CRYPTREC 2000 CRYPTREC Report 2000 (Provisional Translation) March 2001 Information Technology Promotion Agency, Japan The Security Center CRYPTREC 2000 Index Introduction ...................................................................................................................................................1 On the CRYPTREC Evaluation Committee Report.......................................................................................3 Information for Readers of This Report.........................................................................................................6 1. Overview of Cryptographic Technique Evaluation.....................................................................................7 2. Solicited Cryptographic Techniques ........................................................................................................14 2.1 Categories of Solicited Cryptographic Technique..................................................................................14 2.2 Public-key cryptography........................................................................................................................16 2.2.1 Public-Key Cryptosystem for Confidentiality ......................................................................................16 2.2.2 Public-Key Cryptosystem implementing Signature Function..............................................................18 2.2.3 Public-Key Cryptosystem Implementing Authentication Function ......................................................19 2.2.4 Public-Key Cryptosystem Implementing Key Sharing Function .........................................................21 2.3 Symmetric Cipher Technology ..............................................................................................................23 2.3.1 Block Ciphers.....................................................................................................................................23 2.3.2 Stream Ciphers ..................................................................................................................................25 2.4 Hash Functions.....................................................................................................................................26 2.5 Pseudo-random Number Generating Scheme......................................................................................26 3. Overview of Cryptographic Technique Evaluation...................................................................................27 3.1 Purpose of the Evaluation.....................................................................................................................27 3.2 Screening Evaluation and Detailed Evaluation .....................................................................................28 3.3 Evaluation Criteria for Asymmetric Cryptographic Schemes.................................................................29 3.3.1 Security Evaluation Criteria................................................................................................................29 3.3.2 Evaluation of Software Implementation..............................................................................................30 3.4 Evaluation Criteria for Symmetric Cryptographic Schemes ..................................................................31 3.4.1 Security Evaluation Criteria................................................................................................................31 3.4.2 Evaluation of Software Implementation..............................................................................................36 3.4.3 Evaluation of Hardware Implementation ............................................................................................38 3.5 Evaluation Method of Hash Functions ..................................................................................................38 3.6 Evaluation Method of Pseudo-random Number Generating Techniques...............................................39 4. Evaluation of Public Key Cryptography................................................................................................40 4.1 General Comments....................................................................................................................…….. 40 4.1.1 List of Public Key Cryptographic Techniques as Targets of Detailed Evaluation.........................40 4.1.2 General Comments on Public Key Cryptographic Techniques.......................................................41 4.2 Evaluation Classified by Function......................................................................................................48 4.2.1 Signature........................................................................................................................................…48 i CRYPTREC 2000 4.2.2 Confidentiality....................................................................................................................................51 4.2.3 Key Sharing........................................................................................................................................61 4.3 Evaluation Based on Security Evidence..............................................................................................67 4.3.1 Integer Factoring Problem................................................................................................................67 4.3.2 Discrete Logarithm Problem...............................................................................................…..........73 4.3.3 Elliptic Curve Discrete Logarithm Problem......................................................................…...........82 4.4 Evaluation of Individual Cryptosystems..............................................................................…...........88 4.4.1 ACE Sign..............................................................................................................…...........................88 4.4.2 ESIGN-Signature................................................................................................…......................….91 4.4.3 RSA-PSS............................................................................................................................................98 4.4.4 DSA..................................................................................................................................................102 4.4.5 ECDSA in SEC1...............................................................................................................................104 4.4.6 MY-ELLTY ECMR-160/192/OEF-h.................................................................................................112 4.4.7 EPOC-1............................................................................................................................................123 4.4.8 EPOC-2.............................................................................................................................................130 4.4.9 EPOC-3.......................................................................................................................................…..136 4.4.10 HIME-1...........................................................................................................................................142 4.4.11 HIME-2...........................................................................................................................................154 4.4.12 RSA-OAEP......................................................................................................................................166 4.4.13 ACE Encrypt..................................................................................................................................172 4.4.14 ECAES in SEC1.............................................................................................................................176 4.4.15 PSEC-1...........................................................................................................................................185 4.4.16 PSEC-2...........................................................................................................................................191 4.4.17 PSEC-3...........................................................................................................................................196 4.4.18 DH..................................................................................................................................................202 4.4.19 ECDHS in SEC1............................................................................................................................205 4.4.20 ECMQVS in SEC1.........................................................................................................................212 4.4.21 HDEF-ECDH.................................................................................................................................220 5. Evaluation of Symmetric Ciphers........................................................................................................229 5.1 Evaluation by Encryption Type..........................................................................................................229 5.1.1 64-bit Block Ciphers........................................................................................................................229 5.1.2 128-bit Block Ciphers......................................................................................................................241