[Cryptography] NSA’s FAQs Demystify the Demise of Suite B

ianG iang at iang.org
Mon Feb 15 20:19:15 EST 2016 

On 11/02/2016 15:38 pm, Francisco Corella wrote:
> Last summer NSA abruptly replaced "Suite B" with a "CNSA Suite",
> saying that "the growth of elliptic curve use has bumped up against
> the fact of continued progress in the research on quantum computing,
> which has made it clear that elliptic curve cryptography is not the
> long term solution many once hoped it would be."  This gave rise to
> much speculation on possible motives for the switch.  In January, NSA
> published a long list of FAQs that discussed those motives in detail,
> and called for an effort to standardize quantum-resistant
> cryptographic algorithms.  Earlier this month, NIST published a Report
> on Post-Quantum Cryptography that announces such a standardization
> effort.


A careful reading will suggest two things.  Firstly, the NSA is now 
removing choice where it can - one only curve, one only SHA, one only 
AES.  It's also looking askance at RSA/DH family, and askance at numbers 
other than 3072.

Why?  Interoperability.  Which means, in the NSA's assessment, the 
ability for more people to connect over the same cryptostuff delivers 
more security than the fantasy benefit of encouraging people to play 
their security like they study for their multiple choice exams for a 
SANS G-thing.

(my words, not theirs :)

Next - NSA are planning a replacement for this CNSA.  It's an interim 
minimised suite to deliver just enough oopmh to get the NSA into a 
clearer information frame than today.  I'll go out on a limb and say 
they're planning to mandate a new suite in 7 years time, which is about 
the right balance between the deployment cost of now, and the 20 year 
survivability they announce in the document.

These two developments are as it should be:  remove choice as much as 
possible from the users.  The NSA are the experts in what a suite should 
look like, none of their users knows better (by law, as it happens).

And, plan to replace the entire bloody suite in about 7 years, because 
that's the time required for our knowledge to tip from good through 
rusty to out-of-date.



iang

More information about the cryptography mailing list