• Source: Commercial National Security Algorithm Suite

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret level, while the NSA plans for a transition to quantum-resistant cryptography.

The suite includes:

Advanced Encryption Standard with 256 bit keys
Elliptic-curve Diffie–Hellman and Elliptic Curve Digital Signature Algorithm with curve P-384
SHA-2 with 384 bits, Diffie–Hellman key exchange with a minimum 3072-bit modulus, and
RSA with a minimum modulus size of 3072.
The CNSA transition is notable for moving RSA from a temporary legacy status, as it appeared in Suite B, to supported status. It also did not include the Digital Signature Algorithm. This, and the overall delivery and timing of the announcement, in the absence of post-quantum standards, raised considerable speculation about whether NSA had found weaknesses e.g. in elliptic-curve algorithms or others, or was trying to distance itself from an exclusive focus on ECC for non-technical reasons.
In September 2022, the NSA announced CNSA 2.0, which includes its first recommendations for post-quantum cryptographic algorithms.
CNSA 2.0 includes:

Advanced Encryption Standard with 256 bit keys
Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM aka CRYSTALS-Kyber) with parameter set ML-KEM-1024
Module-Lattice-Based Digital Signature Standard (ML-DSA aka CRYSTALS-Dilithium) with parameter set ML-DSA-87
SHA-2 with 384 or 512 bits
eXtended Merkle Signature Scheme (XMSS) and Leighton-Micali Signatures (LMS) with all parameters approved, with SHA256/192 recommended
Note that compared to CNSA 1.0, CNSA 2.0:

Suggests separate post-quantum algorithms (XMSS/LMS) for software/firmware signing for use immediately
Allows SHA-512
Announced the selection of CRYSTALS-Kyber and CRYSTALS-Dilithium early, with the expectation that they will be mandated only when the final standards and FIPS-validated implementations are released.
RSA, Diffie-Hellman, and elliptic curve cryptography will be deprecated at that time.
The CNSA 2.0 and CNSA 1.0 algorithms, detailed functions descriptions, specifications, and parameters are below:
CNSA 2.0

CNSA 1.0




References

Kata Kunci Pencarian:

• Kriptografi kurva eliptis
• Commercial National Security Algorithm Suite
• NSA Suite B Cryptography
• Key size
• NSA cryptography
• P-384
• Elliptic-curve cryptography
• NSA Suite A Cryptography
• CNSA (disambiguation)
• NSA product types
• IPsec