NSA Begins Transition to Recommending Quantum Resistant Algorithms

Strong cryptographic algorithms and secure protocol implementations are a vital foundation to securing the Internet of today and tomorrow. Securing over a billion active connections on the Internet today, wolfSSL knows this very well. A recent announcement by the National Security Agency conveyed their plans to transition from recommending the Suite B set of algorithms to a quantum resistant solution.

Suite B is currently specified by NIST and used by NSA’s Information Assurance Directorate in solutions approved for protecting classified and unclassified National Security Systems (NSS).

During the transition phase, the NSA is recommending that the following algorithms and key sizes be used to protect up to TOP SECRET:

Advanced Encryption Standard (AES) with 256-bit keys
Elliptic Curve Diffie-Hellman (ECDH) Key Exhange, with Curve P-384
Elliptic Curve Digital Signature Algorithm (ECDSA), with Curve P-384
Secure Hash Algorithm (SHA-384)
Diffie-Hellman Key Exchange (DH), with a minimum of 3072-bit modulus
RSA, with a minimum of 3072-bit modulus

The wolfSSL embedded SSL/TLS library supports all of the above cryptographic algorithms, curves, and key sizes. In addition to these algorithms, wolfSSL supports the NTRU public key algorithm which is quantum resistant. As of version 3.6.6, wolfSSL includes support for “Quantum-safe hybrid” ciphersuites through the partnership with Security Innovation.

NSA Article: https://www.nsa.gov/what-we-do/cybersecurity/
Ars Technica Article: http://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/
Wikipedia, Post-Quantum Cryptography: https://en.wikipedia.org/wiki/Post-quantum_cryptography