Suite B

Suite B was a set of cryptographic algorithms and standards mandated by the National Security Agency for protecting classified and unclassified national security systems and information. Announced in 2005, it represented a shift from the secret, proprietary algorithms of Suite A to publicly vetted, commercial standards, aiming to ensure robust security through algorithm interoperability. The suite was designed to provide both confidentiality and authentication for data at rest and in transit, supporting a wide range of security applications across the U.S. Department of Defense and other government agencies.

Overview

The development of Suite B was driven by the need for a unified, strong, and publicly scrutinized cryptographic standard for U.S. national security systems. It was formally introduced via the CNSS Policy 15 and later detailed in NIST Special Publication 800-56 and RFC 4869. The suite specifically targeted the protection of information classified up to TOP SECRET, leveraging the security of elliptic curve cryptography for efficient, strong protection with smaller key sizes compared to traditional RSA (cryptosystem) systems. This move aligned with broader initiatives within the Intelligence Community to adopt commercial standards, fostering interoperability with industry and allied partners such as those in NATO.

Cryptographic algorithms

Suite B specified a coherent set of algorithms for encryption, digital signature, key agreement, and hash function operations. For encryption and authenticated encryption, the Advanced Encryption Standard with Galois/Counter Mode was mandated, using key sizes of 128 or 256 bits. Digital signatures and key agreement were to be performed using the Elliptic Curve Digital Signature Algorithm and the Elliptic-curve Diffie–Hellman protocol, respectively, based on curves defined in the NIST FIPS 186-2 standard. The required cryptographic hash function was Secure Hash Algorithm 2, with output lengths of 256 or 384 bits, providing the foundation for message authentication codes and integrity verification.

Adoption and usage

Adoption of Suite B was directed across the U.S. federal government, particularly within systems operated by the Department of Defense, the Department of Homeland Security, and the Department of State. Major contractors like Raytheon and Lockheed Martin integrated its requirements into secure communication products. The standards saw implementation in various Internet Protocol Suite security protocols, including IPsec and Transport Layer Security, as outlined in documents from the Internet Engineering Task Force. International bodies, including the Canadian Centre for Cyber Security, also referenced Suite B for guiding their own secure communications frameworks, promoting a degree of standardization among Five Eyes allies.

Transition and deprecation

The deprecation of Suite B began in 2015, prompted by evolving cryptographic threats, particularly concerns regarding quantum computing and advances in cryptanalysis. The National Security Agency announced a transition to quantum-resistant algorithms, initiating the development of the Commercial National Security Algorithm Suite. This new framework, detailed in CNSS Advisory Memorandum 02-15, called for the phased replacement of Suite B's elliptic curve cryptography components. The transition period involved continued use of Suite B's Advanced Encryption Standard while accelerating post-quantum cryptography research through competitions like the NIST Post-Quantum Cryptography Standardization project, fundamentally shifting the U.S. government's cryptographic strategy.

See also

* Suite A * Commercial National Security Algorithm Suite * NSA encryption systems * NIST FIPS 140-2 * Cryptographic algorithm validation program

Category:Cryptography standards Category:National Security Agency Category:Computer security