4-9 CRYPTRECActivities KUROKAWA Takashi and KANAMORI Sachiko In this paper, we show the activity of CRYPTREC between fiscal year 2006 and fiscal year 2010 in the security fundamentals group. We focus on compromise and migration of crypto- graphic algorithms, especially RSA1024 bit and SHA-1, and the revision of the e-Government Recommended Ciphers List. Keywords Cryptographic algorithm, Security evaluation, e-Government Recommended Ciphers List, Compromise, Life cycle 1 Introduction associated with security parameters that deter- mine the strength of security and has a lifetime The concept that the period from birth to in terms of assurance of security; therefore, the death of human beings is divided into growth concept of life cycle can be applied to it natu- processes, with the repetition of them being rally. Thus, ensuring the security of a crypto- regarded as a cycle, is called the “life cycle”. graphic algorithm is considered as an essential A product lifecycle is a similar concept to the action to determine its current stage in the life life cycle. For example, a product’s life can cycle. be divided into four stages in relation to the sales figures of the product: introduction stage, 2 AboutCRYPTREC which is a brief period after the product was launched onto the market, growth stage where CRYPTREC is an abbreviation of Cryp- the product is becoming more accepted in the tography Research and Evaluation Commit- market, maturity stage where the product has tees, and it refers to a project to evaluate and spread to most consumers in the market, and monitor the security of e-Government recom- decline stage where the sale of the product is mended ciphers, as well as to investigate and declining. Similarly, the life cycle of system examine the appropriate implementation/oper- development for information communica- ation methods of cryptographic techniques. tion can be divided into five processes: plan- It started in 2000 when the Information- ning process, requirements definition process, Technology Promotion Agency, Japan (IPA) development process, operation process, and was commissioned a research project from maintenance process. the Ministry of International Trade and Indus- A computer algorithm is a description of an try (current Ministry of Economy, Trade and execution procedure to compute a solution for Industry) as a part of an e-Government infor- a problem. We think that it will work perma- mation security technology development proj- nently because its correctness is proven math- ect, to organize an evaluation committee in ematically and then it may be inappropriate to order to evaluate technical aspects, such as apply the concept of life cycle to a computer security and performance, of cryptographic algorithm. On the other hand, a cryptographic techniques applicable to e-Government, and algorithm, a kind of computer algorithm, is acted as the secretariat for the committee. KUROKAWA Takashi and KANAMORI Sachiko 249 Since 2001, Telecommunications Advance- sion of the commercial use of the Internet, ment Organization of Japan (which was later the regulations for cryptographic techniques merged with Communications Research Labo- for signature and authentication are becoming ratory to become National Institute of Informa- more relaxed. In addition, the National Insti- tion and Communications Technology (NICT)) tute of Standards and Technology (NIST) in has been participating in the joint secretariat the United States promoted a project to adopt for the committee. In addition to the commit- a new Advanced Encryption Standard (AES) tee, the Director-General for Technology Pol- (from 1997 to 2000). As for the international icy Coordination, Minister’s Secretariat, Min- standards, the register of cryptographic algo- istry of Internal Affairs and Communications rithm ISO 9979 started to be replaced with the (MIC) and the Director-General, Commerce standardization of cryptographic algorithm for and Information Policy Bureau, Ministry of confidentiality ISO/IEC 18033. As such, the Economy, Trade and Industry (METI) estab- momentum of standardization was increasing lished the Advisory Board for Cryptographic around 2000. Technology in order to contribute specialists’ In terms of Japan’s policy, the IT Strategy opinions into the measures of the both min- Council of the Cabinet Secretariat established istries to promote information security policy the “e-Japan Priority Policy” at the end of FY by diffusing cryptographic technologies. Since 2000, the description of which includes the FY 2008, the Director-General for Technol- following: “In order to adopt cryptographic ogy Policy Coordination was changed to the techniques with superior performance whose Director General for Secretariat’s Policy Mat- security has been objectively evaluated, by ters (both Minister’s Secretariat, Ministry of FY 2002 we will evaluate and standardize Internal Affairs and Communications), which cryptographic techniques that will be help- was again changed to the Director-General for ful in e-government applications and the like. Policy Planning, Ministry of Internal Affairs This will be accomplished by holding advi- and Communications from FY 2010. sory committee meetings and the like involv- ing experts, in consideration of international 3 Backgroundoftheestablishment standardization of cryptographic techniques by ofCRYPTREC organizations such as the International Organi- zation for Standardization (ISO) and the Inter- It is essential to ensure the security and national Telecommunication Union (ITU)”. reliability of information and communica- tion technology to realize electronic com- 4 OrganizationofCRYPTREC merce over telecommunication network. With the rapid expansion of the Internet worldwide, 4.1 Theorganizationuntiltheendof there are growing concerns about threats FY2008 such as distributed denial of service (DDoS) Following the open call for cryptographic attacks, computer viruses, illegal access, and techniques in FY 2000 and FY 2001 and the spoofing, and cryptographic techniques have evaluation of cryptographic techniques from been introduced as technical countermeasures. FY 2000 to FY 2002, a list of ciphers that In short, cryptographic techniques are increas- should be recommended for use in the pro- ingly utilized not only for the confidentiality of curement of “e-Government” (e-Government information but also to ensure the authenticity Recommended Ciphers List (Fig. 1)) was estab- and integrity of information. lished and published in February, 2003. How- Traditionally, cryptographic techniques ever, further activities were required in order have been regarded as arms to protect the con- to ensure the security and reliability, which fidentiality of information from the standpoint involved collecting information and evaluating of trade control; however, due to the expan- the security of each cipher on the list, as well 250 Journal of the National Institute of Information and Communications Technology Vol. 58 Nos. 3/4 2011 e-Government Recommended Ciphers List February 20, 2003 The Ministry of Internal Affairs and Communication The Ministry of Economy, Trade and Industry Category of technique Name DSA ECDSA Name RSASSA-PKCS1-v1_5 RSA-PSS Public-key cryptographic RSA-OAEP techniques Confidentiality RSAES-PKCS1-v1_5(Note1) DH Key agreement ECDH PSEC-KEM(Note2) CIPHERUNICORN-E Hierocrypt-L1 64-bit block ciphers(Note 3) MISTY1 3-key Triple DES(Note4) AES Symmetric- key Camellia cryptographic 128-bit block ciphers CIPHERUNICORN-A techniques Hierocrypt-3 SC2000 MUGI Stream ciphers MULTI-S01 128-bit RC4(Note5) RIPEMD-160(Note6) SHA-1(Note6) Hash functions SHA-256 Other SHA-384 techniques SHA-512 PRNG based on SHA-1 in ANSI X9.42-2001 Annex C.1 Pseudo-random PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change notice 1) Appendix 3.1 number generators (Note7) PRNG based on SHA-1 for general purpose in FIPS 186-2 (+ change notice 1) revised Appendix 3.1 Notes： (Note1) This is permitted to be used for the time being because it was used in SSL3.0/TLS1.0. (Note2) This is permitted to be used only in the KEM（Key Encapsulation Mechanism）-DEM(Data Encapsulation Mechanism) construction. (Note3) When constructing a new system for e-Government, 128-bit block ciphers are preferable if possible. (Note4) The 3-key Triple DES is permitted to be used for the time being under the following conditions: 1) It is specified as FIPS 46-3 2) It is positioned as the de facto standard (Note5) It is assumed that 128-bit RC4 will be used only in SSL3.0/TLS (1.0 or later). If any other cipher listed above is available, it should be used instead. (Note6) If a longer hash value is available when constructing a new system for e-Government, it is preferable to select a 256-bit (or more) hash function. However, this does not apply to the case where the hash function is designated to be used in the public-key cryptographic specifications. (Note7) Since pseudo-random number generators do not require interoperability due to their usage characteristics, no problems will occur from the use of a cryptographically secure pseudo-random number generating algorithm. These algorithms are listed as examples. Fig.1 E-Government Recommended Ciphers List (current list) as announcing the updated information and graphic Technique Investigation WG has been making changes (including deletions) to the established under the Subcommittee, to engage e-Government Recommended Ciphers List as in examination activity aimed at assisting the needed. To achieve this, the organization has activities