Commercial National Security Algorithm Suite

{{Short description|Set of cryptographic algorithms by the NSA}}

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret level, while the NSA plans for a transition to quantum-resistant cryptography.{{Cite web|url=https://www.johndcook.com/blog/2019/05/23/nsa-recommendations/|title=NSA recommendations {{!}} algorithms to use until PQC|last=Cook|first=John|date=2019-05-23|website=www.johndcook.com|access-date=2020-02-28}}{{Cite web|url=https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF|archive-url=https://web.archive.org/web/20220908002358/https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF|url-status=dead|archive-date=September 8, 2022|title=Announcing the Commercial National Security Algorithm Suite 2.0|date=2022-09-07|website=media.defense.gov|language=en|access-date=2024-06-10}}{{cite web|url=https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf|title=CNSA Suite and Quantum Computing FAQ|website=cryptome.org|date=January 2016|access-date=24 July 2023}}{{Cite web|url=https://www.cnss.gov/CNSS/issuances/Memoranda.cfm|title=Use of public standards for the secure sharing of information among national security systems, Advisory Memorandum 02-15 CNSS Advisory Memorandum Information Assurance 02-15|date=2015-07-31|website=Committee on National Security Systems|url-status=dead|archive-url=https://web.archive.org/web/20200228180443/https://www.cnss.gov/CNSS/issuances/Memoranda.cfm|archive-date=2020-02-28|access-date=2020-02-28}}{{Cite web|url=https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm|title=Commercial National Security Algorithm Suite|date=19 August 2015|website=apps.nsa.gov|archive-url=https://web.archive.org/web/20220218193742/https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm|archive-date=2022-02-18|language=en|access-date=2020-02-28}}{{Cite journal|url=https://tools.ietf.org/html/rfc8423|title=RFC 8423 - Reclassification of Suite B Documents to Historic Status|date=July 2018|website=tools.ietf.org|language=en|access-date=2020-02-28 |last1=Housley |first1=Russ |last2=Zieglar |first2=Lydia }}

File:CNSA 2p0 timeline.png

The 1.0 suite included:

• Advanced Encryption Standard with 256 bit keys
• Elliptic-curve Diffie–Hellman and Elliptic Curve Digital Signature Algorithm with curve P-384
• SHA-2 with 384 bits, Diffie–Hellman key exchange with a minimum 3072-bit modulus, and
• RSA with a minimum modulus size of 3072.

The CNSA transition is notable for moving RSA from a temporary legacy status, as it appeared in Suite B, to supported status. It also did not include the Digital Signature Algorithm. This, and the overall delivery and timing of the announcement, in the absence of post-quantum standards, raised considerable speculation about whether NSA had found weaknesses e.g. in elliptic-curve algorithms or others, or was trying to distance itself from an exclusive focus on ECC for non-technical reasons.{{Cite web|url=https://pomcor.com/2016/02/09/nsas-faqs-demystify-the-demise-of-suite-b-but-fail-to-explain-one-important-detail/|title=NSA's FAQs Demystify the Demise of Suite B, but Fail to Explain One Important Detail – Pomcor|date=9 February 2016 |language=en-US|access-date=2020-02-28}}{{Cite web|url=https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/|title=A riddle wrapped in a curve|date=2015-10-22|website=A Few Thoughts on Cryptographic Engineering|language=en|access-date=2020-02-28}}{{Cite journal|last1=Koblitz|first1=Neal|last2=Menezes|first2=Alfred J.|date=2018-05-19|title=A Riddle Wrapped in an Enigma|url=https://eprint.iacr.org/2015/1018|journal=Cryptology ePrint Archive}}