Difference between revisions of "Suite B"

Revision as of 10:38, 2 October 2022

From Francisco Corella <fcorella@pomcor.com> email of 2016-02-12

Last summer NSA abruptly replaced "Suite B" with a "CNSA Suite", saying that "the growth of elliptic curve use has bumped up against the fact of continued progress in the research on Quantum Computing Threat, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be." This gave rise to much speculation on possible motives for the switch. In January, NSA published a long list of FAQs that discussed those motives in detail, and called for an effort to standardize quantum-resistant cryptographic algorithms. Earlier this month, NIST published a Report on Post-Quantum Cryptography that announces such a standardization effort.

I have written a blog post summarizing last summer's announcement and the FAQs, with links to all the documents.

The FAQs make sense, but do not explain one detail: why DSA has been omitted from the CNSA Suite. In the blog post I argue that DSA is being dropped at the wrong time. Another omission in the CNSA Suite is the requirement to provide forward secrecy in key establishment that was present in Suite B. Surprisingly, this comes at a time when forward secrecy is becoming the norm on the web.

Francisco Corella, PhD
Founder & CTO, Pomcor
Phone: +1.619.770.6765
Email: fcorella@pomcor.com
Twitter: @fcorella
Blog: https://pomcor.com/blog/
Web site: https://pomcor.com

References