Interviews

Project Overview

What is CRYPTREC? Purpose and Organization of CRYPTREC

CRYPTREC (Cryptography Research and Evaluation Committees) is a project launched to evaluate and monitor the security of e-government-recommended cryptography and investigate and study appropriate implementation and operation methods of cryptography. Currently, it is jointly managed by the Digital Agency, the Ministry of Internal Affairs and Communications (MIC), the Ministry of Economy, Trade, and Industry (METI), the Information-technology Promotion Agency, Japan (IPA), and us, NICT. The original project (2000) aimed to compile a list of cryptographic techniques assessed to have excellent security and implementability for use in public organizations. The list produced by the project is called the CRYPTREC Ciphers List, and we believe that it is now referenced by many private companies and public institutions and has attracted a lot of attention from society.

As the project has been conducted for over 20 years, its structure has changed in the process. Against the backdrop of the growing interest in recent years in cryptographic techniques such as post-quantum cryptography, advanced cryptography, and lightweight cryptography, we not only evaluate their security and implementation but also focus on activities to promote their widespread use.

Introduction of Activities

Monitoring risks to cryptography and promoting the use of recommended cryptography

Because of the developments of quantum computers in recent years, the use of quantum computers is expected to advance research in various fields. Meanwhile, it is said that some of the cryptographic techniques currently in use will be insecure by quantum computers. It was announced in the 1990s that it was theoretically “possible” to break these cryptographic techniques. However, the question was when quantum computers with sufficient performance would appear. Experts have divergent opinions on the “when,” but the National Institute of Standards and Technology (NIST) has issued a report stating that such a quantum computer could be available by 2030. For this reason, post-quantum cryptographic schemes that can be secure even if quantum computers are put into practical use (post-quantum cryptography), NIST is preparing to adopt several post-quantum cryptographic schemes in standardization by around 2024 so that we can use them by 2030. The post-quantum cryptography to be adopted here is also expected to spread as an international standard. Preparations are also underway in Japan, and guidelines for post-quantum cryptography are being prepared in collaboration with university professors and corporate experts under CRYPTREC’s Cryptographic Technique Investigation Working Group.

Meeting the emerging needs of new fields in the future

In addition to post-quantum cryptography, other important topics include advanced cryptography and lightweight cryptography. Advanced cryptography is a general term for cryptography with additional functions such as access control and secure computation. Homomorphic encryption, which is used in “DeepProtect,” is one of them. Meanwhile, lightweight cryptography is a technology that can be implemented more compactly and with lower power consumption than those for conventional cryptography.

The demand for cryptographic techniques with lower power consumption and more compact implementation has been increasing in recent years. Guidelines for these cryptographic techniques are being prepared, with advanced cryptography, as well as post-quantum cryptography, scheduled for completion in FY2022, whereas that of lightweight cryptography is set to be completed in FY2023.

Operation of the Secretariat

The Security Fundamentals Laboratory is characterized by the collaboration of two subgroups: the Cryptographic Proposal Subgroup and the Security Evaluation Subgroup. The perspectives of both teams are needed in various aspects of managing the project secretariat, such as deciding what to include in the guidelines and who is in charge, checking manuscripts written by experts, and so on. For this reason, members of both teams participate in the project as secretariat.

Future Prospects

The security compromise in cryptography is an issue that significantly impacts the digital society. In this regard, CRYPTREC is a long-running project of great social significance, which has been undertaken to anticipate and prepare for possible future risks. CRYPTREC has continued steadily for a long time in predicting and preparing for possible future risks, and we believe that it will continue to play an important role in society.