NSA Suite B
From Wikipedia, the free encyclopedia
Suite B is a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It is to serve as an interoperable cryptographic base for both unclassified information and most classified information. Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is intended for highly sensitive communication and critical authentication systems.
Suite B's components are:
- Advanced Encryption Standard (AES) with keys sizes of 128 and 256 bits -- symmetric encryption
- Secure Hash Algorithm (SHA-256 and SHA-384) -- message digest
- Elliptic-Curve Menezes-Qu-Vanstone (ECMQV) -- key agreement
- Elliptic-Curve Diffie-Hellman (ECDH) -- key agreement
- Elliptic-Curve Digital Signature Algorithm (ECDSA) -- digital signatures
Elliptic curves over 256-bit prime modulus, SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the secret level. The 384-bit prime modulus elliptic curves, SHA-384, and AES with 256-bit keys are necessary for the protection of top secret information.
Certicom Corporation of Ontario Canada has patents on Elliptic-Curve technology related to some of the Suite B algorithms. The NSA has licensed Certicom's patents for a reported US$25 million. AES and SHA have been previously released and have no patent restrictions.
In December 2006, NSA submitted a draft RFC for implementing Suite B as part of IPsec. This draft has been accepted for publication by IETF (pending assignment of RFC number)
[edit] References
- NSA, Fact Sheet NSA Suite B Cryptography
- NIST, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56, Draft
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
 |
This United States government-related article is a stub. You can help Wikipedia by expanding it. |
