Commercial National Security Algorithm Suite Explained

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret level, while the NSA plans for a transition to quantum-resistant cryptography.[1] [2] [3] [4] [5] [6]

The suite includes:

The CNSA transition is notable for moving RSA from a temporary legacy status, as it appeared in Suite B, to supported status. It also did not include the Digital Signature Algorithm. This, and the overall delivery and timing of the announcement, in the absence of post-quantum standards, raised considerable speculation about whether NSA had found weaknesses e.g. in elliptic-curve algorithms or others, or was trying to distance itself from an exclusive focus on ECC for non-technical reasons.[7] [8] [9]

In September 2022, the NSA announced CNSA 2.0, which includes its first recommendations for post-quantum cryptographic algorithms.[10]

CNSA 2.0 includes:

Note that compared to CNSA 1.0, CNSA 2.0:

The CNSA 2.0 and CNSA 1.0 algorithms, detailed functions descriptions, specifications, and parameters are below:[11]

CNSA 2.0

AlgorithmFunctionSpecificationParameters
Advanced Encryption Standard (AES)Symmetric block cipher for information protectionFIPS PUB 197Use 256-bit keys for all classification levels.
CRYSTALS-KyberAsymmetric algorithm for key establishmentTBDUse Level V parameters for all classification levels.
CRYSTALS-DilithiumAsymmetric algorithm for digital signaturesTBDUse Level V parameters for all classification levels.
Secure Hash Algorithm (SHA)Algorithm for computing a condensed representation of informationFIPS PUB 180-4Use SHA-384 or SHA-512 for all classification levels.
Leighton-Micali Signature (LMS)Asymmetric algorithm for digitally signing firmware and softwareNIST SP 800-208All parameters approved for all classification levels. SHA256/192 recommended.
Xtended Merkle Signature Scheme (XMSS)Asymmetric algorithm for digitally signing firmware and softwareNIST SP 800-208All parameters approved for all classification levels.

CNSA 1.0

AlgorithmFunctionSpecificationParameters
Advanced Encryption Standard (AES)Symmetric block cipher for information protectionFIPS PUB 197Use 256-bit keys for all classification levels.
Elliptic Curve Diffie-Hellman (ECDH) Key ExchangeAsymmetric algorithm for key establishmentNIST SP 800-56AUse Curve P-384 for all classification levels.
Elliptic Curve Digital Signature Algorithm (ECDSA)Asymmetric algorithm for digital signaturesFIPS PUB 186-4Use Curve P-384 for all classification levels.
Secure Hash Algorithm (SHA)Algorithm for computing a condensed representation of informationFIPS PUB 180-4Use SHA-384 for all classification levels.
Diffie-Hellman (DH) Key ExchangeAsymmetric algorithm for key establishmentIETF RFC 3526Minimum 3072-bit modulus for all classification levels
[Rivest-Shamir-Adleman] RSAAsymmetric algorithm for key establishmentFIPS SP 800-56BMinimum 3072-bit modulus for all classification levels
[Rivest-Shamir-Adleman] RSAAsymmetric algorithm for digital signaturesFIPS PUB 186-4Minimum 3072-bit modulus for all classification levels

Notes and References

  1. Web site: NSA recommendations algorithms to use until PQC. Cook. John. 2019-05-23. www.johndcook.com. 2020-02-28.
  2. Web site: Announcing the Commercial National Security Algorithm Suite 2.0. 2022-09-07. media.defense.gov. en. 2024-06-10.
  3. Web site: CNSA Suite and Quantum Computing FAQ. cryptome.org. January 2016. 24 July 2023.
  4. Web site: Use of public standards for the secure sharing of information among national security systems, Advisory Memorandum 02-15 CNSS Advisory Memorandum Information Assurance 02-15. 2015-07-31. Committee on National Security Systems. dead. https://web.archive.org/web/20200228180443/https://www.cnss.gov/CNSS/issuances/Memoranda.cfm. 2020-02-28. 2020-02-28.
  5. Web site: Commercial National Security Algorithm Suite. 19 August 2015. apps.nsa.gov. https://web.archive.org/web/20220218193742/https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm. 2022-02-18. en. 2020-02-28.
  6. RFC 8423 - Reclassification of Suite B Documents to Historic Status. July 2018. tools.ietf.org. en. 2020-02-28 . Housley . Russ . Zieglar . Lydia .
  7. Web site: NSA's FAQs Demystify the Demise of Suite B, but Fail to Explain One Important Detail – Pomcor. 9 February 2016 . en-US. 2020-02-28.
  8. Web site: A riddle wrapped in a curve. 2015-10-22. A Few Thoughts on Cryptographic Engineering. en. 2020-02-28.
  9. Koblitz. Neal. Menezes. Alfred J.. 2018-05-19. A Riddle Wrapped in an Enigma. Cryptology ePrint Archive.
  10. Web site: Post-Quantum Cybersecurity Resources . 2023-03-03 . www.nsa.gov.
  11. Web site: Announcing the Commercial National Security Algorithm Suite 2.0, U/OO/194427-22, PP-22-1338, Ver. 1.0 . September 2022 . National Security Agency. media.defense.gov. 2024-04-14. Table IV: CNSA 2.0 algorithms, p. 9.; Table V: CNSA 1.0 algorithms, p. 10..