Title:J2016S-07-03.indd p203 2017/03/15/ 水 09:19:08 7 Security Fundamental Technologies 7-3 CRYPTREC Activities and a Revision of the e-Government Recommended Ciphers List Takashi KUROKAWA, Sachiko KANAMORI, Ryo NOJIMA, Miyako OHKUBO, and Shiho MORIAI In this paper, we show activities of CRYPTREC carried out by the security fundamentals laboratory between fiscal year 2011 and fiscal year 2015. We focus on “CRYPTREC Ciphers List” revised in fiscal year 2012 which has been issued as the “e-Government Recommended Ciphers List” since fiscal year 2002. We also note an outline of the present activities. 1 Introduction nology expected to be used in e-Government. CRYPTREC is an acronym for Cryptography Research Cryptographic Module Committee*2 and Evaluation Committees. This project evaluates and This committee creates security requirements and test- monitors the security of cryptographic technology, and ing requirements for cryptographic modules that comply surveys and studies appropriate implementation methods with the e-Government Recommended Ciphers, and sur- and operation methods for cryptographic technology. The veys and studies evaluations of implementation aspects for work to amend the e-Government Recommended Ciphers amendment of the e-Government Recommended Ciphers List*1 started during the 2nd Medium-term Plan was done List. in both the 2nd and 3rd Medium-term Plan. After the amending of the e-Government Recommended Ciphers Cryptographic Operation Committee*2 List, CRYPTREC’s organization was changed, and the This committee has been set up to create the new e- content of its activities also changed. This paper first -de Government Recommended Ciphers List (hereinafter re- scribes CRYPTEC’s organization in Section 2. Next, ferred to as the CRYPTREC Ciphers List*3), and it conducts Section 3 describes the amendment of the e-Government surveys and studies on the appropriate operation of the Recommended Ciphers List. Section 4 describes the ac- tivities in the 3rd Medium-term Plan. Finally, future issues are discussed. Former CRYPTREC Organization Advisory Board for Cryptographic Technology (Secretariat: MIC, METI) 2 Organization of CRYPTEC Cryptographic Scheme Cryptographic Modules Cryptographic Operation Committee Committee Committee (Secretariat: NICT, IPA) (Secretariat: NICT, IPA) (Secretariat: NICT, IPA) (1) Monitoring e-Government (1) Investigation/Examination of (1) Investigation/examination for an Recommended Ciphers cipher implementation techniques appropriate operation of e- 2.1 Organization from Fiscal 2009 to Fiscal 2012 (2) Investigation/examination to keep the and attacks for cryptographic Government recommended ciphers security and the reliability of the modules from the viewpoint of system e-Government Recommended Ciphers (2) Evaluation of cipher implementation designers and system providers Towards amendment of the e-Government (3) Security Evaluation of ciphers for the techniques for the revision of the revision of the CRYPTREC ciphers list CRYPTREC ciphers list Cryptographic Techniques Side Channel Security Recommended Ciphers List, CRYPTEC was reorganized Study WG WG starting in fiscal 2009, as shown inFig. 1. The activities of the Cryptographic Scheme Committee mainly handled by the Security Fundamentals Laboratory are described below. FFig. 1 Former CRYPTREC organization chart (from fiscal 2009 to fiscal 2012) Cryptographic Scheme Committee ＊1 CRYPTEC’s activities during the 2nd Medium-term Plan (from fiscal 2006 to This committee monitors the security of cryptographic fiscal 2010) mainly handled by the Security Fundamental Laboratory were de- technology included in the e-Government Recommended scribed in [1][4]–[9]. ＊2 The Information-technology Promotion Agency, Japan was mainly in charge of Ciphers List, evaluates the security of cryptographic tech- this work. nology for amendment of the e-Government Recommended ＊3 It had a tentative name until before the fiscal 2012 amendment, but at the time of the fiscal 2012 amendment, it was formally named the “CRYPTREC Ciphers Ciphers List, and surveys and studies cryptographic tech- L i s t .” 203 Title:J2016S-07-03.indd p204 2017/03/15/ 水 09:19:08 7 Security Fundamental Technologies CRYPTREC Ciphers List for use in e-Government systems, tations of cryptographic technology etc., from the viewpoints of IT system designers and op- (2) Surveys new-generation cryptography (lightweight erators. cryptography, post-quantum cryptography, etc.) (3) Surveys secure methods of using cryptographic 2.2 Organization from Fiscal 2013 to Fiscal 2015 technology (maintenance of technical guidelines, After the amendment of the e-Government academic surveys and publications on security, etc.) Recommended Ciphers List, it was reorganized in fiscal 2013 as shown in Fig. 2. The activities of the Cryptographic Technology Evaluation Committee mainly handled by the Security Fundamentals Laboratory are described below. CRYPTREC Organization Advisory Board for Cryptographic technology (Secretariat: MIC, METI) Cryptographic Technology Evaluation Committee Cryptographic Technology Cryptographic Technology This committee was established in fiscal 2013. It took Evaluation Committee Promotion Committee (Secretariat: NICT, IPA) (Secretariat: NICT, IPA) over the activities which were handled by the Cryptographic (1) Monitoring and evaluation of the security and (1) Research on the promotion of cryptographic implementation properties of the cryptographic technologies and the strengthening of IT security technology industries (2) Research on new-generation cryptographic (2) Research on the utilization status of cryptographic Scheme Committee from fiscal 2009 to fiscal 2012, and part technology technologies and research of their promotion strategy (3) Research on secure utilization of cryptographic (3) Research on the strategy of cryptographic policy from of the activities of the Cryptographic Module Committee. technology mid-and-long term viewpoints Cryptanalysis Evaluation WG, Operational Guideline WG, Specifically, it surveys and studies the matters described Lightweight Cryptography WG Standardization Promotion WG below in (1) to (3). FFig. 2 CRYPTREC organization chart (from fiscal 2013 to fiscal (1) Monitors and evaluates the security and implemen- 2015) TTable 1 List of dates for committee meetings held during 3rd Medium- to Long-Term Plan (1) Fiscal 2011 Fiscal 2012 Cryptographic Scheme First August 5, 2011 First June 8, 2012 Committee Second February 24, 2012 Second July 24, 2012 Third (Joint) March 9, 2012 Third October 9, 2012 Fourth March 5, 2013 Fifth (Joint) March 26, 2013 Cryptanalysis Evaluation First November 14, 2011 First August 29, 2012 Working Group (List Guide) Second January 24, 2012 Second December 20, 2012 Third (Joint) March 9, 2012 Third February 25, 2013 Fourth (Joint) March 26, 2013 Cryptanalysis Evaluation First October 6, 2011 First December 21, 2012 Working Group (Computer Second December 21, 2011 Second February 22, 2013 Performance Evaluation) Third (Joint) March 9, 2012 Third (Joint) March 26, 2013 Cryptographic Module First September 12, 2011 First July 5, 2012 Committee Second December 19, 2011 Second September 4, 2012 Third February 13, 2012 Third October 9, 2012 Fourth (Joint) March 9, 2012 Fourth March 14, 2013 Fifth (Joint) March 26, 2013 Side Channel Security Working First December 19, 2011 First July 5, 2012 Group Second February 13, 2012 Second March 14, 2013 Third (Joint) March 9, 2012 Third (Joint) March 26, 2013 Cryptographic Operation First September 21, 2011 First June 8, 2012 Committee Second November 18, 2011 Second July 25, 2012 Third January 27, 2012 Third October 4, 2012 Fourth February 24, 2012 Fourth March 1, 2013 Fifth (Joint) March 9, 2012 Fifth (Joint) March 26, 2013 *Usage Survey September 24, 2012 Report Meeting *Joint Committee (Committee November 15, 2012 Chairs Meeting) 204 Journal of the National Institute of Information and Communications Technology Vol. 63 No. 2 (2016) Title:J2016S-07-03.indd p205 2017/03/15/ 水 09:19:08 7-3 CRYPTREC Activities and a Revision of the e-Government Recommended Ciphers List Cryptographic Technology Promotion Committee 3 Amendment of e-Government This committee was established in fiscal 2013. It took Recommended Ciphers List (in the 3rd over the activities that were done in the Cryptographic Medium- to Long-term Plan) Operation Committee from fiscal 2009 to fiscal 2012, and part of the activities done in the Cryptographic Module During the 2nd Medium term Plan period, CRYPTEC Committee. Specifically, it surveys and studies the matters mainly did the following: described below in (1) to (3) (fiscal 2013 and fiscal 2014). (1) The draft outline for the revision of e-Government (1) Studies to support wider use of cryptography, and Recommended Ciphers List*4 strengthen the competitiveness of the security in- (2) Cryptographic techniques submissions for the revi- dustry sion of e-Government Recommended Ciphers List (2) Surveys the situation of cryptographic technology (fiscal 2009) use, studies necessary countermeasures, etc. (3) First security evaluations (3) Studies initiatives in cryptography policy, from Activities in the 3rd Medium- to Long-term Plan are medium and long term perspectives described below. Also, since fiscal 2015, aiming to contribute to the se- curity of IT systems overall, it started an initiative for 3.1 Second security evaluations surveys and studies for maintenance and creating opera- In the second evaluations, we continued an overall tions management. evaluation of submitted cryptographic