daigsal waklea zakaree

0 views

Skip to first unread message

Do Kieu

unread,

Aug 4, 2024, 5:13:36 AM8/4/24

to coicontucor

CNSA 2.0: The Future of Quantum-Resistant Cryptography for National Security Systems

The National Security Agency (NSA) has recently released the "Commercial National Security Algorithm Suite 2.0" (CNSA 2.0) Cybersecurity Advisory (CSA) to inform the owners, operators and vendors of National Security Systems (NSS) about the upcoming requirements for quantum-resistant (QR) algorithms for NSS[^1^]. NSS are networks that contain classified information or are otherwise critical to military and intelligence activities. A quantum-resistant algorithm is one that is secure against attacks by quantum computers, which could potentially break the current public-key systems that are widely used today.

The CNSA 2.0 algorithms are an update to the CNSA 1.0 algorithms that were released in 2016 and are currently required for NSS[^2^]. The CNSA 2.0 algorithms have been selected based on the National Institute of Standards and Technology's (NIST) recently announced selections for standardization for quantum-resistant cryptography, but there are neither final standards nor FIPS-validated implementations available yet. Therefore, NSA urges NSS owners and operators to pay attention to NIST selections and to the future requirements outlined in CNSA 2.0, while CNSA 1.0 compliance continues to be required in the interim.

The transition to quantum-resistant technology in the most critical systems will require collaboration between government, NSS owners and operators, and industry. NSA plans to support NIST and other external standards bodies in developing standards for quantum-resistant cryptography. NSA also plans to be transparent about NSS transition requirements and provide a transition period for NSS owners and operators to implement the new algorithms when they become available.

The CNSA 2.0 CSA is accompanied by a cybersecurity information sheet (CSI), "The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ", which provides more details and answers some common questions about the topic[^3^].

Public-key systems are based on mathematical problems that are easy to solve in one direction but hard to solve in the reverse direction. For example, it is easy to multiply two large prime numbers, but hard to factorize a large number into its prime factors. However, quantum computers can use a special algorithm called Shor's algorithm to efficiently factorize large numbers and break the security of public-key systems such as RSA and Diffie-Hellman.

Quantum-resistant algorithms are based on different mathematical problems that are believed to be hard for both classical and quantum computers. For example, some quantum-resistant algorithms are based on lattice problems, which involve finding short vectors in high-dimensional spaces. Quantum-resistant algorithms can provide the same level of security as current public-key systems, but with larger key sizes and longer computation times.

The CNSA 1.0 algorithms include AES-256 for symmetric encryption, ECDH and ECDSA with curve P-384 for key exchange and digital signatures, and SHA-384 for hashing. The CNSA 2.0 algorithms include AES-256 for symmetric encryption, SIKEp751 for key exchange, Falcon-1024 for digital signatures, and SHA3-384 for hashing. The CNSA 2.0 algorithms are expected to provide sufficient security against both classical and quantum attacks for the foreseeable future.