NSA cryptography
From Wikipedia, the free encyclopedia
 |
This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (February 2008) |
The vast majority of the National Security Agency's work on encryption is classified, but from time to time NSA participates in standards processes or otherwise publishes information about its cryptographic algorithms. The NSA has categorized encryption items into four product types, and algorithms into two suites. The following is a brief and incomplete summary of public knowledge about NSA algorithms and protocols.
Contents |
[edit] Type 1 Product
- Main article: Type 1 encryption
A Type 1 Product refers to an NSA endorsed classified or controlled cryptographic item for classified or sensitive U.S. government information, including cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed.[1]
| Name | Type | Specification | Use | Equipment (incomplete list) |
|---|---|---|---|---|
| ACCORDIAN (or ACCORDION) | R21-TECH-13-00, "ACCORDIAN 3.0 Specification" (August 2000) | AIM (1999 and 2004 brochures), SafeXcel-3340 | ||
| BATON | Block cipher | Various | PKCS#11, CDSA/CSSM, AIM (1999 and 2004 brochures), Cypris, APCO Project 25, MYK-85, Fortezza Plus, SecNet-11, Sierra, SafeXcel-3340 | |
| BAYLESS | Cypris | |||
| BYTEMAN | Cypris | |||
| CARDIGAN | Cypris | |||
| CARDHOLDER | Satellite uplink command encryption | Cypris, KI-17, U-AYJ Flight Decrypt Chip (Cardholder), Flight Encrypt Chip (Cardholder), MYK-16, CXS-810, CXS-2000, MCU-100, MCU-600 | ||
| CARIBOU | Satellite uplink command encryption | U-TXZ, MYK-15A | ||
| CRAYON | AIM (2004 brochure), Cypris (4 modes) | |||
| FASTHASH | Cryptographic hash function | MISSI Type 1 hash | PKCS #11, CDSA/CSSM | |
| FIREFLY | EKMS public-key cooperative key generation | AIM (2004), SafeXcel-3340 | ||
| GOODSPEED | Sierra II | |||
| HAVE QUICK | Antijam, LPI/LPD airborne voice communication | Cypris | ||
| JACKNIFE | AIM (2004) | |||
| JOSEKI | R21-TECH-0062-92, "JOSEKI-1, A Bootstrap Procedures" (Oct. 1992) (also R21-TECH-13-97, R21-TECH-13-98) | Protection of secret algorithms in firmware | AIM | |
| JUNIPER | Block cipher | PKCS #11, CDSA/CSSM | ||
| KEESEE | AIM (1999 and 2004 brochures), Cypris | |||
| Mark XII IFF | IFF secondary radar | AIM (2004 brochure) | ||
| MAYFLY | Asymmetric-key algorithm | PKCS #11, CDSA/CSSM | ||
| MEDLEY | R21-TECH-30-01, "MEDLEY Implementation Standard" (Nov. 2001) | AIM (2004), SecNet 54, SafeXcel-3340 | ||
| PEGASUS | Satellite telemetry and mission data downlinks | KG-227, KG-228, KI-17, U-BLW Pegasus Space Microcircuit Chip, U-BLX Pegasus Ground Microcircuit Chip, MYK-17, CXS-810, CXS-2000, MCU-100, MCU-600 | ||
| PHALANX | AIM (1999 and 2004 brochures), Cypris (PHALANX I and PHALANX II) | |||
| SAVILLE | Low-bandwidth voice (and sometimes data) encryption | AIM (1999 and 2004 brochures), Cypris (2 modes), Windster (SAVILLE I), VINSON | ||
| VALLOR | TTY broadcasts to submarines | AIM (2004) | ||
| WALBURN | High-bandwidth link encryption | AIM (2004), KG-81/94/194/95 | ||
| PADSTONE | Cypris (2 modes), Windster, Indictor | |||
| WEASEL | SafeXcel-3340 |
[edit] Type 2 Product
- Main article: Type 2 encryption
A Type 2 Product refers to an NSA endorsed unclassified cryptographic equipment, assemblies or components for sensitive but unclassified U.S. government information.
| Name | Type | Specification | Use | Equipment (incomplete list) |
|---|---|---|---|---|
| CORDOBA | Cypris, Windster, Indictor | |||
| KEA | Asymmetric-key algorithm | R21-Tech-23-94, "Key Exchange Algorithm (KEA)" | Key exchange and digital signature algorithm for Fortezza, etc. | Fortezza, Fortezza Plus, Palladium Secure Modem |
| SKIPJACK | Block cipher | R21-Tech-044-91, "SKIPJACK" | Confidentiality algorithm for Fortezza, etc. | Fortezza, Fortezza Plus, Palladium Secure Modem |
[edit] Type 3 Product
- Main article: Type 3 encryption
Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. A Type 3 Algorithm refers to NIST endorsed algorithms, registered and FIPS published, for sensitive but unclassified U.S. government and commercial information.
| Name | Type | Specification | Use | Equipment (incomplete list) |
|---|---|---|---|---|
| Data Encryption Standard | Block cipher | FIPS 46-3 | Ubiquitous | Ubiquitous |
| Digital Signature Algorithm | Digital signature system | FIPS 186 | Numerous | Numerous |
| SHA family | Cryptographic hash function | FIPS 180-2 | Ubiquitous | Ubiquitous |
[edit] Type 4 Product
- Main article: Type 4 encryption
A Type 4 Algorithm refers to algorithms that are registered by the NIST but are not FIPS published. Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage.
[edit] Algorithm Suites
[edit] Suite A
A set of NSA unpublished algorithms intended for highly sensitive communication and critical authentication systems.
[edit] Suite B
A set of NSA endorsed cryptographic algorithms for use as an interoperable cryptographic base for both unclassified information and most classified information. Suite B was announced on 16 February 2005.
[edit] See also
- Type 1 encryption
- Type 2 encryption
- Type 3 algorithm
- Type 4 algorithm
- Suite A
- Suite B
- NSA encryption algorithms
- NSA encryption systems
[edit] References
- ^ "National Information Assurance Glossary"; CNSS Instruction No. 4009 National Information Assurance Glossary
