Suite B Versus CNSA 1.0 Versus CNSA 2.0

With the CNSA (Commercial National Security Algorithm) 2.0 Suite coming into sharp focus recently, we thought we would talk about the history of how we got here and then focus on the differences between the various suites that came before it.

The first time the NSA came out with a suite of algorithms to be used to protect unclassified information was in 2005; it was called Suite B. The purpose was to specify algorithms that were approved so vendors knew what they needed to enable and disable in their protocols in order to provide security for the US federal government. It only allowed for AES, ECC and SHA2.

Later, in 2018 it was overridden by the CNSA 1.0 Suite which added in RSA and Diffie-Hellman but not DSA.

In 2022 CNSA 2.0 was announced, but interestingly, most of the algorithms it specified had not been standardized yet. For example, ML-DSA and ML-KEM have only just recently been standardized in 2024. The main focus of the 2.0 Suite is to ensure that vendors prioritize the transition to post-quantum algorithms.

Below is a chart of the algorithms that are specified for TLS and firmware/software signing use cases.

Use Case Suite B CNSA 1.0 CNSA 2.0
Firmware and Software Signing (i.e.: wolfBoot) N/A N/A LMS or XMSS; All parameter sets but without hyper-tree variants
TLS Key Establishment ECDH with P-256 or P-384 ECDH with P-384 or DH with 3072-bit modulus or RSA with 3072-bit modulus ML-KEM-1024 (FIPS-203)
TLS Authentication ECDSA with P-256 or P-384 ECDSA with P-384 or RSA with 3072-bit modulus ML-DSA-87 (FIPS-204)
TLS Symmetric Ciphers AES 128 or 256 in GCM mode AES 256 in GCM mode AES-256 in GCM mode
TLS Hash Algorithms SHA-256 or SHA-384 SHA-384 SHA-384

To our customers, know that wolfCrypt has implementations for all algorithms and parameter sets specified by Suite B, CNSA 1.0 and most notably CNSA 2.0. Please download the latest release of our wolfSSL source code archive at https://www.wolfssl.com/download/ and try it out.

The relevant configure time flags are:

  • –enable-lms
  • –enable-xmss
  • –enable-kyber
  • –enable-dilithium

All of them are specially implemented and optimized for maximum performance to run securely and with side-channel attack mitigations even on bare metal to satisfy secure boot use cases.

If you have questions about any of the above or need assistance, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now