Camellia Encryption Algorithm Selected For New E-Government Recommended Ciphers List

Nippon Telegraph and Telephone Corporation (NYSE:NTT) and Mitsubishi Electric Corporation (TOKYO:6503) announced today that Camellia, the 128-bit block cipher jointly developed by the two companies in 2000, has been selected for adoption in Japan's new e-Government Recommended Ciphers List as the only 128-bit block cipher encryption algorithm developed in Japan.

The selection is attributed to Camellia's high reputation for ease of procurement, and security and performance features comparable to those of the Advanced Encryption Standard (AES), the de facto standard 128-bit block Cipher adhering to U.S. government standards that was also selected for adoption in the new e-Government Recommended Ciphers List. As a leading technology strengthening the competitiveness of Japanese information security industries, Camellia is recognized as Japan's prime example of 128-bit block cipher algorithms, which are used widely in applications involving large-volume data, such as electronic communications, file encryption and mobile device authentication.


The e-Government Recommended Ciphers List selected by the Cryptography Research and Evaluation Committees (CRYPTREC) consists of recommended cryptographic technologies that offer robust security and processing capabilities, for both software and hardware, and can be applied in system construction. The List, first released in February 2003, recently was updated for the first time in 10 years. Camellia, which also was selected for the original list, was reselected as the only Japanese encryption algorithm among 128-bit block ciphers.

Significance of the adoption

- Safety and performance

An encryption algorithm is proven to be secure when it has resisted multiple deciphering attacks over a long period of time. Camellia's security has been continuously tested over a decade by the cryptography research community. Meanwhile, its ability to withstand newly-found attack techniques, including related-key, biclique-based meet-in-the-middle, and rebound attacks, was investigated, but no successful attack has been reported so far. Camellia's level of security therefore surpasses that of AES, which was subject to successful (but impractical) related-key attacks reported on its 192- and 256-bit versions.