Commercial National Security Algorithm Suite on:
[Wikipedia]
[Google]
[Amazon]
The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms 
The 1.0 suite included:
*
promulgated
Promulgation is the formal proclamation or the declaration that a new statutory or administrative law is enacted after its final approval. In some jurisdictions, this additional step is necessary before the law can take effect.
After a new law i ...
by the National Security Agency
The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
as a replacement for NSA Suite B Cryptography
NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified informat ...
algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret
Classified information is confidential material that a government deems to be sensitive information which must be protected from unauthorized disclosure that requires special handling and dissemination controls. Access is restricted by law or ...
level, while the NSA plans for a transition to quantum-resistant cryptography.
The 1.0 suite included:
* Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
with 256 bit keys
* Elliptic-curve Diffie–Hellman
Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an Elliptic curve, elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be di ...
and Elliptic Curve Digital Signature Algorithm
In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography.
Key and signature sizes
As with elliptic-curve cryptography in general, the ...
with curve P-384
* SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
with 384 bits, Diffie–Hellman key exchange
Diffie–Hellman (DH) key exchangeSynonyms of Diffie–Hellman key exchange include:
* Diffie–Hellman–Merkle key exchange
* Diffie–Hellman key agreement
* Diffie–Hellman key establishment
* Diffie–Hellman key negotiation
* Exponential ke ...
with a minimum 3072-bit modulus, and
* RSA with a minimum modulus size of 3072.
The CNSA transition is notable for moving RSA from a temporary ''legacy'' status, as it appeared in Suite B, to ''supported'' status. It also did not include the Digital Signature Algorithm
The Digital Signature Algorithm (DSA) is a Public-key cryptography, public-key cryptosystem and Federal Information Processing Standards, Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular e ...
. This, and the overall delivery and timing of the announcement, in the absence of post-quantum standards, raised considerable speculation about whether NSA had found weaknesses e.g. in elliptic-curve algorithms or others, or was trying to distance itself from an exclusive focus on ECC for non-technical reasons.
Version 2.0 Announcement
In September 2022, the NSA announced CNSA 2.0, which includes its first recommendations for post-quantum cryptographic algorithms. CNSA 2.0 includes: *Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
with 256 bit keys
* Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM aka CRYSTALS-Kyber) with parameter set ML-KEM-1024
* Module-Lattice-Based Digital Signature Standard (ML-DSA aka CRYSTALS-Dilithium) with parameter set ML-DSA-87
* SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
with 384 or 512 bits
* eXtended Merkle Signature Scheme
Extension, extend or extended may refer to:
Mathematics
Logic or set theory
* Axiom of extensionality
* Extensible cardinal
* Extension (model theory)
* Extension (proof theory)
* Extension (predicate logic), the set of tuples of values that ...
(XMSS) and Leighton-Micali Signatures (LMS) with all parameters approved, with SHA256/192 recommended
Note that compared to CNSA 1.0, CNSA 2.0:
* Suggests separate post-quantum algorithms (XMSS/LMS) for software/firmware signing for use immediately
* Allows SHA-512
* Announced the selection of CRYSTALS-Kyber and CRYSTALS-Dilithium early, with the expectation that they will be mandated only when the final standards and FIPS-validated implementations are released.
** RSA, Diffie-Hellman, and elliptic curve cryptography will be deprecated at that time.
The CNSA 2.0 and CNSA 1.0 algorithms, detailed functions descriptions, specifications, and parameters are below:
CNSA 2.0
CNSA 1.0
References
Cryptography standards National Security Agency cryptography Standards of the United States {{Crypto-stub