• 日本語
• 한국어
• 简体中文
• English

스위트 B

The National Security Agency (NSA) in the United States mandates cryptographic algorithms in support of SECRET and TOP SECRET communications in government and military systems. By mandating the algorithms, the NSA encourages interoperability among departments in the United States but also with allies. Suite B includes the following algorithms:

As per CNSSP-15 (Committee on National Security Systems Policy 15) AES with either 128 or 256-bit keys and SHA-256 are specified to protect classified information up to the SECRET level. Protecting TOP SECRET information requires the use of 256-bit AES keys combined with SHA-384.

For asymmetric algorithms, the NSA has mandated the conversion of equipment to Elliptic Curve Cryptography (ECC). At the very high security level required for SECRET and TOP SECRET communications, an RSA key length of 4096 or 8192 would have been required and made the asymmetric algorithms very inefficient on all but the most powerful processors. Therefore, the much lighter ECC algorithm was chosen using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 for the protection of classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve is required for the protection of TOP SECRET information.

Elliptic has both hardware and software solutions that are targeted specifically at Suite B. Elliptic also offers consulting services to help customer develop new products compliant with Suite B or adapting existing products to meet the standard. One of the key focus areas for Elliptic consulting is deciding what operations are done in software and what should be offloaded in hardware. Elliptic consultants can offer customers guidance on the most effective solution and can work with Ellipsys software which fully supports hardware engine integration in support of the final design agree with the customer.

Elliptic offers the following selection of cores for Suite B applications for SoC/ASIC designs.

• SPP-100: Symmetric/Asymmetric Processing Engine
• CLP-600: Security Protocol Accelerator
• CLP-11: Tiny AES Core
• CLP-45: Configurable Look Aside AES Core
• CLP-300: RSA and Elliptic Curve Public Key Accelerator
• CLP-26: Hash Look Aside Core
• CLP-100: Hash Flow Through Core

Elliptic also offers Ellipsys Cryptography Middleware which supports Suite B. The middleware is split into the symmetric algorithms such as AES and SHA and the asymmetric ECC algorithms used in authentication and key exchange. The middleware is licensed as C source code.

• ESS-01: Symmetric Middleware
• ESS-02: Asymmetric Middleware