Share to: share facebook share twitter share wa share telegram print page

Commercial National Security Algorithm Suite

Timeline for the transition to CNSA 2.0

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the TOP SECRET level. Two versions of CNSA exist: the pre-quantum 1.0 of 2015 and the quantum-resistant 2.0 of 2022.[1][2][3][4][5][6]

Contents

CNSA 1.0

A singular parameter length is provided for protection up to TOP SECRET level.

Components of CNSA 1.0
Purpose Algorithm Standard Parameter Length Bits of Security Notes
Symmetric encryption AES FIPS 197 256 256
Digital Signature Elliptic Curve Digital Signature Algorithm (ECDSA) FIPS 186-4 384 192 Use curve P-384 only.
RSA FIPS 186-4 3072 128 Minimum modulus size, can be larger.
Key agreement Elliptic-curve Diffie–Hellman (ECDH) NIST SP 800-56Ar3 384 192 Use curve P-384 only.
Diffie–Hellman key exchange RFC 3526 3072 128 Minimum modulus size, can be larger.
RSA FIPS SP 800-56Br2 3072 128 Minimum modulus size, can be larger.
Message digest SHA-2 FIPS 180-4 384 192 Use exactly SHA-384.

The CNSA 1.0 transition is notable for moving RSA from a temporary legacy status, as it appeared in Suite B, to supported status. It also did not include the Digital Signature Algorithm. This, and the overall delivery and timing of the announcement, in the absence of post-quantum standards, raised considerable speculation about whether NSA had found weaknesses e.g. in elliptic-curve algorithms or others, or was trying to distance itself from an exclusive focus on ECC for non-technical reasons.[7][8][9]

Documents describing the integration of CNSA 1.0 with Internet protocols include:

  • RFC 9151 Commercial National Security Algorithm (CNSA) Suite Profile for TLS and DTLS 1.2 and 1.3
  • RFC 9206 Commercial National Security Algorithm (CNSA) Suite Cryptography for Internet Protocol
  • RFC 9212 Commercial National Security Algorithm (CNSA) Suite Cryptography for Secure Shell (SSH)
  • RFC 8755 Using Commercial National Security Algorithm Suite Algorithms in Secure/Multipurpose
  • RFC 8756 Commercial National Security Algorithm (CNSA) Suite Profile of Certificate Management over CMS
  • RFC 8603 Commercial National Security Algorithm (CNSA) Suite Certificate and Certificate Revocation List (CRL) Profile

CNSA 2.0

In September 2022, the NSA announced CNSA 2.0, which includes its first recommendations for post-quantum cryptographic algorithms. Again, all parameters are provided for TOP SECRET level.[10]

Components of CNSA 2.0[11]
Purpose Algorithm Standard Parameter Length Bits of Security Notes
Symmetric encryption AES FIPS 197-upd1 256 256
Key agreement ML-KEM FIPS 203 ML-KEM-1024 256
Digital signature ML-DSA FIPS 204 ML-DSA-87 256
Message digest of data SHA-2 FIPS 180-4 384 or 512 192 or 256
Digital signature of firmware and software Leighton-Micali NIST SP 800-208 192 or 256 192 or 256 All standard parameter sets are approved, the minimum being SHA256/192. SHA256/192 is the recommended choice.
Xtended Merkle NIST SP 800-208 192 or 256 192 or 256 All standard parameter sets are approved, the minimum being SHA256/192.
Message digest for hardware integrity checks
SHA-3 FIPS 202 384 or 512 192 or 256 Allowed for internal hardware functionality only (e.g., boot-up integrity checks)

Note that compared to CNSA 1.0, CNSA 2.0:

  • Suggests separate post-quantum algorithms (XMSS/LMS) for software/firmware signing for use immediately
  • Allows SHA-512
  • Announced the selection of CRYSTALS-Kyber and CRYSTALS-Dilithium early, with the expectation that they will be mandated only when the final standards and FIPS-validated implementations are released. RSA, Diffie-Hellman, and elliptic curve cryptography will be deprecated at that time.

Documents describing the integration of CNSA 2.0 with Internet protocols include:

  • draft-becker-cnsa2-smime-profile-01 Commercial National Security Algorithm (CNSA) Suite Profile for Secure/Multipurpose Internet Mail Extensions (S/MIME)
  • draft-becker-cnsa2-ssh-profile-02 Commercial National Security Algorithm (CNSA) Suite Profile for SSH
  • draft-becker-cnsa2-tls-profile-02 Commercial National Security Algorithm (CNSA) Suite Profile for TLS 1.3
  • draft-guthrie-cnsa2-ipsec-profile-01 Commercial National Security Algorithm (CNSA) Suite 2.0 Profile for IPsec
  • draft-jenkins-cnsa2-cmc-profile-01 Commercial National Security Algorithm (CNSA) Suite Profile of Certificate Management over CMS
  • draft-jenkins-cnsa2-pkix-profile-03 Commercial National Security Algorithm Suite Certificate and Certificate Revocation List Profile

References

  1. ^ Cook, John (2019-05-23). "NSA recommendations | algorithms to use until PQC". www.johndcook.com. Retrieved 2020-02-28.
  2. ^ "Announcing the Commercial National Security Algorithm Suite 2.0" (PDF). media.defense.gov. 2022-09-07. Archived from the original (PDF) on September 8, 2022. Retrieved 2024-06-10.
  3. ^ "CNSA Suite and Quantum Computing FAQ" (PDF). cryptome.org. January 2016. Retrieved 24 July 2023.
  4. ^ "Use of public standards for the secure sharing of information among national security systems, Advisory Memorandum 02-15 CNSS Advisory Memorandum Information Assurance 02-15". Committee on National Security Systems. 2015-07-31. Archived from the original on 2020-02-28. Retrieved 2020-02-28.
  5. ^ "Commercial National Security Algorithm Suite". apps.nsa.gov. 19 August 2015. Archived from the original on 2022-02-18. Retrieved 2020-02-28.
  6. ^ Housley, Russ; Zieglar, Lydia (July 2018). "RFC 8423 - Reclassification of Suite B Documents to Historic Status". tools.ietf.org. Retrieved 2020-02-28.
  7. ^ "NSA's FAQs Demystify the Demise of Suite B, but Fail to Explain One Important Detail – Pomcor". 9 February 2016. Retrieved 2020-02-28.
  8. ^ "A riddle wrapped in a curve". A Few Thoughts on Cryptographic Engineering. 2015-10-22. Retrieved 2020-02-28.
  9. ^ Koblitz, Neal; Menezes, Alfred J. (2018-05-19). "A Riddle Wrapped in an Enigma". Cryptology ePrint Archive.
  10. ^ "Post-Quantum Cybersecurity Resources". www.nsa.gov. Retrieved 2023-03-03.
  11. ^ "Announcing the Commercial National Security Algorithm Suite 2.0, U/OO/194427-22, PP-22-1338, Ver. 1.0" (PDF). media.defense.gov. National Security Agency. September 2022. Table IV: CNSA 2.0 algorithms, p. 9.; Table V: CNSA 1.0 algorithms, p. 10. Archived from the original (PDF) on September 8, 2022. Retrieved 2024-04-14.


Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi
Kembali kehalaman sebelumnya