NSA cryptography


The vast majority of the National Security Agency's work on encryption is classified, but from time to time NSA participates in standards processes or otherwise publishes information about its cryptographic algorithms. The NSA has categorized encryption items into four product types, and algorithms into two suites. The following is a brief and incomplete summary of public knowledge about NSA algorithms and protocols.

Type 1 Product

A Type 1 Product refers to an NSA endorsed classified or controlled cryptographic item for classified or sensitive U.S. government information, including cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed.
NameTypeSpecificationUseEquipment
R21-TECH-13-00, " 3.0 Specification" AIM, SafeXcel-3340, PSIAM
AES Block cipherFIPS 197NumerousNumerous
BATONBlock cipherVariousPKCS#11, CDSA/CSSM, AIM, CYPRIS, APCO Project 25, MYK-85, Fortezza Plus, SecNet-11, Sierra, SafeXcel-3340, PSIAM
BAYLESSCYPRIS
BYTEMANCYPRIS
CARDIGANCYPRIS
CARDHOLDERSatellite uplink command encryptionCYPRIS, KI-17, U-AYJ Flight Decrypt Chip, Flight Encrypt Chip, MYK-16, CXS-810, CXS-2000, MCU-100, MCU-600
CARIBOUSatellite uplink command encryptionU-TXZ, MYK-15A
CRAYONAIM, CYPRIS
FASTHASHCryptographic hash functionMISSI Type 1 hashPKCS #11, CDSA/CSSM
FIREFLY / Enhanced FIREFLYEKMS public-key cooperative key generationAIM, SafeXcel-3340, SecNet54, ViaSat KG-25x, PSIAM
GOODSPEEDSierra II
HAVE QUICKAntijam, LPI/LPD airborne voice communicationCYPRIS
JACKNIFEAIM for IFF Mode 5
JOSEKIR21-TECH-0062-92, "JOSEKI-1, A Bootstrap Procedures" Protection of secret algorithms in firmwareAIM, PSIAM
JUNIPERBlock cipherPKCS #11, CDSA/CSSM
KEESEEAIM, CYPRIS, PSIAM
Mark XII IFFIFF secondary radarAIM
MAYFLYAsymmetric-key algorithmPKCS #11, CDSA/CSSM
MEDLEYR21-TECH-30-01, "MEDLEY Implementation Standard" AIM, SecNet 54, SafeXcel-3340, ViaSat KG25x, PSIAM
PEGASUSSatellite telemetry and mission data downlinksKG-227, KG-228, KI-17, U-BLW Pegasus Space Microcircuit Chip, U-BLX Pegasus Ground Microcircuit Chip, MYK-17, CXS-810, CXS-2000, MCU-100, MCU-600
PHALANXAIM, CYPRIS
SAVILLELow-bandwidth voice encryptionAIM, CYPRIS, Windster, VINSON
VALLORTTY broadcasts to submarinesAIM
WALBURNHigh-bandwidth link encryptionAIM, KG-81/94/194/95
PADSTONECYPRIS, Windster, Indictor
WEASELSafeXcel-3340

Type 2 Product

A Type 2 Product refers to an NSA endorsed unclassified cryptographic equipment, assemblies or components for sensitive but unclassified U.S. government information.
NameTypeSpecificationUseEquipment
CORDOBACYPRIS, Windster, Indictor
KEAAsymmetric-key algorithmR21-Tech-23-94, "Key Exchange Algorithm "Key exchange and digital signature algorithm for Fortezza, etc.Fortezza, Fortezza Plus, Palladium Secure Modem
SKIPJACKBlock cipherR21-Tech-044-91, "SKIPJACK"Confidentiality algorithm for Fortezza, etc.Fortezza, Fortezza Plus, Palladium Secure Modem

Type 3 Product

Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. A Type 3 Algorithm refers to NIST endorsed algorithms, registered and FIPS published, for sensitive but unclassified U.S. government and commercial information.
NameTypeSpecificationUseEquipment
DESData Encryption StandardBlock cipherFIPS 46-3UbiquitousUbiquitous
AESAdvanced Encryption StandardBlock cipherFIPS 197NumerousNumerous
DSADigital Signature AlgorithmDigital signature systemFIPS 186NumerousNumerous
SHASecure Hash AlgorithmCryptographic hash functionFIPS 180-2UbiquitousUbiquitous

Type 4 Product

A Type 4 Algorithm refers to algorithms that are registered by the NIST but are not FIPS published. Unevaluated commercial cryptographic equipment, assemblies, or components that are neither NSA nor NIST certified for any Government usage.

Algorithm Suites

Suite A

A set of NSA unpublished algorithms that is intended for highly sensitive communication and critical authentication systems.

Suite B

A set of NSA endorsed cryptographic algorithms for use as an interoperable cryptographic base for both unclassified information and most classified information. Suite B was announced on 16 February 2005, and phased out in 2016.

Commercial National Security Algorithm Suite

A set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography until post-quantum cryptography standards are promulgated.

Quantum resistant suite

In August 2015, NSA announced that it is planning to transition "in the not distant future" to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition."