NSA Suite B Cryptography

Last updated December 25, 2022

NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.

Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is "used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI)."^[1]

In 2018, NSA replaced Suite B with the Commercial National Security Algorithm Suite (CNSA).^[2]

Suite B's components were:

Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. For traffic flow, AES should be used with either the Counter Mode (CTR) for low bandwidth traffic or the Galois/Counter Mode (GCM) mode of operation for high bandwidth traffic (see Block cipher modes of operation) – symmetric encryption
Elliptic Curve Digital Signature Algorithm (ECDSA) – digital signatures
Elliptic Curve Diffie–Hellman (ECDH) – key agreement
Secure Hash Algorithm 2 (SHA-256 and SHA-384) – message digest

General information

NIST, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56A
Suite B Cryptography Standards
RFC 5759, Suite B Certificate and Certificate Revocation List (CRL) Profile
RFC 6239, Suite B Cryptographic Suites for Secure Shell (SSH)
RFC 6379, Suite B Cryptographic Suites for IPsec
RFC 6460, Suite B Profile for Transport Layer Security (TLS)

These RFC have been downgraded to historic references per RFC 8423.

History

In December 2006, NSA submitted an Internet Draft on implementing Suite B as part of IPsec. This draft had been accepted for publication by IETF as RFC 4869, later made obsolete by RFC 6379.

Certicom Corporation of Ontario, Canada, which was purchased by BlackBerry Limited in 2009,^[3] holds some elliptic curve patents, which have been licensed by NSA for United States government use. These include patents on ECMQV, but ECMQV has been dropped from Suite B. AES and SHA had been previously released and have no patent restrictions. See also RFC 6090.

As of October 2012, CNSSP-15^[4] stated that the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

However, as of August 2015, NSA indicated that only the Top Secret algorithm strengths should be used to protect all levels of classified information.^[1]

In 2018 NSA withdrew Suite B in favor of the CNSA.

Quantum resistant suite

In August 2015, NSA announced that it is planning to transition "in the not too distant future" to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition."^[1] New standards are estimated to be published around 2024.^[5]

Algorithm implementation

Using an algorithm suitable to encrypt information is not necessarily sufficient to properly protect information. If the algorithm is not executed within a secure device the encryption keys are vulnerable to disclosure. For this reason, the US federal government requires not only the use of NIST-validated encryption algorithms, but also that they be executed in a validated Hardware Security Module (HSM) that provides physical protection of the keys and, depending on the validation level, countermeasures against electronic attacks such as differential power analysis and other side-channel attacks. For example, using AES-256 within an FIPS 140-2 validated module is sufficient to encrypt only US Government sensitive, unclassified data. This same notion applies to the other algorithms.

Commercial National Security Algorithm Suite

The Suite B algorithms have been replaced by Commercial National Security Algorithm (CNSA) Suite algorithms:^[6]

Advanced Encryption Standard (AES), per FIPS 197, using 256 bit keys to protect up to TOP SECRET
Elliptic Curve Diffie-Hellman (ECDH) Key Exchange, per FIPS SP 800-56A, using Curve P-384 to protect up to TOP SECRET.
Elliptic Curve Digital Signature Algorithm (ECDSA), per FIPS 186-4
Secure Hash Algorithm (SHA), per FIPS 180-4, using SHA-384 to protect up to TOP SECRET.
Diffie-Hellman (DH) Key Exchange, per RFC 3526, minimum 3072-bit modulus to protect up to TOP SECRET
RSA for key establishment (NIST SP 800-56B rev 1) and digital signatures (FIPS 186-4), minimum 3072-bit modulus to protect up to TOP SECRET

Related Research Articles

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm.

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography to provide equivalent security.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for a nefarious purpose, for example, to create a backdoor to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number $π$ as the constants. Using digits of $π$ millions of places after the decimal point would not be considered trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography.

Integrated Encryption Scheme (IES) is a hybrid encryption scheme which provides semantic security against an adversary who is able to use chosen-plaintext or chosen-ciphertext attacks. The security of the scheme is based on the computational Diffie–Hellman problem.
Two variants of IES are specified: Discrete Logarithm Integrated Encryption Scheme (DLIES) and Elliptic Curve Integrated Encryption Scheme (ECIES), which is also known as the Elliptic Curve Augmented Encryption Scheme or simply the Elliptic Curve Encryption Scheme. These two variants are identical up to the change of an underlying group.

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.

Transport Layer Security pre-shared key ciphersuites (TLS-PSK) is a set of cryptographic protocols that provide secure communication based on pre-shared keys (PSKs). These pre-shared keys are symmetric keys shared in advance among the communicating parties.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The following outline is provided as an overview of and topical guide to cryptography:

Crypto++ is a free and open-source C++ class library of cryptographic algorithms and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open-source, and non-commercial projects, as well as businesses. Released in 1995, the library fully supports 32-bit and 64-bit architectures for many major operating systems and platforms, including Android, Apple, BSD, Cygwin, IBM AIX and S/390, Linux, MinGW, Solaris, Windows, Windows Phone and Windows RT. The project also supports compilation using C++03, C++11, C++14, and C++17 runtime libraries; and a variety of compilers and IDEs, including Borland Turbo C++, Borland C++ Builder, Clang, CodeWarrior Pro, GCC, Intel C++ Compiler (ICC), Microsoft Visual C/C++, and Sun Studio.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

Application Layer Transport Security (ALTS) is a Google-developed authentication and transport encryption system used for securing Remote Procedure Call (RPC) within Google machines. Google started its development in 2007, as a tailored modification of TLS.

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret level, while the NSA plans for a transition to quantum-resistant cryptography.

References

1 2 3 "Suite B Cryptography". National Security Agency . Archived from the original on 2015-08-15. Retrieved 2015-08-16.
↑ Housley, Russ; Zieglar, Lydia (July 2018). "RFC 8423: Reclassification of Suite B Documents to Historic Status". IETF.
↑ Gardner, W. David (11 February 2009). "BlackBerry Maker Acquires Certicom For $106 Million". Information Week .
↑ "CNSSP-15 National Information Assurance Policy on the Use of Public Standards for the Secure Sharing of Information Among National Security Systems". Committee on National Security Systems .
↑ Langley, Adam (2018-12-12). "CECPQ2". Imperial Violet Blog.
↑ "Commercial National Security Algorithm Suite". National Security Agency. 2015-08-19. Retrieved 2019-05-25.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[nsa-suite-b-1] 1 2 3 "Suite B Cryptography". National Security Agency . Archived from the original on 2015-08-15. Retrieved 2015-08-16.

[rfc8423-2] Housley, Russ; Zieglar, Lydia (July 2018). "RFC 8423: Reclassification of Suite B Documents to Historic Status". IETF.

[blackberry-acquires-certicom-3] Gardner, W. David (11 February 2009). "BlackBerry Maker Acquires Certicom For $106 Million". Information Week .

[cnss-infosec-aes256-4] "CNSSP-15 National Information Assurance Policy on the Use of Public Standards for the Secure Sharing of Information Among National Security Systems". Committee on National Security Systems .

[5] Langley, Adam (2018-12-12). "CECPQ2". Imperial Violet Blog.

[cnsa1-6] "Commercial National Security Algorithm Suite". National Security Agency. 2015-08-19. Retrieved 2019-05-25.

[1]

[2]

[3]

[4]

[5]

[6]