[Cryptography] NSA’s FAQs Demystify the Demise of Suite B

[Francisco Corella]

Last summer NSA abruptly replaced "Suite B" with a "CNSA Suite",
saying that "the growth of elliptic curve use has bumped up against
the fact of continued progress in the research on quantum computing,
which has made it clear that elliptic curve cryptography is not the
long term solution many once hoped it would be."  This gave rise to
much speculation on possible motives for the switch.  In January, NSA
published a long list of FAQs that discussed those motives in detail,
and called for an effort to standardize quantum-resistant
cryptographic algorithms.  Earlier this month, NIST published a Report
on Post-Quantum Cryptography that announces such a standardization
effort.

I have written a blog post summarizing last summer's announcement and
the FAQs, with links to all the documents:
https://pomcor.com/2016/02/09/nsas-faqs-demystify-the-demise-of-suite-b-but-fail-to-explain-one-important-detail/

The FAQs make sense, but do not explain one detail: why DSA has been
omitted from the CNSA Suite.  In the blog post I argue that DSA is
being dropped at the wrong time.  Another omission in the CNSA Suite
is the requirement to provide forward secrecy in key establishment
that was present in Suite B.  Surprisingly, this comes at a time when
forward secrecy is becoming the norm on the web.

Francisco