Commercial National Security Algorithm Suite: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 18:27, 17 June 2024 edit Lolpro11 (talk \| contribs) 38 edits m Update URL to newer standard Tag: Visual edit ← Previous edit		Latest revision as of 20:05, 23 June 2025 edit undo WikiCleanerBot (talk \| contribs) Bots 1,007,735 edits m v2.05b - Bot T19 CW#83 - Fix errors for CW project (Heading start with three "=" and later with level two) Tag: WPCleaner
(6 intermediate revisions by 6 users not shown)
Line 1: {{Short description\|Set of cryptographic algorithms by the NSA}} The '''Commercial National Security Algorithm Suite''' ('''CNSA''') is a set of cryptographic algorithms [[Promulgation\|promulgated]] by the [[National Security Agency]] as a replacement for [[NSA Suite B Cryptography]] algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the [[Classified information#Top_Secret_(TS)\|top secret]] level, while the NSA plans for a transition to [[quantum-resistant cryptography]].<ref>{{Cite web\|url=https://www.johndcook.com/blog/2019/05/23/nsa-recommendations/\|title=NSA recommendations {{!}} algorithms to use until PQC\|last=Cook\|first=John\|date=2019-05-23\|website=www.johndcook.com\|access-date=2020-02-28}}</ref><ref name=":0">{{Cite web\|url=https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF\|archive-url=https://web.archive.org/web/20220908002358/https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF\|url-status=dead\|archive-date=September 8, 2022\|title=Announcing the Commercial National Security Algorithm Suite 2.0\|date=2022-09-07\|website=media.defense.gov\|language=en\|access-date=2024-06-10}}</ref><ref>{{cite web\|url=https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf\|title=CNSA Suite and Quantum Computing FAQ\|website=cryptome.org\|date=January 2016\|access-date=24 July 2023}}</ref><ref>{{Cite web\|url=https://www.cnss.gov/CNSS/issuances/Memoranda.cfm\|title=Use of public standards for the secure sharing of information among national security systems, Advisory Memorandum 02-15 CNSS Advisory Memorandum Information Assurance 02-15\|date=2015-07-31\|website=Committee on National Security Systems\|url-status=dead\|archive-url=https://web.archive.org/web/20200228180443/https://www.cnss.gov/CNSS/issuances/Memoranda.cfm\|archive-date=2020-02-28\|access-date=2020-02-28}}</ref><ref>{{Cite web\|url=https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm\|title=Commercial National Security Algorithm Suite\|date=19 August 2015\|website=apps.nsa.gov\|archive-url=https://web.archive.org/web/20220218193742/https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm\|archive-date=2022-02-18\|language=en\|access-date=2020-02-28}}</ref><ref>{{Cite journal\|url=https://tools.ietf.org/html/rfc8423\|title=RFC 8423 - Reclassification of Suite B Documents to Historic Status\|date=July 2018\|website=tools.ietf.org\|language=en\|access-date=2020-02-28 \|last1=Housley \|first1=Russ \|last2=Zieglar \|first2=Lydia }}</ref> [[File:CNSA 2p0 timeline.png\|thumb\|Timeline for the transition to CNSA 2.0]] The 1.0 suite ~~includes~~included: * [[Advanced Encryption Standard]] with 256 bit keys Line 13: The CNSA transition is notable for moving [[RSA (cryptosystem)\|RSA]] from a temporary ''legacy'' status, as it appeared in Suite B, to ''supported'' status. It also did not include the [[Digital Signature Algorithm]]. This, and the overall delivery and timing of the announcement, in the absence of post-quantum standards, raised considerable speculation about whether NSA had found weaknesses e.g. in elliptic-curve algorithms or others, or was trying to distance itself from an exclusive focus on ECC for non-technical reasons.<ref>{{Cite web\|url=https://pomcor.com/2016/02/09/nsas-faqs-demystify-the-demise-of-suite-b-but-fail-to-explain-one-important-detail/\|title=NSA's FAQs Demystify the Demise of Suite B, but Fail to Explain One Important Detail – Pomcor\|date=9 February 2016 \|language=en-US\|access-date=2020-02-28}}</ref><ref>{{Cite web\|url=https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/\|title=A riddle wrapped in a curve\|date=2015-10-22\|website=A Few Thoughts on Cryptographic Engineering\|language=en\|access-date=2020-02-28}}</ref><ref>{{Cite journal\|last1=Koblitz\|first1=Neal\|last2=Menezes\|first2=Alfred J.\|date=2018-05-19\|title=A Riddle Wrapped in an Enigma\|url=https://eprint.iacr.org/2015/1018\|journal=Cryptology ePrint Archive}}</ref> == Version 2.0 Announcement == In September 2022, the NSA announced CNSA 2.0, which includes its first recommendations for post-quantum cryptographic algorithms.<ref>{{Cite web \|title=Post-Quantum Cybersecurity Resources \|url=https://www.nsa.gov/Cybersecurity/Post-Quantum-Cybersecurity-Resources/ \|access-date=2023-03-03 \|website=www.nsa.gov}}</ref> CNSA 2.0 includes:<ref name=":0" />: * [[Advanced Encryption Standard]] with 256 bit keys * [[CRYSTALS-Kyber]]\|Module-Lattice-Based ~~and~~Key-Encapsulation ~~[[Lattice~~Mechanism Standard (ML-~~based~~KEM aka ~~cryptography\|~~CRYSTALS-~~Dilithium~~Kyber)]] with ~~Level~~parameter Vset ~~parameters~~ML-KEM-1024 * [[Lattice-based cryptography\|Module-Lattice-Based Digital Signature Standard (ML-DSA aka CRYSTALS-Dilithium)]] with parameter set ML-DSA-87 * [[SHA-2]] with 384 or 512 bits * [[eXtended Merkle Signature Scheme]] (XMSS) and [[Leighton-Micali Signatures]] (LMS) with all parameters approved, with SHA256/192 recommended Line 28 ⟶ 30: ** RSA, Diffie-Hellman, and elliptic curve cryptography will be deprecated at that time. The CNSA 2.0 and CNSA 1.0 algorithms, detailed functions descriptions, specifications, and parameters are below:<ref name=nsaCNSA>{{cite web\|url=https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF \|archive-url=https://web.archive.org/web/20220908002358/https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF \|url-status=dead \|archive-date=September 8, 2022 \|title=Announcing the Commercial National Security Algorithm Suite 2.0, U/OO/194427-22, PP-22-1338, Ver. 1.0 \|date=September 2022 \|publisher=[[National Security Agency]]\|website=media.defense.gov\|access-date=2024-04-14\|at=Table IV: CNSA 2.0 algorithms, p. 9.; Table V: CNSA 1.0 algorithms, p. 10.}}</ref> '''CNSA 2.0''' Line 43 ⟶ 45: \| Use 256-bit keys for all classification levels. \|- \| Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM aka CRYSTALS-Kyber) ~~\| CRYSTALS-Kyber~~ \| Asymmetric algorithm for key establishment \| [[doi:10.6028/NIST.FIPS.203\|FIPS PUB 203]] ~~\| TBD~~ \| Use ~~Level~~ML-KEM-1024 Vparameter ~~parameters~~set for all classification levels. \|- \| Module-Lattice-Based Digital Signature Standard (aka CRYSTALS-Dilithium) \| Asymmetric algorithm for digital signatures \| [[doi:10.6028/NIST.FIPS.204\|FIPS PUB 204]] ~~\| TBD~~ \| Use ~~Level~~ML-DSA-87 Vparameter ~~parameters~~set for all classification levels. \|- \| Secure Hash Algorithm (SHA) Line 116 ⟶ 118: {{Reflist}} {{Cryptography navbox\|block\|public-key\|hash}} ~~{{Cryptography navbox\|public-key}}~~ [[Category:Cryptography standards]]