- 概要
- 推奨暗号一覧
- Block ciphers
- Modes of operation
- Authenticated encryption
- Hash functions
- MAC functions (MAC based on block ciphers)
- MAC functions (MAC based on hash)
- Asymmetric algorithms (Key Agreement)
- Asymmetric algorithms (Signature/Encryption)
- Asymmetric algorithms (Signature) - デジタル署名のアルゴリズム
- Asymmetric algorithms (Padding)
- Asymmetric algorithms (Standardized elliptic curves)
- TLS version / Cipher suite (TLS 1.0 & TLS 1.1)
- TLS version / Cipher suite (TLS 1.2)
概要
Specification Link
Specification概要 (Requirements)
- Cryptographic Primitive(基本暗号方式)毎に、暗号アルゴリズムをDep、Leg、Recに分けている。
- 推奨のカテゴリ
- Dep (Deprecated)
- Leg (Legacy use until 2023)
- Rec (Recommended)。
- * Rec PQC : Post Quantum向けアルゴリズム(ここでは割愛)
- Reference
- ISO/IEC 10118-3:2018 : Information technology – Security techniques – Hash functions – Part 3: Dedicated hash functions
- ISO/IEC 14888-3:2018 : Information technology – Security techniques – Digital signatures with appendix – Part 3: Discrete logarithm based mechanisms
- ISO/IEC 18033-3:2010 : Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers
- IETF RFC 7748 : Elliptic Curves for Security
- BSI-CC-PP-0084 : Common Criteria Protection Profile. Security IC Platform Protection Profile with Augmentation Packages
推奨暗号一覧
Block ciphers
Deprecated
- DES
- 3DES (with 2 keys)
Legacy use until 2023
- 3DES (with 3 keys)
Recommended
- AES-128
- AES-192
- AES-256
- SM4 (128-bit block, 128-bit key)
Modes of operation
Deprecated
- ECB
- Electronic CodeBook mode (電子符号表モード)
- 平文ブロックをそのまま暗号化。平文ブロックがブロック長に満たない場合にはPaddingを行う。
- 平文ブロックと暗号文ブロックが1対1になるため、危険。
Legacy use until 2023
- CTS
- Cipher Text Stealing mode
Recommended
- CBC
- Cipher Block Chaining Mode (暗号ブロック連鎖モード)
- 平文ブロックは「1つ前の暗号文ブロック」とXORをとってから暗号化
- CTR
- CounTeR mode (カウンターモード)
- 1ずつ増加していくカウンタを暗号化して、鍵ストリームを作り出すストリーム暗号
- XTS (AES-based)
- AES-XTSとも呼ばれる。XEX encryption mode with tweak and ciphertext stealing
Authenticated encryption
Recommended
- AES-CCM with support for Additional Authenticated Data (AAD)
- AES-GCM with support for Additional Authenticated Data (AAD)
- AES-eGCM
Hash functions
Deprecated
- MD5
- SHA-1 (for signature)
Legacy use until 2023
- SHA-1 (in other cases)
- SHA-224 x
Recommended
- SHA-256
- SHA-384
- SHA-512
- SHA3-256
- SHA3-384
- SHA3-512
- SM3 (digest size 256 bits)
MAC functions (MAC based on block ciphers)
Deprecated
- Retail MAC
Legacy use until 2023
- Full 3DES MAC
- AES MAC
Recommended
- AES-CMAC
MAC functions (MAC based on hash)
Legacy use until 2023
- HMAC with one of the supported digests (SHA-1)
Recommended
- HMAC with one of the supported digests (SHA-256 and over)
- KMAC
Asymmetric algorithms (Key Agreement)
Recommended
- ECKA-EG with key size in bits ≥ 256
- ECDH with key size in bits >= 256
Asymmetric algorithms (Signature/Encryption)
Deprecated
- RSA (512; 1024)
Legacy use until 2023
- RSA (≥ 2048)
Recommended
- RSA (≥ 3k)
Asymmetric algorithms (Signature) - デジタル署名のアルゴリズム
Recommended
- DSA, ECDSA with key size in bits ≥ 256
- DSA (Digital Signature Algorithm) : NISTが1991年デジタル署名企画(DSS)用に作ったもの
- ECDSA (Elliptic Curve DSA) : NIST FIPS 186-3
- SM2 (here we focus on the digital signature algorithm based on elliptic curve)
Asymmetric algorithms (Padding)
Legacy use until 2023
- PKCS#1 v1.5 (RSAES, RSASSA)
- PKCS#1 : 米国RSA Security社が提唱している公開鍵暗号に関する規格のひとつ。RSAアルゴリズム暗号を用いた暗号化方式、デジタル署名方式、鍵データおよび暗号方式・デジタル署名方式でのデータフォーマットに関する規格
Recommended
- PKCS#1 v2.1 (PSS, OAEP)
- PSS (Probabilistic Signature Scheme) : v2.1において規定されたPSSを用いた署名アルゴリズム
- OAEP (Optimal Asymmetric Encryption Padding) : PKCS #1 v2.1において規定されたOAEPを用いた暗号化アルゴリズム
Asymmetric algorithms (Standardized elliptic curves)
Recommended
- NIST curves: P-256; P-384; P-521
- Curve25519
- Brainpool curves: brainpoolP256r1; brainpoolP256t1; brainpoolP384r1; brainpoolP384t1; brainpoolP512r1; brainpoolP512t1
TLS version / Cipher suite (TLS 1.0 & TLS 1.1)
Deprecated
- TLS_PSK_WITH_NULL_SHA, RFC 4785
Legacy use until 2023
- TLS_PSK_WITH_3DES_EDE_CBC_SHA, RFC 4279
Recommended
- TLS_PSK_WITH_AES_128_CBC_SHA, RFC 4279
TLS version / Cipher suite (TLS 1.2)
Recommended
- TLS_PSK_WITH_AES_128_CBC_SHA256
- TLS_PSK_WITH_NULL_SHA256