Quantum computing and quantum-resistant cryptography aren’t easy concepts to grasp. Even for experienced engineers, understanding multivariate polynomial equations and the isogenies of elliptic curves may feel too abstract or theoretical. But you don’t need to be a cryptography expert to realize that quantum computers are coming in the not-too-distant future, and when they do, they’ll be able to break the public-key algorithms we rely on today. The transition to quantum-resistant (QR) encryption is no longer hypothetical, and for those working on secure systems, it’s time to start planning.
Defense programs and platforms that handle classified data-at-rest (DAR) must be ready for a future where quantum computers can break today’s encryption, leaving valuable data vulnerable to exploitation. In response, the National Security Agency (NSA) published the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), setting clear expectations for when quantum-vulnerable algorithms should be phased out. The migration doesn’t need to happen overnight, but the milestones are set, and for many systems, programs, and platforms, it will affect design decisions currently being made.
What Is CNSA 2.0?
CNSA 2.0 is a set of cryptographic algorithm requirements developed by the NSA for systems that protect national security information. The algorithms included in the CNSA 2.0 suite were selected from those chosen by the National Institute of Standards and Technology (NIST). NIST is the U.S. Government's authority on encryption. CNSA 2.0 replaces the previous CNSA 1.0 suite, updating it with algorithms believed to withstand cyberattacks from both classical and quantum computers.
CNSA 2.0 applies to all national security systems (NSS) and incorporates several new algorithms still undergoing finalization, including those in the NIST Post-Quantum Cryptography standardization effort. It also removes legacy algorithms like RSA and ECC that are expected to be broken by quantum capabilities.
Transition to Quantum-Resistant Cryptography for DAR
The NSA is directing that the transition to QR algorithms be completed by 2035 and prefers that CNSA 2.0 algorithms be used when configuring systems during the transition period.
Here’s how the NSA adoption of CNSA 2.0 is planned:
- 2025: The NSA will stop approving new systems that use RSA, Diffie-Hellman, and ECC for key establishment or digital signatures.
- 2025–2030: Hybrid solutions combining classical and quantum-resistant algorithms will be used during a transitional period.
- 2030 and beyond: All new systems will be expected to use quantum-resistant algorithms (like CRYSTALS-Kyber and CRYSTALS-Dilithium) as defined in the CNSA 2.0 suite.
Procurement cycles for long-life platforms and programs often span decades. Continuing to design in classical cryptography will leave systems and critical DAR vulnerable when post-quantum threats mature.
Why the CNSA 2.0 Transition Matters for CSfC DAR Systems
The NSA’s CSfC program enables commercial technologies to be used in layered solutions to protect NSS information. Every component appearing on the NSA CSfC Components List must adhere to NSA-approved cryptographic standards outlined in the relevant NIAP Protection Profiles. In addition, the Capability Package, which outlines the solution requirements, should also be considered. The current data-at-rest Capability Package is v5.0, which refers to CNSA 1.0.
NIAP is expected to issue new DAR-specific security requirements specifying that CSfC components must support CNSA 2.0 algorithms. Existing DAR systems that depend on RSA or ECC algorithms will need a plan to transition to QR algorithms to remain compliant with NSA and CSfC guidelines.
In compliance with the CSfC program, network attached storage (NAS) devices like Curtiss-Wright’s DTS1+, DTS1X, and HSR10 utilize CNSA 2.0 algorithms, AES-256, and SHA-384, for data encryption. Complying with the CNSA 2.0 symmetric algorithms ensures the devices are quantum-resistant and the DAR stored on them is protected. According to the NSA, symmetric algorithms that exist today will remain secure for the foreseeable future and beyond the development of a quantum computer.
Preparing for a Quantum Safe Future
CNSA Suite 2.0 algorithms are the current roadmap for protecting critical data from impending quantum computing threats. Legacy cryptographic algorithms that have supported secure systems for decades are being retired because they are likely unable to defend against quantum computers. The QR CNSA 2.0 algorithms that replace the legacy cryptography must be in place before the transition is finished, leaving no gaps for vulnerable data to be exploited. The decisions made regarding data security today, including algorithms, timelines, and compliance, will determine whether systems built now can stand up to tomorrow's threats.
Download the white paper to learn more about transitioning to quantum-resistant cryptography.
- What is CNSA 2.0, and why does it matter for DAR protection?
CNSA 2.0 is the NSA’s updated cryptographic guidance to protect national security systems against quantum computing threats. It mandates using quantum-resistant algorithms to secure classified data-at-rest (DAR). - Which algorithms are included in CNSA 2.0?
CNSA 2.0 includes AES-256, SHA-384, and post-quantum algorithms like CRYSTALS-Kyber and CRYSTALS-Dilithium. These are selected for their resilience against both classical and quantum attacks. - How do Curtiss-Wright NAS devices support CNSA 2.0 compliance?
Curtiss-Wright’s DTS1+, DTS1X, and HSR10 devices integrate CNSA 2.0 algorithms to meet CSfC, NIAP, and NSA requirements for secure DAR solutions. - What is the timeline for transitioning to CNSA 2.0?
The NSA recommends beginning the transition by 2025, with full adoption of quantum-resistant algorithms expected by 2035. Hybrid cryptographic solutions will be used during the interim. - What is CSfC and how does it relate to CNSA 2.0?
CSfC (Commercial Solutions for Classified) is an NSA program that enables commercial products to protect classified data. Going forward, CNSA 2.0 algorithms are required for CSfC-approved DAR components.