CRYPTREC Ciphers List

The list of ciphers that should be referred to in the procurement for the e-Government system (CRYPTREC Ciphers List)

The Digital Agency, MIC and the METI are evaluating the cryptographic technology used in e-Government through the CRYPTREC activity, and decided upon “The list of ciphers that should be referred to in the procurement for the e-Government system (CRYPTREC Ciphers List)” (Last update: 2022/3/30, CRYPTREC LS-0001-2012R7) as a revision of “e-Government Recommended Ciphers List” (February 20, 2003 official announcement).
CRYPTREC Ciphers List consists of “e-Government Recommended Ciphers List”, “Candidate Recommended Ciphers List” and “Monitored Ciphers List”.
In “Common Standards for Cyber Security Measures for Government Agencies and Related Agencies” (published by Cybersecurity Strategic Headquarters, July 7th, 2021), the “e-Government Recommended Ciphers List” is referred as below for information system procurement in governmental organizations.

Standards for Cryptographic Strength Requirements (Algorithm and Key Length Selection)

It should be noted that many of the cryptographic techniques on the CRYPTREC Cryptographic List allow multiple key lengths for a single algorithm and that the security strength and efficiency will depend on the key length used. So, CRYPTREC decided upon “Standards for Cryptographic Strength Requirements (Algorithm and Key Length Selection),” which specified how to select algorithms and key lengths to achieve appropriate security strength in consideration of the operation period of the information system when using cryptographic techniques listed in the CRYPTREC Ciphers List (First release: June 2022).
Note that, if a key length is used that does not conform to the provisions of this document regarding the key length to be used, it is NOT considered to be using a cryptographic technique on the e-Government Recommended Ciphers List.

Common Standards for Information Security Measures for Government Agencies and Related Agencies (Extract)

Information system security officers shall refer to the “e-Government Recommended Ciphers List” whose security and performance is confirmed by CRYPTREC (the Cryptography Research and Evaluation Committees) and shall establish operational methods of encryption and digital signature algorithm used on information systems, and safe protocol using it and operation method, which include the following items.

  • For encryption and digital signature algorism used by employees and safe protocol using it, ensure the one in the “e-Government Recommended Ciphers List” (CRYPTREC) is to be applied where possible.
  • When introducing encryption or digital signature upon implementations or updates of information systems, apply algorithms in the “e-Government Recommended Ciphers List” and safe protocol using it, expect for unavoidable circumstances.
  • Establish emergency response procedures in the event that the algorithm is compromised or in the event that a vulnerability is found in safe protocol using it.
  • Establish procedures for managing keys for decryption of encrypted information, and for granting digital signatures.

[References]