Enhancing information security

Cryptographic Technology Research and Evaluation Activities

Cryptography is the key technology for the confidentiality and authentication of data. Its various functions are utilized in the network society to ensure the security to protect valuable personal and/or corporate information. To realize a secure IT society, IPA are working aggressively on monitoring the security of cryptography, conducting various surveys on cryptography, and publishing documents on the appropriate use of cryptography.

CRYPTREC (Cryptography Research and Evaluation Committees)

 IPA has originally launched CRYPTREC to promote cryptographic technology research and evaluation in 2000. Currently, CRYPTREC is jointly constituted with the Ministry of Internal Affairs and Communication (MIC), the Ministry of Economy, Trade and Industry (METI), the National Institute of Information and Communication Technology (NICT) and IPA. CRYPTREC has missions to contribute making "the list of ciphers that should be referred to in the procurement for the e-Government system (CRYPTREC Ciphers List)," as well as to evaluate and monitor the security of CRYPTREC ciphers, and to publish fruitful guidelines on the appropriate use of cryptography.

Guidelines & Documents

IPA publishes following documents on the appropriate use of cryptography.

  • Guidelines & Guidance: e.g., Guideline for TLS server configuration settings, General Design Principles for Cryptographic Key Management Systems
  • Translation documents of NIST Special Publications on Cryptography: e.g. SP800-57, SP800-130

Security Evaluation and Certification Schemes

IPA established two third-party security evaluation and certification schemes for cryptographic products; JCMVP (Japan Cryptographic Module Validation Program) and JISEC (Japan Information Technology Security Evaluation and Certification Scheme).

  • The objective of JCMVP is to evaluate and validate whether cryptographic modules consisting of hardware, software and/or firmware components in which Approved Security Functions (e.g. cryptographic algorithms within CRYPTREC Ciphers List) are implemented appropriately protect the security functions, cryptographic keys, passwords and other sensitive information stored therein.
  • The objective of JISEC is to evaluate and certify whether security functions in various kinds of IT products are properly designed and correctly implemented from the viewpoint of information security, based on International Standard “ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation.” Japan became a participant to Common Criteria Recognition Arrangement (CCRA) as Certificate Authorizing Participants.