Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
NSA cryptography
open-in-new
<h2 id="type-1-product">Type 1 Product</h2> <p class="note">Main article: <a href="/facts/Type_1_encryption/uKCkqR8E">Type 1 encryption</a></p> <p>A Type 1 Product refers to an NSA endorsed classified or controlled cryptographic item for classified or sensitive U.S. government information, including cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed.<a class="footnote-ref" id="fnref:1" href="#fn:1"><sup>1</sup></a> </p> <table><tbody><tr><th>Name</th><th>Type</th><th>Specification</th><th>Use</th><th>Equipment (incomplete list)</th></tr><tr><td>ACCORDIAN [<i><a href="/facts/Sic/qB9MUUWF">sic</a></i>]</td><td></td><td>R21-TECH-13-00, "ACCORDIAN 3.0 Specification" (August 2000)</td><td></td><td>AIM (1999 and 2004 brochures), SafeXcel-3340, PSIAM <a class="footnote-ref" id="fnref:2" href="#fn:2"><sup>2</sup></a></td></tr><tr><td><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">AES</a> (256-bit keys only)</td><td><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a></td><td>FIPS 197</td><td>Numerous</td><td>Numerous</td></tr><tr><td><a href="/facts/BATON/DVzcQCdW">BATON</a></td><td><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a></td><td></td><td>Various</td><td><a href="/facts/PKCS11/LLtvbEfb">PKCS#11</a>, CDSA/CSSM, AIM (1999 and 2004 brochures), <a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a>, <a href="/facts/APCO_Project_25/X6z6Ajef">APCO Project 25</a>, MYK-85, <a href="/facts/KOV-14/FIImqHbK">Fortezza Plus</a>, SecNet-11, Sierra, SafeXcel-3340, PSIAM <a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a></td></tr><tr><td>BAYLESS</td><td></td><td></td><td></td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a></td></tr><tr><td>BYTEMAN</td><td></td><td></td><td></td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a></td></tr><tr><td>CARDIGAN</td><td></td><td></td><td></td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a></td></tr><tr><td>CARDHOLDER</td><td></td><td></td><td>Satellite uplink command encryption</td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a>, KI-17, U-AYJ Flight Decrypt Chip (Cardholder), Flight Encrypt Chip (Cardholder), MYK-16, CXS-810, CXS-2000, MCU-100, MCU-600</td></tr><tr><td>CARIBOU</td><td></td><td></td><td>Satellite uplink command encryption</td><td>U-TXZ, MYK-15A</td></tr><tr><td>CRAYON</td><td></td><td></td><td></td><td>AIM (2004 brochure), <a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a> (4 modes)</td></tr><tr><td>FASTHASH</td><td><a href="/facts/Cryptographic_hash_function/cuxkgbST">Cryptographic hash function</a></td><td></td><td>MISSI Type 1 hash</td><td><a href="/facts/PKCS/M0swhEyc">PKCS</a> #11, CDSA/CSSM</td></tr><tr><td><a href="/facts/FIREFLY/AsDYDz2C">FIREFLY</a> / Enhanced FIREFLY</td><td></td><td></td><td><a href="/facts/EKMS/Wzlm657f">EKMS</a> <a href="/facts/Public_key_cryptography/gowoFTxS">public-key</a> cooperative key generation</td><td>AIM (2004), SafeXcel-3340, SecNet54, ViaSat KG-25x, PSIAM <a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a></td></tr><tr><td>GOODSPEED</td><td></td><td></td><td></td><td>Sierra II</td></tr><tr><td><a href="/facts/HAVE_QUICK/9TxKSzfn">HAVE QUICK</a></td><td></td><td></td><td>Antijam, LPI/LPD airborne voice communication</td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a></td></tr><tr><td>JACKNIFE</td><td></td><td></td><td></td><td>AIM (2004) for IFF Mode 5</td></tr><tr><td>JOSEKI</td><td></td><td>R21-TECH-0062-92, "JOSEKI-1, A Bootstrap Procedures" (Oct. 1992) (also R21-TECH-13-97, R21-TECH-13-98)</td><td>Protection of secret algorithms in <a href="/facts/Firmware/62UVKIUK">firmware</a></td><td>AIM, PSIAM <a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a></td></tr><tr><td>JUNIPER</td><td><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a></td><td></td><td></td><td><a href="/facts/PKCS/M0swhEyc">PKCS</a> #11, CDSA/CSSM</td></tr><tr><td>KEESEE</td><td></td><td></td><td></td><td>AIM (1999 and 2004 brochures), <a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a>, PSIAM <a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a></td></tr><tr><td>Mark XII IFF</td><td></td><td></td><td><a href="/facts/Identification_Friend_or_Foe/ANQjz9NM">IFF</a> <a href="/facts/Secondary_surveillance_radar/qlJMuEjC">secondary radar</a></td><td>AIM (2004 brochure)</td></tr><tr><td>MAYFLY</td><td><a href="/facts/Asymmetric-key_algorithm/gowoFTxS">Asymmetric-key algorithm</a></td><td></td><td></td><td><a href="/facts/PKCS/M0swhEyc">PKCS</a> #11, CDSA/CSSM</td></tr><tr><td>MEDLEY</td><td></td><td>R21-TECH-30-01, "MEDLEY Implementation Standard" (Nov. 2001)</td><td></td><td>AIM (2004), SecNet 54, SafeXcel-3340, ViaSat KG25x, PSIAM <a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a></td></tr><tr><td><a href="/facts/PEGASUS/HefJFcKG">PEGASUS</a></td><td></td><td></td><td>Satellite telemetry and mission data downlinks</td><td>KG-227, KG-228, KI-17, U-BLW Pegasus Space Microcircuit Chip, U-BLX Pegasus Ground Microcircuit Chip, MYK-17, CXS-810, CXS-2000, MCU-100, MCU-600</td></tr><tr><td>PHALANX</td><td></td><td></td><td></td><td>AIM (1999 and 2004 brochures), <a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a> (PHALANX I and PHALANX II)</td></tr><tr><td><a href="/facts/SAVILLE/drc4XgJK">SAVILLE</a></td><td></td><td></td><td>Low-bandwidth voice (and sometimes data) encryption</td><td>AIM (1999 and 2004 brochures), <a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a> (2 modes), Windster (SAVILLE I), <a href="/facts/VINSON/9QY3nJLd">VINSON</a></td></tr><tr><td>VALLOR</td><td></td><td></td><td>TTY broadcasts to submarines</td><td>AIM (2004)</td></tr><tr><td>WALBURN</td><td></td><td></td><td>High-bandwidth link encryption</td><td>AIM (2004), KG-81/94/194/95</td></tr><tr><td>PADSTONE</td><td></td><td></td><td></td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a> (2 modes), Windster, Indictor</td></tr><tr><td>WEASEL</td><td></td><td></td><td></td><td>SafeXcel-3340</td></tr></tbody></table> <h2 id="type-2-product">Type 2 Product</h2> <p class="note">Main article: <a href="/facts/Type_2_encryption/uKCkqR8E">Type 2 encryption</a></p> <p>A Type 2 Product refers to an NSA endorsed unclassified cryptographic equipment, assemblies or components for sensitive but unclassified U.S. government information. </p> <table><tbody><tr><th>Name</th><th>Type</th><th>Specification</th><th>Use</th><th>Equipment (incomplete list)</th></tr><tr><td>CORDOBA</td><td></td><td></td><td></td><td><a href="/facts/CYPRIS_(microchip)/PRQ8MHk0">CYPRIS</a>, Windster, Indictor</td></tr><tr><td><a href="/facts/Key_Exchange_Algorithm/gcYhnpFb">KEA</a></td><td><a href="/facts/Asymmetric-key_algorithm/gowoFTxS">Asymmetric-key algorithm</a></td><td>R21-Tech-23-94, "Key Exchange Algorithm (KEA)"</td><td>Key exchange and <a href="/facts/Digital_signature/tY7e2pnW">digital signature</a> algorithm for <a href="/facts/Fortezza/JE9tzL93">Fortezza</a>, etc.</td><td><a href="/facts/Fortezza/JE9tzL93">Fortezza</a>, <a href="/facts/Fortezza_Plus/FIImqHbK">Fortezza Plus</a>, Palladium Secure Modem</td></tr><tr><td><a href="/facts/Skipjack_(cipher)/pxHYFxTj">SKIPJACK</a></td><td><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a></td><td>R21-Tech-044-91, "SKIPJACK"</td><td>Confidentiality algorithm for <a href="/facts/Fortezza/JE9tzL93">Fortezza</a>, etc.</td><td><a href="/facts/Fortezza/JE9tzL93">Fortezza</a>, <a href="/facts/Fortezza_Plus/FIImqHbK">Fortezza Plus</a>, Palladium Secure Modem</td></tr></tbody></table> <h2 id="type-3-product">Type 3 Product</h2> <p class="note">Main article: <a href="/facts/Type_3_encryption/uKCkqR8E">Type 3 encryption</a></p> <p>Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. A Type 3 Algorithm refers to NIST endorsed algorithms, registered and FIPS published, for sensitive but unclassified U.S. government and commercial information. </p> <table><tbody><tr><th></th><th>Name</th><th>Type</th><th>Specification</th><th>Use</th><th>Equipment (incomplete list)</th></tr><tr><td>DES</td><td><a href="/facts/Data_Encryption_Standard/STfBjTGb">Data Encryption Standard</a></td><td><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a></td><td>FIPS 46-3</td><td>Ubiquitous</td><td>Ubiquitous</td></tr><tr><td>AES</td><td><a href="/facts/Advanced_Encryption_Standard/HdXGBY2Q">Advanced Encryption Standard</a></td><td><a href="/facts/Block_cipher/MJywAyfQ">Block cipher</a></td><td>FIPS 197</td><td>Numerous</td><td>Numerous</td></tr><tr><td>DSA</td><td><a href="/facts/Digital_Signature_Algorithm/0o0FK486">Digital Signature Algorithm</a></td><td><a href="/facts/Digital_signature/tY7e2pnW">Digital signature</a> system</td><td>FIPS 186</td><td>Numerous</td><td>Numerous</td></tr><tr><td>SHA</td><td><a href="/facts/Secure_Hash_Algorithm/rm1nXcGc">Secure Hash Algorithm</a></td><td><a href="/facts/Cryptographic_hash_function/cuxkgbST">Cryptographic hash function</a></td><td>FIPS 180-2</td><td>Ubiquitous</td><td>Ubiquitous</td></tr></tbody></table> <h2 id="type-4-product">Type 4 Product</h2> <p class="note">Main article: <a href="/facts/Type_4_encryption/uKCkqR8E">Type 4 encryption</a></p> <p>A Type 4 Algorithm refers to algorithms that are registered by the NIST but are not FIPS published. Unevaluated commercial cryptographic equipment, assemblies, or components that are neither NSA nor NIST certified for any Government usage. </p> <h2 id="algorithm-suites">Algorithm Suites</h2> <h3>Suite A</h3> <p class="note">Main article: <a href="/facts/NSA_Suite_A_Cryptography/56c7KHWj">NSA Suite A Cryptography</a></p> <p>A set of NSA unpublished algorithms that is intended for highly sensitive communication and critical authentication systems. </p> <h3>Suite B</h3> <p class="note">Main article: <a href="/facts/NSA_Suite_B_Cryptography/Q1VDGHJy">NSA Suite B Cryptography</a></p> <p>A set of NSA endorsed cryptographic algorithms for use as an interoperable cryptographic base for both unclassified information and most classified information. Suite B was announced on 16 February 2005, and phased out in 2016.<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p> <h3>Commercial National Security Algorithm Suite</h3> <p class="note">Main article: <a href="/facts/Commercial_National_Security_Algorithm_Suite/oW4XH2dI">Commercial National Security Algorithm Suite</a></p> <p>A set of cryptographic algorithms <a href="/facts/Promulgation/CxAc9l4d">promulgated</a> by the <a href="/facts/National_Security_Agency/Sg6MGV1o">National Security Agency</a> as a replacement for <a href="/facts/NSA_Suite_B_Cryptography/Q1VDGHJy">NSA Suite B Cryptography</a> until <a href="/facts/Post-quantum_cryptography/1qeqUQve">post-quantum cryptography</a> standards are promulgated. </p> <h3>Quantum resistant suite</h3> <p class="note">See also: <a href="/facts/Post-quantum_cryptography/1qeqUQve">Post-quantum cryptography</a></p> <p>In August 2015, NSA announced that it is planning to transition "in the not distant future" to a new cipher suite that is resistant to <a href="/facts/Quantum_computing/nbbcgmvq">quantum</a> attacks. "Unfortunately, the growth of <a href="/facts/Elliptic_curve_cryptography/YbjcXIWk">elliptic curve</a> use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition."<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> </p> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/NSA_encryption_systems/evxRzNWD">NSA encryption systems</a></li> <li><a href="/facts/Speck_(cipher)/tPCozSez">Speck</a> and <a href="/facts/Simon_(cipher)/db4VEvEB">Simon</a>, light-weight <a href="/facts/Block_cipher/MJywAyfQ">block ciphers</a>, published by NSA in 2013</li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"National Information Assurance Glossary"; CNSS Instruction No. 4009 National Information Assurance Glossary <a href="/wiki/National_Information_Assurance_Glossary" target="_blank">/wiki/National_Information_Assurance_Glossary</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>ViaSat Programmable Scalable Information Assurance Model (PSIAM) <a href="http://www.viasat.com/government-communications/information-assurance/technologies" target="_blank">http://www.viasat.com/government-communications/information-assurance/technologies</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>ViaSat Programmable Scalable Information Assurance Model (PSIAM) <a href="http://www.viasat.com/government-communications/information-assurance/technologies" target="_blank">http://www.viasat.com/government-communications/information-assurance/technologies</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>ViaSat Programmable Scalable Information Assurance Model (PSIAM) <a href="http://www.viasat.com/government-communications/information-assurance/technologies" target="_blank">http://www.viasat.com/government-communications/information-assurance/technologies</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>ViaSat Programmable Scalable Information Assurance Model (PSIAM) <a href="http://www.viasat.com/government-communications/information-assurance/technologies" target="_blank">http://www.viasat.com/government-communications/information-assurance/technologies</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>ViaSat Programmable Scalable Information Assurance Model (PSIAM) <a href="http://www.viasat.com/government-communications/information-assurance/technologies" target="_blank">http://www.viasat.com/government-communications/information-assurance/technologies</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>ViaSat Programmable Scalable Information Assurance Model (PSIAM) <a href="http://www.viasat.com/government-communications/information-assurance/technologies" target="_blank">http://www.viasat.com/government-communications/information-assurance/technologies</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Cook, John (2019-05-23). "NSA recommendations | algorithms to use until PQC". www.johndcook.com. Retrieved 2020-02-28. <a href="https://www.johndcook.com/blog/2019/05/23/nsa-recommendations/" target="_blank">https://www.johndcook.com/blog/2019/05/23/nsa-recommendations/</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"NSA preps quantum-resistant algorithms to head off crypto-apocalypse". Ars Technica. August 21, 2015. <a href="https://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/" target="_blank">https://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> </ol>