About CRYPTREC

1. About CRYPTREC

CRYPTREC is an abbreviation of Cryptography Research and Evaluation Committees, and it refers to a project to evaluate and monitor the security of e-Government recommended ciphers, as well as to examine the establishment of evaluation criteria for cryptographic modules.
It consists of the Advisory Board for Cryptographic Technology (chairperson, Tsutomu Matsumoto; a professor at Yokohama National University), which is jointly constituted by the Digital Agency, the Ministry of Internal Affairs and Communication (MIC) and the Ministry of Economy, Trade and Industry (METI); the Cryptographic Technology Evaluation Committee (chairperson, Tsuyoshi Takagi; a professor at The University of Tokyo) and Cryptographic Technology Promotion Committee (chairperson, Tsutomu Matsumoto; a professor at Yokohama National University), which are jointly constituted by the National Institute of Information and Communication Technology (NICT) and the Information-technology Promotion Agency, Japan (IPA).

2. Background and purpose

It is necessary to assure security of e-Government, and it is indispensable to use a cryptographic technique that is excellent in security, in order to construct a state-of-the-art IT nation in the world, which our country is aiming at, currently. To this end, the cryptographic technique evaluation project was organized for the scheduled period of three years, beginning in the 2000 fiscal year, to list up the cryptographic techniques that are judged to be excellent in security and implementation by objective evaluation, and this project was named CRYPTREC (Cryptography Research and Evaluation Committees).

CRYPTREC evaluated and examined cryptographic techniques publicly applied and the cryptographic techniques widely used in industries, and selected those that were excellent in security and implementation. Based on these evaluation results, MIC and METI publicized, on February 20, 2003, the list of ciphers that are recommended for the procurement of “e-Government” (e-Government Recommended Ciphers List). The “Policy for the use of ciphers in information system procurement of each governmental agency” was approved by the administrative-information-system-related division managers' liaison meeting on February 28, 2003, to the effect that the use of ciphers enumerated in the e-Government Recommended Ciphers List must be promoted, as much as possible, when using ciphers to construct the information system of each agency.

MIC and METI decided to continue the activities of the CRYPTREC project even after the 2003 fiscal year, in order to ensure the security and reliability of e-Government. In addition, the Cryptographic Technique Monitoring Subcommittee was newly established, to monitor and investigate the security of ciphers enumerated in the e-Government Recommended Ciphers List, and also, the Cryptographic Module Subcommittee was organized, seeking to establish evaluation criteria in Japan for the cryptographic modules in which ciphers are implemented.

The CRYPTREC Advisory Committee decided to update Organization of CRYPTREC for revision of e-Government Recommended Ciphers List, on July 10th, 2009. The CRYPTREC Advisory Committee shifted to the Advisory Board for Cryptographic Technology, the Cryptographic Technique Monitoring Subcommittee shifted to the Cryptographic Scheme Committee, and the Cryptographic Module Subcommittee shifted to the Cryptographic Module Committee. The Cryptographic Operation Committee was newly held to carry out investigation/examination for an appropriate operation of e-government recommended ciphers.

Cryptographic technologies which were listed in e-Government Recommended Cipher List, publicly-applied for the list revision in 2009 and were selected by executive officers were evaluated and examined in the light of their security, implementing performance and track record of use. Based on this evaluation result, CRYPTREC reformed the existing list as “the list of ciphers that should be recommended for use in the procurement of e-Government (CRYPTREC ciphers list)” at March 2013.

The Advisory board for Cryptographic Technology reorganized CRYPTREC in two-committee organization of the Cryptographic Technology Evaluation Committee and the Cryptographic Technology Promotion Committee from April, 2013. The Cryptographic Technology Evaluation Committee carries out the technical examination mainly on the security evaluation of cryptographic technologies. The Cryptographic Technology Promotion Committee carries out the examination on the enhancement of international competitiveness in cryptographic technologies and the operation side of security improvements.

The Digital Agency participated in the CRYPTREC project with the launch of the Digital Agency in 2021.