2000 - March 2001) • May CRYPTREC Evaluation Committee organized. • June to July Cryptographic technique submissions publicly invited for the Year 2000 • August to October Cryptography screening evaluation for 2000. • October Cryptographic Technique Symposium (explanation of the purposes of • CRYPTREC activities). • October to March Detailed evaluation of cryptographic techniques for 2000 • March Issue of CRYPTREC Report 2000 • CRYPTREC 2001 (April 2001 - March 2002) • April CRYPTREC Workshop (report on CRYPTREC activities in 2000) • August to September Cryptographic technique submissions for 2001 publicly invited. • October The CRYPTREC Cryptographic Submissions Briefing • October to March Detailed evaluation of the re-submissions in 2001 and other • cryptographic techniques deemed in need of evaluation. Screening • evaluation of new submissions in 2001. • January Cryptography Evaluation Workshop (Report on the actualities of • screening evaluation and detailed evaluation) • March Issue of CRYPTREC Report 2001

4. Evaluation methods of CRYPTREC • Coverage: • Public-key cryptographic techniques (confidentiality, signature, key sharing and authentication) • Symmetric-key cryptographic techniques (64-bit block ciphers, 128-bit block ciphers, stream ciphers, hash function and pseudo-random number generators) • Target: • Submitted cryptographic techniques (Cryptographic techniques submitted in response to the call for submissions by the CRYPTREC Evaluation Committee) • Other cryptographic techniques to be evaluated (Cryptographic techniques which are judged to be in need of evaluation, regardless of whether those are submitted or not) • Way of evaluation: • Screening evaluation (Primary evaluation of submitted cryptographic techniques to detect any obvious security problem or any problem associated with a third party’s implementation) • Detailed evaluation (Evaluation in such aspects as resistance to known methods of attack, parameter or key setting criteria and implementation prospect, to determine practicability for the e-Government) • Evaluator • Not only Japanese specialists, but also many foreign specialists were commissioned to do the actual evaluation work.

5. Cryptographic techniques listed up by CRYPTREC 2001 • Public-key cryptographic techniques • signature: DSA, ECDSA(ANSI X9.62), ECDSA(ECDSA in SEC1), RSA-PKCS#1 v1.5, RSA-PSS • confidentiality: RSA-OAEP • key sharing: DH, ECDH in SEC1 • Symmetric-key cryptographic techniques • 64-bit block ciphers: CIPHERUNICORN-E, Hierocrypt-L1, MISTY1, Triple DES • 128-bit block ciphers: Advanced Encryption Standard, Camellia, CIPHERUNICORN-A, Hierocrypt-3, RC6 Block Cipher, SC2000 • stream ciphers: MULTI-S01 • hash function: RIPEMD-160, SHA-1, draft SHA-256, draft SHA-384, draft SHA-512 • pseudo-random number generators: PRNG based on SHA-1

6. Objectives of CRYPTREC 2002 • Action policy of the Cryptographic Advisory Committee (16.05.2002) • CRYPTREC should continue to evaluate cryptographic techniques, formulate a draft list of recommended cryptographic techniques for procurement by an electronic government. It should also take into consideration how to conduct cryptographic module evaluation and cryptographic protocol evaluation. • Concrete objectives are: • to draft the list of recommended cryptographic techniques for procurement by an electronic government. • to draft a Guide Book for procurement of cryptographic techniques by an electronic government. • to consider how to conduct cryptographic module evaluation • to consider a framework of cryptographic evaluation after FY 2003, especially a monitoring system of cryptographic techniques recommended for procurement by an electronic government.

7. Structure of CRYPTREC 2002 Examination of Political Issues Technical Evaluation CRYPTREC Advisory Committee (Ministry of Public Management, Home Affairs, Posts and Telecommunications; Ministry of Economy, Trade and Industry) CRYPTREC Evaluation Committee (Telecommunications Advanced Organization of Japan (TAO) Information-technology Promotion Agency, Japan (IPA)) CRYPTREC Working Group to draft a Guide Book for Procurement of cryptographic techniques Symmetric-Key Cryptography Subcommittee Public-Key Cryptography Subcommittee

8. Future work of CRYPTREC • The future work of CRYPTREC is now under consideration. • The other issues, such as cryptographic module evaluation and monitoring of recommended cryptographic techniques may remain to be discussed in CRYPTREC in the fiscal year 2003.

9. Thank you