The Open Source Community OpenSSL Project Adopts the Next Generation International Standard Cipher 'Camellia', Developed in Japan.Tokyo, Japan, Nov 8, 2006 - (JCN JCN Japan Corporate News JCN Journal of Cognitive Neuroscience JCN Journal of Cardiovascular Nursing JCN Journal of Christian Nursing JCN Job Control Number JCN Journal of Child Neurology JCN joint communications network (US DoD) Newswire) - The OpenSSL Project, an international open source community, adopted "Camellia camellia (kəmēl`yə) [for G. J. Kamel, a Moravian Jesuit missionary], any plant of the genus Camellia in the tea family, evergreen shrubs or small trees native to Asia but now cultivated extensively in warm climates and in ," a 128-bit block cipher(1) algorithm jointly developed in 2000 by Nippon Telegraph and Telephone Nippon Telegraph and Telephone Corporation (日本電信電話株式会社 Corporation ('NTT') and Mitsubishi Electric Corporation ('Mitsubishi'), into its OpenSSL toolkit for use in the development of SSL/TLS SSL/TLS Secure Socket Layer/Transport Security (IETF) (2) protocol. To support a secure advanced information society, and with the goal of disseminating Camellia, which was selected as a major international standard and recommended cipher cipher: see cryptography. (1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. , NTT NTT Nippon Telegraph and Telephone Corporation NTT New Technology Telescope NTT National Technology Transfer, Inc NTT Name That Tune (TV game show) NTT National Tree Trust NTT Number Theoretic Transform released Camellia source codes as open source on April 13, 2006 so that Camellia can be freely used as an international basic technology. NTT has also provided its source codes to open source communities. As a result, in September of this year Camellia was incorporated into OpenSSL version 0.9.8c. The adoption of Camellia into the OpenSSL toolkit means that Camellia provides security and performance equivalent to the US government standard cipher AES(3) and is the world's only alternative to AES. From now on, since the OpenSSL toolkit equipped with Camellia will be installed into WWW WWW or W3: see World Wide Web. (World Wide Web) The common host name for a Web server. The "www-dot" prefix on Web addresses is widely used to provide a recognizable way of identifying a Web site. servers worldwide and used as a world leading open cryptographic toolkit, we anticipate that Camellia will be spread even further through its use and commercialization on a global scale. Camellia Website: http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html Information related to open source: http://info.isl.ntt.co.jp/crypt/eng/camellia/source.html OpenSSL Project Website: http://www.openssl.org/ Background and Significance of Adoption into OpenSSL Camellia, the next generation encryption algorithm that provides the world's highest security and performance, is an international standard and recommended cipher. Camellia was selected into the first ISO/IEC ISO/IEC International Organization for Standardization/International Electrotechnical Commission (ITU-T M 3000) international standard cipher(4), EU (NESSIE) recommended cipher(5), and Japanese e-government recommended cipher(6), and is internationally recognized as the de facto [Latin, In fact.] In fact, in deed, actually. This phrase is used to characterize an officer, a government, a past action, or a state of affairs that must be accepted for all practical purposes, but is illegal or illegitimate. representative of Japanese encryption algorithm. Furthermore, Camellia was adopted as the IETF See Internet Engineering Task Force. IETF - Internet Engineering Task Force standard track RFC (Request For Comments) A document that describes the specifications for a recommended technology. Although the word "request" is in the title, if the specification is ratified, it becomes a standards document. (7) encryption algorithm in mainstream Internet encryption communications protocols such as SSL/TLS, IPsec, S/MIME See MIME. , and XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. . NTT released free of charge the source codes (C language and Java) as open source and is providing an environment in which any Camellia users can use the Camellia essential patents at no charge without concluding the royalty-free licensing agreement so that more people can benefit from the merits of Camellia, which are highly evaluated worldwide. Furthermore, NTT is providing the Camellia source codes to open source communities and undertaking continuous activities for adoption. The OpenSSL toolkit has three types of functionality: SSL/TLS de facto stack, encryption engine, and PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of application development toolkit. Many current standard ciphers, such as Triple DES and RC4, are available in it as engines for symmetric key encryption, but only AES has been supported as the next generation encryption algorithm in OpenSSL version 0.9.7 and later. This time since Camellia will be equipped in OpenSSL version 0.9.8c and later, an environment* is available in which multiple ciphers can be used as next generation encryption algorithms, and we believe that this will contribute to the actualization actualization Psychiatry The realization of one's full potential of more secure advanced information society. Currently, more than 60% of the WWW servers worldwide have the OpenSSL toolkit installed, and in the future Camellia will be sequentially installed into these servers. Since the OpenSSL toolkit is used in various commercial developments and the selection of Camellia can be made easily, we anticipate that the use and commercial development of Camellia will accelerate. Significance of Disclosing Specifications and Releasing Camellia as Open Source From the beginning, the specification for Camellia was publicly disclosed, and cryptographic researchers worldwide have already evaluated the security and performance of the algorithm a great many times. The evaluation results were published in reports and presented at international cryptographic conferences, etc. These form the technical basis for the reputation of Camellia as one of the world's most excellent encryption algorithm and provide the rationale behind its selection as the internationally standardized and recommended specifications. In the future, since the open source code of Camellia incorporated in the OpenSSL toolkit will be distributed worldwide, engineers around the world will evaluate, improve, and implement Camellia codes as part of implementation process. We anticipate that it will become easier to use Camellia. Although, for practical products, vulnerability in the implementation could be a threat to the reliability and security, engineers worldwide will inspect the implementation by disclosing the encryption engine as open source in the same way as the algorithm is disclosed. Therefore we anticipate that the security based on that implementation will improve as a result. Merits and History of Camellia Camellia is a 128-bit block cipher (with allowable key lengths of 128, 192, and 256 bits) that was jointly developed by NTT and Mitsubishi in 2000. Camellia not only maintains the world's highest security, but also can be built into high-speed software implementation independent of the platform such as PCs or IC cards and the world's smallest hardware implementation with the highest efficiency among 128-bit block ciphers. That is, Camellia is simultaneously equipped with excellent security and performance. According to third party evaluations and verifications performed by many cryptographers worldwide over the last few years concerning these features, compared to the current mainstream 64-bit block cipher Triple DES, the security of Camellia is extraordinarily high and the processing speed is four to five times faster. Based on these results, Camellia is internationally recognized as Japan's representative cipher with security and performance equivalent to those of AES, and the world's only 128-bit block cipher alternative to AES. Camellia, with NTT's fundamental objective of sound development of the advanced information society as a criterion to open source, has followed the sequence of events provided below to arrive at its current state.
March 2000: Camellia encryption algorithm is released by NTT and Mitsubishi
April 2001: Camellia royalty-free licenses are granted
Feb. 2003: Camellia is selected as the Japanese e-government recommended
cipher by CRYPTREC
February 2003: Camellia is selected as the European Union recommended cipher
by NESSIE
February 2003: Camellia is adopted as the DRM encryption by TV-Anytime Forum
January 2004: Camellia is accepted as the IETF standard cipher
for S/MIME [RFC3657]
April 2005: Camellia is accepted as the IETF standard cipher
for XML security URIs [RFC4051]
May 2005: Camellia is adopted as the ISO/IEC standard cipher [ISO/IEC18033-3]
July 2005: Camellia is accepted as the IETF standard cipher for
SSL/TLS Cipher suites [RFC4132]
December 2005: Camellia is accepted as the IETF standard cipher for
IPsec [RFC4312]
April 2006: Open source codes of Camellia are released
Sept. 2006: Camellia is adopted into OpenSSL
(adopted from OpenSSL version 0.9.8c)
Future Plan In order to widen further the use of Camellia, NTT did not stop working with the adoption of Camellia into the OpenSSL toolkit. It is continuing with activities toward the adoption into other open source communities such as Linux and FreeBSD. Furthermore, in addition to NTT's positively influencing development of products and services equipped with Camellia, we plan to cooperate with hopeful corporations and enterprises for their development, industrialization industrialization Process of converting to a socioeconomic order in which industry is dominant. The changes that took place in Britain during the Industrial Revolution of the late 18th and 19th century led the way for the early industrializing nations of western Europe and , and introduction of Camellia-equipped products. Glossary 1) 128-bit block cipher The 128-bit block cipher is a symmetric key encryption that encrypts data in 128-bit long (the size of the data bundle) blocks. Symmetric key encryption is an encryption scheme that uses the same secret key to encrypt and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. data. Since it achieves high-speed processing, it is used widely in various applications such as communication sessions that deal with large-volume data, file encryption, and mobile terminal authentication. 64-bit block ciphers (64-bit long blocks) such as Triple DES and MISTY1 were constructed by the mid 1990's. And 128-bit block ciphers such as Camellia and AES were produced in and after the second half of the 1990's. 2) SSL/TLS (Secure Socket Layer /Transport Layer Security) The Netscape Communications Corporation (company) Netscape Communications Corporation - (Formlerly "Mosaic Communications Corporation", MCC) A company set up in April 1994 by Dr. James H. Clark and Marc Andreessen <marca@netcom. developed the SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. protocol, which provides a secure communications mechanism by encrypting transmitted data for Internet communications. The next version of SSL3.0 was renamed as TLS (1) (Transport Layer Security) A security protocol from the IETF that is based on the Secure Sockets Layer (SSL) 3.0 protocol developed by Netscape. TLS uses digital certificates to authenticate the user as well as authenticate the network (in a wireless and was standardized by the IETF. Since SSL/TLS is normally equipped in current browsers such as IE and Firefox, when accessing sites such as EC sites and services such as internet banking, it is common that SSL/TLS is used when transmitting passwords, credit card numbers, and personal information. Recently, in many sites where encrypted communications is required, SSL/TLS is automatically used without the user's awakening. 3) AES (Advanced Encryption Standard (cryptography, algorithm) Advanced Encryption Standard - (AES) The NIST's replacement for the Data Encryption Standard (DES). The Rijndael /rayn-dahl/ symmetric block cipher, designed by Joan Daemen and Vincent Rijmen, was chosen by a NIST contest to be AES. ) In 2001, the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. ) established the US Government standard 128-bit block cipher called the Advanced Encryption Standard. The AES project ran from 1997 to 2000, and AES was based on the "Rijndael" algorithm, proposed by J. Daemen and V. Rijmen, whose security and performance were considered to be the highest among the proposed algorithms. 4) ISO/IEC international standard ciphers These are the first international standard cipher algorithms selected by the International Organization for Standardization International Organization for Standardization (ISO) Organization for determining standards in most technical and nontechnical fields. Founded in Geneva in 1947, its membership includes more than 100 countries. (ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. ) and International Electrotechnical Commission See IEC. (standard, body) International Electrotechnical Commission - (IEC) A standardisation body at the same level as ISO. (IEC (International Electrotechnical Commission, Geneva, Switzerland, www.iec.ch) An organization that sets international electrical and electronics standards founded in 1906. It is made up of national committees from over 60 countries. IEC - International Electrotechnical Commission ). After changing the focus from ISO/IEC9979 (encryption algorithm registration system), ISO/IEC18033 was standardized as the first international standard cipher, based on third party (NESSIE, CRYPTREC CRYPTREC Cryptography Research & Evaluation Committee (Japan) CRYPTREC Cryptography Research and Evaluation Committee , etc.) security and performance evaluation Performance evaluation The assessment of a manager's results, which involves, first, determining whether the money manager added value by outperforming the established benchmark (performance measurement) and, second, determining how the money manager achieved the calculated return reports. The 128-bit block ciphers, AES, Camellia, and SEED, are the only ciphers adopted as the next generation standard. 5) EU recommended ciphers These are recommended encryption primitives selected based on high-level security and performance by the New European Schemes for Signature, Integrity, and Encryption (NESSIE) project conducted from 2000 to 2003 by the European Union (EU). Out of the total 44, including the 39 proposed encryption algorithms, 17 encryption algorithms were selected. The Japanese ciphers Camellia (128-bit block cipher by NTT/Mitsubishi), MISTY1 (64-bit block cipher by Mitsubishi), and PSEC-KEM (Public key encryption See public key cryptography. by NTT) were selected. 6) Japanese e-government recommended ciphers These are recommended cryptographic techniques suitable for the Japanese electronic government selected by the Cryptography Research and Evaluation Committees (CRYPTREC) organized to investigate and evaluate them from the viewpoints of various objective specialists in terms of security. Out of the total 66, including the 52 proposed encryption techniques, 31 encryption techniques were selected. 7) Standard Track RFC (Standard Track Requests For Comments) This is an official draft document opened to the public as a specification for an Internet Standard. The RFC number is given to all documents that the IETF issues. They are classified into Standard Track RFC for which the IETF holds a standard discussion, approves, and manages as Internet standards, and Non-standard Track RFC which is opened to the public with the aim of dissemination. About NTT NTT Group is comprised of NTT (the holding company) and 542 subsidiaries and affiliates (of which 397 are consolidated subsidiaries). NTT Group's principal business activities are regional communications, long distance and international communications, mobile communications, and data communications. As the leader of Japan's telecommunications industry, NTT Group has devoted its efforts to the growth of the market. With a full-scale broadband and ubiquitous era approaching, NTT Group is endeavoring to anticipate the needs of the times and changes in the Information Technology (IT) market and take full advantage of the Group's management resources to develop new broadband businesses that will serve as new revenue sources into the future. The NTT Group is also focusing its efforts on the development of its fiber-optic access infrastructure and the creation of a next-generation totally Internet Protocol (IP) based network. For more information, please visit www.ntt.co.jp. Source: NTT Contact: Chizuka, Sano, Nakamura Public Relations Section Planning Department NTT Information Sharing Laboratory Group Nippon Telegraph and Telephone Corporation Phone: +81-422-59-3663 E-mail: islg-pr@lab.ntt.co.jp Copyright [c] 2006 JCN Newswire. All rights reserved. A division of Japan Corporate News Network K.K. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion