logo_kerberos.gif

Projects/Camellia encryption

From K5Wiki
< Projects
Revision as of 14:21, 7 December 2009 by Hardjono (talk | contribs) (Impact on Crypto-Library)

Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


Camellia Introduction

Camellia is a symmetric key block cipher developed jointly in 2000 by world top class encryption researchers at NTT and Mitsubishi Electric Corporation. Technologically speaking, Camellia naturally has not only a high level of security, but also excellent efficiency and practical characteristics. It can be implemented at high performance by software on various platforms. In regard to hardware implementation, compact and low-power consumption type implementation as well as high-speed implementation is possible.

Based on these technological advantages, Camellia has been internationally recognized. For example, the selection project on the European recommendation of strong cryptographic primitives (NESSIE) evaluated Camellia to have "many similarities to the AES, so much of the analysis for the AES is also applicable to Camellia." Currently, Camellia is the only cipher internationally recognized which has the same level of security and performance as AES.

Camellia already has been adopted by the IETF and other international standardization organizations. In particular, the IETF has published specifications for the use of Camellia with IPsec, TLS, and others. Camellia is one of the three ISO/IEC international standard 128-bit block ciphers (Camellia, AES, and SEED). Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project. In addition, it was included in the list of cryptographic techniques for Japanese e-Government systems that was selected by the Japanese CRYPTREC (Cryptography Research and Evaluation Committees).

Since optimized source code is available under several open source licenses, Camellia has also been adopted by several open source projects (OpenSSL, BouncyCastel, GnuTLS, FreeBSD, and Linux). Furthermore, it is also adopted by Mozilla and Camellia is ready for use with Firefox3.0 released in June 2008. In addition, Camellia has also adopted by IAIK-JCE and iSaSiLk toolkits(for SSL/TLS library).

NTT and Mitsubishi Electric Corporation grant royalty-free licenses of the essential patents for Camellia in order to establish a leadership role toward achieving a low-cost secure advanced telecommunication society through the proliferation and promotion of Camellia that contribute to the construction of an environment in which various security products and services can be used widely.

In accordance with an agreement between NTT and Mitsubishi, Camellia essential patents can be used at no charge by any Camellia user without concluding such royalty-free licensing agreement hereafter. For details, please see the Intellectual Property Information page.

URL: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html

Project Proposal

We propose the addition of the Camellia algorithm for Kerberos V5(KRB5). In the configuration files, the Camellia encryption types to be supported initially are the following:

camellia256-cts-hmac-sha1-96 camellia256-cts Camellia-256 CTS mode with 96-bit SHA-1 HMAC

camellia128-cts-hmac-sha1-96 camellia128-cts Camellia-128 CTS mode with 96-bit SHA-1 HMAC

Note that camellia256-cts and camellia128-cts will be supported for all Kerberos operations.

Additionally, we will add CCM equivalent support once the CTS implementation has been completed.

Impact on Enctypes

We will initially be adding two Enctypes for Camellia-CTS to the Supported Encryption types for KRB5. We will also be submitting the relevant internet-drafts to the IETF for approval.

These Enctypes are as follows:

camellia256-cts-hmac-sha1-96 camellia256-cts Camellia-256 CTS mode with 96-bit SHA-1 HMAC

camellia128-cts-hmac-sha1-96 camellia128-cts Camellia-128 CTS mode with 96-bit SHA-1 HMAC

Impact on Crypto-Library

We do not anticipate any negative impact (of adding Camellia) on the KRB5 crypto-library.

We believe adding Camellia support will be beneficial for Kerberos adoption in Japan and other countries, as the Camellia algorithm has been internationally evaluated as the same level of security and performance as AES.