Specifications of CRYPTREC Ciphers List

“The list of ciphers that shoud be referred to in the procurement of the e-Government system(CRYPTREC Ciphers List)”(last revision: May 16,2024, CRYPTREC LS-0001-2022R1) consists of three lists: “e-Government Recommended Ciphers List”, “Candidate Recommended Ciphers List” and “Monitored Ciphers List”.
The specifications of the ciphers in these lists are shown in the following tables. Please note that the ciphers listed in the “CRYPTREC Ciphers List” are limited to those in the following tables. For the specifications of the ciphers in the previous “e-Government Recommended Ciphers List”, please refer to “Specifications of e-Government Recommended Ciphers”.

Specifications of ciphers in the e-Government Recommended Ciphers List

Classification Cipher Specification
Public key ciphers Signature DSA NIST FIPS PUB 186-4
ECDSA SEC 1: Elliptic Curve Cryptography (September 20, 2000 Version 1.0) (*2)
or
ANS X9.62-2005 (*1)
EdDSA Edwards-Curve Digital Signature Algorithm (EdDSA), RFC 8032 (January, 2017)
or
NIST FIPS PUB 186-5
RSA-PSS PKCS #1: RSA Cryptography Specifications Version 2.2, RFC 8017 (November, 2016)
RSASSA-PKCS1-v1_5 PKCS #1: RSA Cryptography Specifications Version 2.2, RFC 8017 (November, 2016)
Confidentiality RSA-OAEP PKCS #1: RSA Cryptography Specifications Version 2.2, RFC 8017 (November, 2016)
Key exchange DH ANS X9.42-2003 (*1)
or
Specified as FFC DH primitive in NIST SP 800-56A Revision 2 (May 2013)
ECDH SEC 1: Elliptic Curve Cryptography (September 20, 2000 Version 1.0) (*2)
or
Specified as C(2e, 0s, ECC CDH) in NIST SP 800-56A Revision 2 (May 2013)
Symmetric key ciphers 64-bit block ciphers NA
128-bit block ciphers AES NIST FIPS PUB 197
Camellia Algorithm specifications of 128-bits block cipher Camelia (2nd version: September 26, 2001)
Stream ciphers KCipher-2 Stream Cipher KCipher-2 (March 31, 2017 Version1.2)
Hash functions SHA-256 NIST FIPS PUB 180-4
SHA-384 NIST FIPS PUB 180-4
SHA-512 NIST FIPS PUB 180-4
SHA-512/256 NIST FIPS PUB 180-4
SHA3-256 NIST FIPS PUB 202
SHA3-384 NIST FIPS PUB 202
SHA3-512 NIST FIPS PUB 202
SHAKE128 NIST FIPS PUB 202
SHAKE256 NIST FIPS PUB 202
Modes of operation Encryption modes CBC NIST SP 800-38A
CFB NIST SP 800-38A
CTR NIST SP 800-38A
OFB NIST SP 800-38A
XTS NIST SP 800-38E
Authenticated encryption modes CCM NIST SP 800-38C
GCM NIST SP 800-38D
Message authentication codes CMAC NIST SP 800-38B
HMAC NIST FIPS PUB 198-1
Authenticated encryption ChaCha20-Poly1305 ChaCha20 and Poly1305 for IETF Protocols, RFC 8439 (June 2018)
Entity authentication ISO/IEC 9798-2 (*1) ISO/IEC 9798-2:2008,
ISO/IEC 9798-2:2008/Cor 1:2010,
ISO/IEC 9798-2:2008/Cor 2:2012,
ISO/IEC 9798-2:2008/Cor 3:2013
ISO/IEC 9798-3 (*1) ISO/IEC 9798-3:1998,
ISO/IEC 9798-3:1998/Amd 1:2010,
ISO/IEC 9798-3:1998/Cor 1:2009,
ISO/IEC 9798-3:1998/Cor 2:2012
ISO/IEC 9798-4(*1) ISO/IEC 9798-4:1999,
ISO/IEC 9798-4:1999/Cor 1:2009,
ISO/IEC 9798-4:1999/Cor 2:2012

(*1) Specifications can be purchased from Japanese Standards Association.
(*2) A newer version has been published. CRYPTREC is considering the change of reference.

When a specification is linked to outside of this domain, the specification is managed by the linked organization.
If you find a broken link, please inform it to CRYPTREC Secretariat.

Specifications of ciphers in the Candidate Recommended Ciphers List

Classification Cipher Specification
Public key ciphers Signature NA
Confidentiality NA
Key exchange PSEC-KEM PSEC-KEM specification (April 14, 2008)
Symmetric key ciphers 64-bit block ciphers CIPHERUNICORN-E Cryptographic specifications CIPHERUNICORN-E (May 8, 2002)
Hierocrypt-L1 Cryptographic specifications :Hierocrypt-L1 (May 2002)
MISTY1 Cryptographic specifications MISTY1 (updated May 13, 2002)
128-bit block ciphers CIPHERUNICORN-A Cryptographic specifications CIPHERUNICORN-A (May 8, 2002)
CLEFIA The 128-bit Blockcipher CLEFIA Specification Version 1.0 (January 29, 2010)
Hierocrypt-3 Specification on a Block Cipher : Hierocrypt-3 (May 2002)
Stream ciphers MUGI Pseudo random number generator MUGI specifications, version 1.3 (May 14, 2002)
Enocoro-128v2 Pseudorandom Number Generator Enocoro, Specification Ver. 2.0 (2 February 2010)
MULTI-S01 Specifications MULTI-S01; Ciphers, Version 1.2 (May 14, 2002)
Hash functions NA
Modes of operation Encryption modes NA
Authenticated encryption modes NA
Message authentication codes PC-MAC-AES Specification of Cryptographic Technique PC-MAC-AES (February 3, 2010)
Authenticated encryption NA
Entity authentication NA

(*1) Specifications can be purchased from Japanese Standards Association.

When a specification is linked to outside of this domain, the specification is managed by the linked organization.
If you find a broken link, please inform it to CRYPTREC Secretariat.

Specifications of ciphers in the Monitored Ciphers List

Classification Cipher Specification
Public key ciphers Signature NA  
Confidentiality RSAES-PKCS1-v1_5 PKCS #1: RSA Cryptography Specifications Version 2.2, RFC 8017 (November, 2016)
Key exchange NA  
Symmetric key ciphers 64-bit block ciphers 3-key Triple DES NIST SP 800-67 Revision 2 (November 2017)
128-bit block ciphers NA
Stream ciphers NA
Hash functions RIPEMD-160 The hash function RIPEMD-160
SHA-1 NIST FIPS PUB 180-4
Modes of operation Encryption modes NA  
Authenticated encryption modes NA  
Message authentication codes CBC-MAC ISO/IEC 9797-1:2011 (*1)
Authenticated encryption NA  
Entity authentication NA  

(*1) Specifications can be purchased from Japanese Standards Association.

When a specification is linked to outside of this domain, the specification is managed by the linked organization. If you find a broken link, please inform it to CRYPTREC Secretariat.

Contact: CRYPTREC Secretariat