up:: The Mandates MOC
CRYPTREC (Japan)
CRYPTREC, the Cryptography Research and Evaluation Committees, is the body that evaluates cryptographic techniques for use in Japanese government systems and publishes the CRYPTREC Ciphers List that procurement is written against. Its post-quantum position lives in a companion guideline, the “Cryptographic Technology Guideline (Post-Quantum Cryptography), 2024 Edition,” published in March 2025, which adopts the NIST-standardized algorithms ML-KEM, ML-DSA, and SLH-DSA, recommends running most of them in hybrid with a classically secure scheme through the transition, and treats cryptographic agility as a first-class design requirement.
CRYPTREC is run jointly by Japan’s Digital Agency, the Ministry of Internal Affairs and Communications, the Ministry of Economy, Trade and Industry, the National Institute of Information and Communications Technology, and the Information-technology Promotion Agency. Its output is the technical baseline that Japan’s separate national migration target, a government-wide move to post-quantum cryptography by 2035, gets built on top of.
The short version:
- CRYPTREC is Japan’s cryptographic evaluation body, the counterpart to Germany’s BSI and France’s ANSSI, and it maintains the CRYPTREC Ciphers List that Japanese e-Government procurement references.
- The list has three tiers: the e-Government Recommended Ciphers List (approved for immediate use), the Candidate Recommended Ciphers List (evaluated as suitable but not yet widely adopted), and the Monitored Ciphers List (legacy schemes kept only for backward compatibility).
- Its post-quantum guidance is the 2024-edition PQC guideline (document GL-2007-2024, March 2025), which covers ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205), tracks Falcon toward FN-DSA, and notes HQC’s selection.
- The guideline recommends cryptographic agility and hybrid PQC-with-classical construction as the transitional posture, allowing standalone post-quantum use mainly at the highest security level.
- Japan’s separate national deadline, a government-wide transition to post-quantum cryptography by 2035, was set by the National Cyber Office and rests on CRYPTREC as its technical foundation.
Think of CRYPTREC as the standards laboratory that stocks the approved-materials catalog a Japanese government building has to be built from. It tests each cryptographic mechanism, sorts it into a shelf (use it now, it is a candidate, it is only for repairs to old work), and publishes the catalog so an architect procuring a system knows exactly which parts pass inspection. The 2035 national deadline is the building code that says when the old materials have to be out; CRYPTREC is the catalog of what replaces them.
What is CRYPTREC?
CRYPTREC is the project, run across several Japanese government bodies, that evaluates and monitors the security of the cryptographic techniques used in Japanese e-Government systems and sets the criteria those techniques are judged against. The acronym expands to Cryptography Research and Evaluation Committees.
- Who runs it. CRYPTREC is operated jointly by the Digital Agency, the Ministry of Internal Affairs and Communications (MIC), and the Ministry of Economy, Trade and Industry (METI), with technical work carried by the National Institute of Information and Communications Technology (NICT) and the Information-technology Promotion Agency (IPA). It was started in 2000.
- What it does. Its stated purpose is to evaluate and monitor the security of the e-Government recommended ciphers and to examine the establishment of evaluation criteria for cryptographic modules. It works through a Cryptographic Technology Evaluation Committee (security evaluation) and a Cryptographic Technology Promotion Committee (adoption and international competitiveness), under an Advisory Board for Cryptographic Technology.
- How it compares. CRYPTREC is the Japanese analogue to the U.S. NIST cryptographic-standards process and the earlier EU NESSIE evaluation project. Its role in Japan mirrors what BSI and ANSSI do for Germany and France: a national authority that says which cryptographic mechanisms are fit for government use, at what parameters.
Source: CRYPTREC, “About CRYPTREC,” cryptrec.go.jp/en/about.html.
What is the CRYPTREC Ciphers List?
The CRYPTREC Ciphers List is the catalog of cryptographic algorithms that should be referred to when procuring e-Government systems in Japan. Its full title is “The list of ciphers that should be referred to in the procurement for the e-Government system,” and the edition in force when this note was verified is CRYPTREC LS-0001-2022R2, revised March 30, 2026.
The list sorts every evaluated algorithm into one of three tiers:
| Tier | What it means |
|---|---|
| e-Government Recommended Ciphers List | Algorithms evaluated as secure and approved for immediate use in government and industry (for example AES, SHA-256, SHA-512, ECDSA) |
| Candidate Recommended Ciphers List | Algorithms evaluated as suitable but not yet widely adopted, which can graduate to the recommended list as usage grows |
| Monitored Ciphers List | Legacy or weakening algorithms retained only for backward compatibility with older systems (for example Triple-DES, SHA-1, RC4) |
Source: CRYPTREC, “CRYPTREC Ciphers List,” CRYPTREC LS-0001-2022R2, revised March 30, 2026, cryptrec.go.jp/en/list.html.
Source: CRYPTREC, “Specifications of CRYPTREC Ciphers List,” cryptrec.go.jp/en/method.html, for the tier structure.
The three-tier design is what makes the list usable for procurement. A system architect can read the recommended tier as the approved set, treat the candidate tier as acceptable where justified, and read the monitored tier as a warning that a scheme is present only to keep old systems talking. That tiering is also where the post-quantum work will land as the standardized algorithms are folded in over successive revisions.
Which post-quantum algorithms does CRYPTREC recommend?
CRYPTREC’s post-quantum recommendations live in a dedicated guideline rather than in the main ciphers list, and that guideline adopts the same NIST-standardized algorithms the rest of the world converged on. The document is the “Cryptographic Technology Guideline (Post-Quantum Cryptography), 2024 Edition,” document GL-2007-2024, published in March 2025 by CRYPTREC’s post-quantum working group.
| Function | Algorithm CRYPTREC covers | NIST standard |
|---|---|---|
| Key encapsulation | ML-KEM (CRYSTALS-Kyber) | FIPS 203 |
| Digital signatures | ML-DSA (CRYSTALS-Dilithium) | FIPS 204 |
| Digital signatures, hash-based | SLH-DSA (SPHINCS+) | FIPS 205 |
| Digital signatures, lattice | FN-DSA (Falcon), tracked as pending | FIPS 206 (planned) |
| Key encapsulation, code-based | HQC, noted as selected | pending standardization |
Source: CRYPTREC, “Cryptographic Technology Guideline (Post-Quantum Cryptography), 2024 Edition,” GL-2007-2024, March 2025, PDF, §1.3 (standardization status) and the per-algorithm recommendation table.
The guideline records that CRYSTALS-Kyber was standardized as FIPS 203 (ML-KEM), CRYSTALS-Dilithium as FIPS 204 (ML-DSA), and SPHINCS+ as FIPS 205 (SLH-DSA) in August 2024, that Falcon is expected to be standardized as FN-DSA after minor algorithm adjustments, and that HQC was announced as a selected code-based scheme in March 2025. So CRYPTREC is tracking the full NIST suite rather than defining a separate Japanese algorithm set.
What does CRYPTREC recommend for the post-quantum transition?
CRYPTREC’s transitional posture is hybrid-leaning and agility-first. The 2024 PQC guideline recommends deploying most post-quantum schemes in hybrid with a classically secure algorithm through the transition, and it treats the ability to swap algorithms cleanly as a design requirement in its own right.
- Hybrid with a classical scheme is the default. The guideline’s per-algorithm recommendations repeatedly call for hybrid use with a classically secure recommended cipher, and it reserves standalone post-quantum use mainly for the highest security level. That places CRYPTREC alongside BSI and ANSSI on hybrid strategy and apart from the U.S. willingness to run standalone ML-KEM on a fixed schedule.
- Cryptographic agility is a first-class requirement. The guideline devotes a section to the importance of cryptographic agility, the property that lets a system change its cryptographic mechanisms without re-architecting, which is the same instinct running through the EU CRA and the UK NCSC guidance.
- The reasoning is Mosca plus harvest-now-decrypt-later. The guideline grounds the urgency in Mosca’s inequality, the secrecy lifetime of the data plus the migration time measured against the arrival of a quantum computer, and in the harvest-now-decrypt-later risk that data recorded today can be decrypted once such a computer exists. It cites the U.S. NSM-10 2035 goal and CNSA 2.0 as reference timelines.
Source: CRYPTREC, “Cryptographic Technology Guideline (Post-Quantum Cryptography), 2024 Edition,” GL-2007-2024, March 2025, PDF, §1.4 (agility), §2 (migration and hybrid construction), and the Mosca and harvest-now-decrypt-later discussion.
What is Japan’s national post-quantum timeline?
Japan’s government-wide deadline sits above CRYPTREC rather than inside it. The migration target, a move to post-quantum cryptography across Japanese government agencies by 2035, was set by Japan’s National Cyber Office (NCO), aligning Japan with the 2035 horizon that the U.S., EU, UK, and Canada have all converged on.
The NCO’s position, published as an interim report in November 2025, names CRYPTREC as the body that supplies the technical basis for the government’s cryptographic measures, including which legacy ciphers get decommissioned and on what international-standards basis, and it recommends prioritized migration, cryptographic agility, and hybrid post-quantum-with-traditional schemes. Japanese agencies are to build a detailed implementation roadmap in the following fiscal year.
Source: PQShield, “2035: Japan’s NCO sets the timeline for quantum security,” 2025, pqshield.com, reporting on the NCO interim report of November 2025. [OPERATOR VERIFY the 2035 government-wide target, the NCO authorship, and the report date against the primary Cabinet Secretariat document at cas.go.jp before quoting them in a client deliverable; these are drawn from secondary reporting, not read directly from the primary Japanese-language report.]
The practical read is the same one every jurisdiction lands on. The endpoint year of 2035 is the headline, but the work that matters, inventory and an agility-ready architecture, has to start now, because a hybrid, standards-tracking migration of a government estate takes most of the decade to complete.
How does CRYPTREC compare to BSI, ANSSI, and the NIST process?
CRYPTREC is closest in kind to the NIST cryptographic-standards process, and closest in strategy to BSI and ANSSI. It evaluates and publishes rather than mandates, and on the post-quantum transition it shares the European hybrid instinct.
| Dimension | CRYPTREC (Japan) | BSI (Germany) | ANSSI (France) | NIST (U.S.) |
|---|---|---|---|---|
| Core artifact | CRYPTREC Ciphers List plus PQC guideline | TR-02102 guideline series | Cryptographic mechanisms guide plus position paper | FIPS and SP standards |
| PQC algorithm source | Adopts the NIST FIPS suite | Adopts the NIST FIPS suite | Adopts the NIST FIPS suite | Defines the FIPS suite |
| Transition posture | Hybrid recommended, agility-first | Hybrid for long-term confidentiality | Hybrid-first as a standing rule | Standalone permitted on a schedule |
| National deadline | 2035, set separately by the NCO | Annual TR-02102 tables | 2027 certification gate; 2030 objective | 2035 goal via NSM-10 |
CRYPTREC’s role is to say what is cryptographically sound for Japanese government use; the calendar pressure comes from the NCO’s national target. That split, a technical evaluation body plus a separate policy deadline, mirrors how the U.S. pairs NIST’s standards with OMB M-23-02 and NSM-10, and how Germany pairs BSI’s tables with its NIS2 obligations.
How does CRYPTREC relate to the other mandates and standards?
CRYPTREC is Japan’s node in the same international standards stack every other national authority draws on, endorsing the NIST algorithms and sharing the European hybrid posture.
- NIST FIPS suite. CRYPTREC adopts ML-KEM, ML-DSA, and SLH-DSA and tracks FN-DSA and HQC, so there is no separate Japanese algorithm suite.
- BSI and ANSSI. The closest peers on strategy, all three leaning on hybrid deployment through the transition.
- CNSA 2.0 and NSM-10. The reference timelines CRYPTREC’s guideline cites for the 2035 horizon, and the contrast case on standalone deployment.
- IEC and IETF. The guideline notes the international migration work underway in ISO/IEC and the IETF, the same protocol-level standardization the rest of the transition depends on.
- Crypto-agility. The design property CRYPTREC’s guideline elevates to a requirement, and the through-line connecting it to the CRA and NCSC positions.
Common misconceptions
- “CRYPTREC sets Japan’s post-quantum deadline.” It supplies the technical basis. The government-wide 2035 target was set by Japan’s National Cyber Office, and CRYPTREC provides the algorithm evaluations and cipher-list decisions underneath it.
- “Japan has its own post-quantum algorithms.” It adopts the NIST-standardized algorithms. CRYPTREC’s PQC guideline covers ML-KEM, ML-DSA, SLH-DSA, and Falcon-toward-FN-DSA rather than defining a Japanese suite.
- “The CRYPTREC Ciphers List is one flat list.” It has three tiers, recommended, candidate, and monitored, and reading a scheme’s tier is the whole point, because a monitored-tier algorithm is present only for backward compatibility.
- “CRYPTREC recommends standalone post-quantum crypto.” The 2024 guideline recommends hybrid with a classically secure scheme for most cases and reserves standalone post-quantum use mainly for the highest security level.
- “CRYPTREC is a regulator like a ministry.” It is an evaluation project run jointly across the Digital Agency, MIC, METI, NICT, and IPA, closer in kind to the NIST standards process than to a rule-making regulator.
Questions people ask
What is CRYPTREC? It is Japan’s Cryptography Research and Evaluation Committees, the project that evaluates cryptographic techniques for Japanese government use, run jointly by the Digital Agency, MIC, METI, NICT, and IPA, and it publishes the CRYPTREC Ciphers List that e-Government procurement references.
Which post-quantum algorithms does CRYPTREC recommend? The NIST-standardized suite: ML-KEM (FIPS 203) for key encapsulation and ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) for signatures, with Falcon tracked toward FN-DSA and HQC noted as selected. CRYPTREC covers these in its 2024 post-quantum guideline rather than inventing a separate Japanese set.
Does CRYPTREC recommend hybrid cryptography? Yes. Its 2024 PQC guideline recommends hybrid deployment with a classically secure scheme for most algorithms through the transition and reserves standalone post-quantum use mainly for the highest security level, which places it alongside BSI and ANSSI.
Does CRYPTREC bind my organization? Directly, only if you procure or operate Japanese e-Government systems, where the CRYPTREC Ciphers List is the procurement reference. Outside Japan it is authoritative guidance, and it converges with the same NIST algorithms and 2035 horizon as the U.S., EU, UK, and Canadian frameworks.
What is Japan’s post-quantum deadline? A government-wide transition to post-quantum cryptography by 2035, set by Japan’s National Cyber Office, with CRYPTREC supplying the technical basis and Japanese agencies building a detailed implementation roadmap. The endpoint aligns with the U.S., EU, UK, and Canadian 2035 targets.
How does CRYPTREC compare to BSI and ANSSI? All three are national cryptographic authorities that adopt the NIST algorithms and lean toward hybrid deployment through the transition. CRYPTREC evaluates and publishes rather than mandating; the calendar pressure in Japan comes from the separate NCO 2035 target.
Is the CRYPTREC guidance law? The CRYPTREC Ciphers List is the procurement reference for Japanese e-Government systems rather than a standalone statute, and the PQC guideline is technical guidance. The binding force is the government-wide 2035 migration target set by the National Cyber Office, which rests on CRYPTREC’s technical work.
Everything here is the map, given freely. When your team needs CRYPTREC’s cipher-list tiers and hybrid post-quantum guidance translated into a migration plan sequenced against your own Japanese and international systems and their deadlines, that’s what an alignment briefing is for.
Last verified 2026-07-12 · Maintained by Addie LaMarr, LaMarr Labs.