Difference between revisions of "Projects/Camellia encryption"
(→Project Proposal) |
(→Project Proposal) |
||
Line 29: | Line 29: | ||
These encryption types are supported for all Kerberos operations. |
These encryption types are supported for all Kerberos operations. |
||
− | Note that because CCM provides both authentication and encryption, the associated Kerberos checksum type is only used for explicit checksum operations (not for authenticating encrypted plaintexts). The 128-bit MAC above refers to both the CBC-MAC specified by CCM, and a 128-bit CMAC available as |
+ | Note that because CCM provides both authentication and encryption, the associated Kerberos checksum type is only used for explicit checksum operations (not for authenticating encrypted plaintexts). The 128-bit MAC above refers to both the CBC-MAC specified by CCM, and a 128-bit CMAC available as the following checksumtypes: |
+ | |||
+ | * cmac-128-camellia128: 128-bit CMAC with Camellia-128 bit key |
||
+ | * cmac-128-camellia256: 128-bit CMAC with Camellia-256 bit key |
||
== Impact on Enctypes == |
== Impact on Enctypes == |
Revision as of 12:28, 10 May 2010
Camellia Introduction
Camellia is a symmetric key block cipher developed jointly in 2000 by world top class encryption researchers at NTT and Mitsubishi Electric Corporation. Technologically speaking, Camellia naturally has not only a high level of security, but also excellent efficiency and practical characteristics. It can be implemented at high performance by software on various platforms. In regard to hardware implementation, compact and low-power consumption type implementation as well as high-speed implementation is possible.
Based on these technological advantages, Camellia has been internationally recognized. For example, the selection project on the European recommendation of strong cryptographic primitives (NESSIE) evaluated Camellia to have "many similarities to the AES, so much of the analysis for the AES is also applicable to Camellia." Currently, Camellia is the only cipher internationally recognized which has the same level of security and performance as AES.
Camellia already has been adopted by the IETF and other international standardization organizations. In particular, the IETF has published specifications for the use of Camellia with IPsec, TLS, and others. Camellia is one of the three ISO/IEC international standard 128-bit block ciphers (Camellia, AES, and SEED). Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project. In addition, it was included in the list of cryptographic techniques for Japanese e-Government systems that was selected by the Japanese CRYPTREC (Cryptography Research and Evaluation Committees).
Since optimized source code is available under several open source licenses, Camellia has also been adopted by several open source projects (OpenSSL, BouncyCastel, GnuTLS, FreeBSD, and Linux). Furthermore, it is also adopted by Mozilla and Camellia is ready for use with Firefox3.0 released in June 2008. In addition, Camellia has also adopted by IAIK-JCE and iSaSiLk toolkits(for SSL/TLS library).
NTT and Mitsubishi Electric Corporation grant royalty-free licenses of the essential patents for Camellia in order to establish a leadership role toward achieving a low-cost secure advanced telecommunication society through the proliferation and promotion of Camellia that contribute to the construction of an environment in which various security products and services can be used widely.
In accordance with an agreement between NTT and Mitsubishi, Camellia essential patents can be used at no charge by any Camellia user without concluding such royalty-free licensing agreement hereafter. For details, please see the Intellectual Property Information page.
URL: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
Project Proposal
We propose the addition of the Camellia algorithm for Kerberos V5(KRB5). In the configuration files, the Camellia encryption types to be supported initially are the following:
- camellia256-cts-hmac-sha1-96/camellia256-cts: Camellia-256 CTS mode with 96-bit SHA-1 HMAC
- camellia128-cts-hmac-sha1-96/camellia128-cts: Camellia-128 CTS mode with 96-bit SHA-1 HMAC
- camellia256-ccm-128/camellia256-ccm: Camellia-256 CCM mode with 128-bit MAC
- camellia128-ccm-128/camellia128-ccm: Camellia-128 CCM mode with 128-bit MAC
These encryption types are supported for all Kerberos operations.
Note that because CCM provides both authentication and encryption, the associated Kerberos checksum type is only used for explicit checksum operations (not for authenticating encrypted plaintexts). The 128-bit MAC above refers to both the CBC-MAC specified by CCM, and a 128-bit CMAC available as the following checksumtypes:
- cmac-128-camellia128: 128-bit CMAC with Camellia-128 bit key
- cmac-128-camellia256: 128-bit CMAC with Camellia-256 bit key
Impact on Enctypes
We will initially be adding two Enctypes for Camellia-CTS to the Supported Encryption types for KRB5. We will also be submitting the relevant internet-drafts to the IETF for approval.
These Enctypes are as follows:
camellia256-cts-hmac-sha1-96. camellia256-cts. Camellia-256 CTS mode with 96-bit SHA-1 HMAC.
camellia128-cts-hmac-sha1-96. camellia128-cts. Camellia-128 CTS mode with 96-bit SHA-1 HMAC.
Impact on Crypto-Library
We do not anticipate any negative impact (of adding Camellia) on the KRB5 crypto-library.
We believe adding Camellia support will be beneficial for Kerberos adoption in Japan and other countries, as the Camellia algorithm has been internationally evaluated as the same level of security and performance as AES.