NSA Suite B
Encyclopedia
Suite B is a set of cryptographic algorithms promulgated by the National Security Agency
as part of its Cryptographic Modernization Program
. It is to serve as an interoperable cryptographic base for both unclassified information and most classified information
. Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is intended for highly sensitive communication and critical authentication systems.
Suite B's components are:
Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.
Certicom Corporation of Ontario
Canada
holds some elliptic curve patents
, which have been licensed by NSA for U.S. government use. These include patents on ECMQV, but ECMQV has been dropped from Suite B. AES and SHA had been previously released and have no patent restrictions.
In December 2006, NSA submitted an Internet Draft on implementing Suite B as part of IPsec
. This draft has been accepted for publication by IETF as RFC 4869.
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
as part of its Cryptographic Modernization Program
Cryptographic Modernization Program
The Cryptographic Modernization Program is a Department of Defense directed, NSA Information Assurance Directorate led effort to transform and modernize Information Assurance capabilities for the 21st century...
. It is to serve as an interoperable cryptographic base for both unclassified information and most classified information
Classified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
. Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is intended for highly sensitive communication and critical authentication systems.
Suite B's components are:
- Advanced Encryption StandardAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
(AES) with key sizes of 128 and 256 bits. For traffic, AES should be used with the Galois/Counter ModeGalois/Counter ModeGalois/Counter Mode is a mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance...
(GCM) mode of operation (see Block cipher modes of operationBlock cipher modes of operationIn cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
) — symmetric encryption - Elliptic Curve Digital Signature Algorithm (ECDSA) — digital signatureDigital signatureA digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
s - Elliptic Curve Diffie–Hellman (ECDH) — key agreement
- Secure Hash Algorithm 2SHA-2In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
(SHA-256 and SHA-384) — message digest
Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.
Certicom Corporation of Ontario
Ontario
Ontario is a province of Canada, located in east-central Canada. It is Canada's most populous province and second largest in total area. It is home to the nation's most populous city, Toronto, and the nation's capital, Ottawa....
Canada
Canada
Canada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...
holds some elliptic curve patents
ECC patents
Patent-related uncertainty around elliptic curve cryptography , or ECC patents, is one of the main factors limiting its wide acceptance. For example, the OpenSSL team accepted an ECC patch only in 2005 , despite the fact that it was submitted in 2002.According to Bruce Schneier as of May 31, 2007,...
, which have been licensed by NSA for U.S. government use. These include patents on ECMQV, but ECMQV has been dropped from Suite B. AES and SHA had been previously released and have no patent restrictions.
In December 2006, NSA submitted an Internet Draft on implementing Suite B as part of IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
. This draft has been accepted for publication by IETF as RFC 4869.