NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.

Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is "used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI)."

! rowspan="2" | Purpose

! rowspan="2" | Algorithm

! rowspan="2" | Standard

! colspan="2" | Parameter Length

! rowspan=2 | Notes

|-

! Secret || Top-Secret

|-

| Symmetric encryption || AES || FIPS 197 || 128 || 256 || For traffic flow, AES should be used with either the Counter Mode (CTR) for low bandwidth traffic or the Galois/Counter Mode (GCM) mode of operation for high bandwidth traffic (see Block cipher modes of operation).

|-

|Digital Signature||Elliptic Curve Digital Signature Algorithm (ECDSA) || FIPS 186-2 || 256 || 384 || Curves P-256 and P-384, the latter providing 192-bit security.

|-

|Key agreement||Elliptic-curve Diffie–Hellman (ECDH) || NIST SP 800-56A || 256 || 384 || Same as above.

|-

|Message digest||SHA-2 || FIPS 180-3 || 256 || 384

|}

In addition, "[d]uring the transition to the use of elliptic curve cryptography in ECDH and ECDSA, DH, DSA and RSA can be used with a 2048-bit modulus to protect classified information up to the SECRET level."

History

In December 2006, NSA submitted an Internet Draft on implementing Suite B as part of IPsec. This draft had been accepted for publication by IETF as RFC 4869, later made obsolete by RFC 6379.

Certicom Corporation of Ontario, Canada, which was purchased by BlackBerry Limited in 2009,

Commercial National Security Algorithm Suite

The Suite B algorithms have been replaced by Commercial National Security Algorithm (CNSA) Suite algorithms in 2015.

See also

  • NSA cryptography

References

General information

  • , Suite B Certificate and Certificate Revocation List (CRL) Profile
  • , Suite B Cryptographic Suites for Secure Shell (SSH)
  • , Suite B Cryptographic Suites for IPsec
  • , Suite B Profile for Transport Layer Security (TLS)