From Academic Kids

CRYPTREC is the Cryptography Research and Evaluation Committee set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by NIST in the US.


Comparison with NESSIE

There is some overlap, and some conflict, between the NESSIE selections and the CRYPTREC draft recommendations. Both efforts include some of the best cryptographers in the world, and actual (or apparent) conflicts in their selections and recommendations should be examined very carefully. For instance, CRYPTREC recommends several 64 bit block cyphers while NESSIE selected none, but CRYPTREC was obliged by its terms of reference to take into account existing standards and practices, while NESSIE was not. Similar differences in terms of reference account for CRYPTREC recommending at least one stream cypher, RC4, while the NESSIE report specifically said that it was notable that they had not selected any of those considered. RC4 is widely used in the SSL/TLS protocols; nevertheless, CRYPTREC recommended that it only be used with 128-bit keys. Essentially the same consideration led to CRYPTREC's inclusion of 160-bit message digest algorithms, despite their suggestion that they be avoided in new system designs. Also, CRYPTREC was unusually careful to examine variants and modifications of the techniques, or at least to discuss their care in doing so; this resulted in particularly detailed recommendations regarding them.

Background and sponsors

CRYPTREC includes members from Japanese academia, industry, and government. It was started in May 2000 by combining efforts from several agencies who were investigating methods and techniques for implementing 'e-Government' in Japan. Presently, it is sponsored by

  • the Ministry of Economy Trade and Industry,
  • the Ministry of Public Management, Home Affairs and Post and Telecommunications,
  • the Telecommunications Advancement Organization, and
  • the Information-Technology Promotion Agency.


It is also the organization providing technical evaluation and recommendations in regard to regulations implementing Japanese laws: examples include that on Electronic Signatures and Certification Services (Law 102 of FY2000, taking effect as from April 2001), the Basic Law on the Formulation of an Advanced Information and Telecommunications Network Society of 2000 (Law 144 of FY2000), and the Public Individual Certification Law of December 2002. Furthermore, CRYPTEC has responsibilities with regard to the Japanese contribution to the ISO/IEC JTC 1/SC27 standardization effort.

Techniques evaluated

The Committee issued public calls for submissions in June 2000 and in August 2001, and received a total of 63 submissions. In addition it compiled a list of techniques which were not directly submitted but which have been adopted as recommended techniques elsewhere and judged important (called indispensable cryptographic techniques), or whose evaluation was requested by other organizations or which had special legal significance in Japan (called specific evaluation target techniques).

The Committee has issued reports on its progress in 2001, 2002, and 2003, and produced a draft report and recommendation in August of 2003. The draft report recommends many cryptographic algorithms, protocols, and techniques, but some of them are recommended only conditionally. The list below includes the conditions noted (in italics).

Evaluated techniques (as of 2002)

NB: there is overlap between the two 'not submitted' groups. This arose from the history and has no other meaning.

indispensable cryptographic techniques (not submitted to CRYPTREC):

Public Key Algorithms (aka asymmetric key w/ public/private key property algorithms)
DSA (NIST Digital Signature Algorithm from the Digital Signature Standard FIPS Pub 186-2; ANSI X9.30, part 1)
ECDSA (ANSI X9.62) (Elliptic Curve Digital Signature Algorithm; ANSI X9.62, SEC1 by Standards for Efficient Cryptography Group - 2000)
key agreement
Diffie-Hellman (Diffie-Hellman -- ANSI X9.42-2001 specification only)
Symmetric Key Cypher Algorithms
64-bit block cyphers
DES (NBS(NIST)/NSA, FIPS Pub, and other, std)
Triple DES (Tuchman et al, FIPS Pub, and other, std)
128-bit block cyphers
AES (NIST Advanced Encryption Standard, FIPS Pub std)
Cryptographic Hash Algorithms
MD5 (Message Digest algorithm 5 (Rivest))
RIPEMD-160 RIPE project Message Digest at 160-bit length
SHA-1 (NIST/NSA Secure Hash Algorithm -- 160 bit digest)
SHA-256 (... 256 bit digest)
SHA-384 (... 384 bit digest)
SHA-512 (... 512 bit digest)
Cryptographic Pseudo-Random Number Generators
PRNG for DSA in FIPS Pub 186-2 Appendix 3
PRNG in ANSI X9.42-2001 Annex C.1/C.2
PRNG in ANSI X9.62-1998 Annex A.4
PRNG in ANSI X9.63-2001 Annex A.4
PRNG for general purpose FIPS Pub 186-2 (inc change notice 1) Appendix 3.1
PRNG in FIPS Pub 186-2 (inc change notice 1) revised Appendix 3.1/3.2

specific evaluation targets (not submitted to CRYPTREC):

Public Key Algorithms (aka asymmetric key w/ public/private key property algorithms)
ECDSA (in ANSI X9.62)
ESIGN (Nippon Telegraph and Telephone)
RSASSA-PKCS1 v1.5 (RSA Labs, 2002)
TSA-ESIGN (Trisection Size Hash ESIGN -- NTT)
RSAES-PKCS1 v1.5 (RSA Labs)
key agreement -- none in this group
Symmetric Key Cypher Algorithms
DES/Triple DES (40, 56 & 168 bit keys)
RC2 (40 & 128 bit keys)
SEED (S Korean Government standard block cypher, 128 bit key)
stream cyphers
RC4 (40 & 128 bit keys)
Cryptographic Hash Algorithms -- none in this group
Cryptographic Pseudo-Random Number Generators -- none in this group

submitted techniques:

Public Key Algorithms (aka asymmetric key w/ public/private key property algorithms)
ECIES(SEC1) (formerly ECAES, SECG 2000)
HIME(R) (Hitachi)
key agreement
ECDH(SEC1) (SECG 2000)
Symmetric Key Cypher Algorithms
64-bit block cyphers
128-bit block cyphers
RC6 (by Rivest; withdrawn by submitter and not further evaluated)
stream cyphers
Cryptographic Hash Algorithms -- none submitted
Cryptographic Pseudo-Random Number Generators -- none submitted

Recommended techniques (as of Nov 2002, pub in Aug 2003 draft report)

NB: italics denote contingent recommendation condition(s)
Public Key Algorithms (aka asymmetric key algorithms w/ public/private key property)

authentication -- none recommended
ECDSA (ANSI X9.62, SEC 1) (empirically secure)
---ESIGN (forgeable factor discovered does not have provable security)
---TSH-ESIGN (does not have provable security)
RSA-PSS (provably secure)
RSASSA-PKCS1 v1.5 (empirically secure)
---ECIES (vulnerable to chosen plaintext attacks)
---HIME(R) (no provable security, specification errors)
RSA-OAEP (provably secure)
RSAES-PKCS1 v1.5 (Permitted 'for the time being' (as empirically secure), due to use in SSL3.0/TSL1.0 -- use only with maximum caution)
key agreement
DH (empirically secure)
ECDH (empirically secure)
PSEC-KEM (recommended only in Data Encapsulation Mechanism construction w/ elliptic curve parameters as defined by SEC 1)

Symmetric Key Cypher Algorithms

64-bit block cyphers (128 bit block cyphers are preferable if possible)
3-key Triple DES (Permitted 'for the time being' if used as specified in FIPS Pub 46-3, and if specified as a de facto standard)
128-bit block cyphers -- only 128-bit block cyphers are recommended
stream cyphers
RC4 (128-bit keys only)

Cryptographic Hash Algorithms (256-bit or larger digests are to be preferred in new designs. The two 160-bit digest algorithms listed are acceptable if already included in a current public key specification)

RIPEMD-160 (160 bit digest)
SHA-1 (160 bit digest)

Cryptographic Pseudo-Random Number Generators -- those listed are examples only, none are recommended

RPNG based on SHA-1 in ANSI X9.42-2001 Annex C.1
PRNG based on SHA-1 for general purposes in FIPS Pub 186-2 (inc change notice 1) Appendix 3.1
PRNG based on SHA-1 for general purposes in FIPS Pub 186-2 (inc change notice 1) revised Appendix 3.1

External links

Block ciphers edit  (
Algorithms: 3-Way | AES | Akelarre | Blowfish | Camellia | CAST-128 | CAST-256 | CMEA | DEAL | DES | DES-X | FEAL | FOX | FROG | G-DES | GOST | ICE | IDEA | Iraqi | KASUMI | KHAZAD | Khufu and Khafre | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | MISTY1 | MMB | NewDES | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SEED | Serpent | SHACAL | SHARK | Skipjack | Square | TEA | Triple DES | Twofish | XTEA
Design: Feistel network | Key schedule | Product cipher | S-box | SPN   Attacks: Brute force | Linear / Differential cryptanalysis | Mod n | XSL   Standardisation: AES process | CRYPTREC | NESSIE   Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key

Academic Kids Menu

  • Art and Cultures
    • Art (
    • Architecture (
    • Cultures (
    • Music (
    • Musical Instruments (
  • Biographies (
  • Clipart (
  • Geography (
    • Countries of the World (
    • Maps (
    • Flags (
    • Continents (
  • History (
    • Ancient Civilizations (
    • Industrial Revolution (
    • Middle Ages (
    • Prehistory (
    • Renaissance (
    • Timelines (
    • United States (
    • Wars (
    • World History (
  • Human Body (
  • Mathematics (
  • Reference (
  • Science (
    • Animals (
    • Aviation (
    • Dinosaurs (
    • Earth (
    • Inventions (
    • Physical Science (
    • Plants (
    • Scientists (
  • Social Studies (
    • Anthropology (
    • Economics (
    • Government (
    • Religion (
    • Holidays (
  • Space and Astronomy
    • Solar System (
    • Planets (
  • Sports (
  • Timelines (
  • Weather (
  • US States (


  • Home Page (
  • Contact Us (

  • Clip Art (
Personal tools