Spy sets
Burst encoders
Logo (click for homepage)
NSA Encryption Products
The National Security Agency (NSA) is the cryptologic intelligence and security agency of the US government. It is based in Fort Meade, Maryland (USA) and has a nice museum, called the National Crytologic Museum (NCM), that is open to the public.
As part of the American Department of Defence (DoD), the NSA is responsible for the collection and analysis of foreign communications and foreign signals intelligence (cryptanalysis).

It is also responsible for the protection of US government communications and information systems from evesdropping by similar agencies elsewhere (cryptography).

As such, the NSA has (co)developed a range of cryptographic algorithms and encryption devices. Most of these were initially intended for military and government use, but some of them have been made available to a restricted group of (commercial) customers as commercial off-the-shelf (COTS) products.
source: wikipedia

Below is an overview of the various types of encryption developed and endorsed by the NSA. As most of the NSA's work is classified, the list is neither complete nor correct. The information below is based on public knowledge about NSA products, algorithms and protocols. Further down this page is also an overview of the evolution of NSA encryption products.

NSA headquarters in For Meade (Maryland, USA)

The NSA headquarters in Fort Meade (Maryland, USA) [2]
Cryptologic history
The cryptologic history of the NSA is layed out in several (internal) publications that have been written over the years by NSA historians. In recent years, the NSA has (partly) declassified some of these publications, regarding WWII, the Cold War and some other events. These documents are available for download from the NSA website [1].
NSA Product Types
Depending on the required (and allowed) level of security, the NSA has defined various Types of encryption. The lower the number, the higher the security level. E.g. type 1 products are for use by the US government for top secret material. More detailed information on Wikipedia.
  1. Classified or sensitive US Government information (Top Secret)
    This includes algorithms such as AES(256), BATON, FIREFLY, HAVEQUICK, and SAVILLE, used in a variety of products such as the STU-III secure phone and many military communication products, like the KG-84, KIV-7, KY-57 and KY-99. Type 1 products are only used by the US Government, their contractors, and federally sponsored non-US Government activities, in accordance with the International Traffic in Arms Regulations (ITAR).

  2. National Security Information
    This includes products like CORDOBA, KEA and SKIPJACK used in equipment like the Cypris cypto chip and the Fortezza (Plus) crypto cards. It may be used for unclassified national security information. The equipment is unclassified, but the algorithms and keys are. Type 2 products are subject to International Traffic in Arms Regulations (ITAR).

  3. Unclassified sensitive US Government or commercial information
    Also known as Sensitive, But Unclassified (SBU); used on non-national security systems. Approved (unclassified) algorithms include DES, Tripple DES, AES, DSA and SHA. A good example of a Type 3 product is the CVAS III secure phone.

  4. Unevaluated commercial cryptographic equipment; not for government usage
    The algorithms have been registered with NIST but are not Federal Information Processing Standard (FIPS). They may not be used for classified information.

Algorithm Suites
  • Suite A
    Unpublished NSA algorithms intended for highly sensitive communication and critical authentication systems. Generally used in combination with Type 1 and 2 equipment.

  • Suite B
    NSA endorsed cryptographic algorithms for use as an interoperable base for both unclassified and most-classified information. Introduced on 16 February 2005.
    (More on the NSA website...)

Another way of categorizing the encryption systems developed by the NSA, is by looking at the evolution of their development. This can be divided into several generations that are listed below. More detailed information is available on Wikipedia.
  1. Electro-mechanical
    One of the first NSA products to be developed after WWII was the KL-7. It was introduced in the 1950s and was partly based on the war-time SIGABA. The KL-7 was used by the US Military and some of their allies (NATO). The daily keys were distributed on paper key lists.

  2. Vacuum tubes
    In the 1960s and 1970s, electronic cipher machines with vacuum tubes (valves) were developed. Punched cards were used for key distribution. Some of these systems remained in use until the mid-1980s. An example of a cipher machine based on vacuum tubes is the KW-26 that was used by the US Navy.

  3. Integrated Circuits (ICs)
    The next generation was developed during the 1980s and was based on transistor logic, using integrated circuits (ICs). This made devices significantly smaller and allowed for faster and stronger cryptographic algorithms. Keys were loaded through a standardized connector at the front panel of each device. Initially they were distributed on punched paper tape that was pulled though a reader (e.g. the KOI-18) but these were eventually replaced by electronic devices such as the KYK-13.

  4. Electronic Key Distribution
    During the 1990s, more modern (commercial) electronics were introduced. This allowed even smaller systems to be developed and introduced electronic methods for key distribution. At this stage, the electronic security token or Crypto Ignition Key (CIK) was introduced, protecting the electronically stored keys and allowing for easier key distribution. An example of a CIK is the KSD-64 that was developed by the NSA for products like the Motorola SECTEL 2500 secure telephone (STU-III). Traffic Encryption Keys (TEKs) were distributed with a new generation of electronic Data Transfer Devices (DTD) such as the AN/CYZ-10.

  5. Network-centric systems
    From 2000 onwards, communication is increasingly based on digital computer networks, such as the internet. The NSA has developed an interoperable standard called HAIPE to allow government, agencies and others to securely exchange data over unsecure networks and satellite links. An example of such a product is the KIV-7 family of embeddable KG-84 encryption devices.

Although most of the NSA's work on encryption is classified, some information has been published in the past, either as part of the NSA's participation in standards processes, or after an algorithm has been declassified. Below is an (incomplete) overview of NSA-developed approved algorithms.

Type 1
    Cryptographic algorithm used in products like AIM, SafeXcel-3340 and PSIAM.

  • AES (256)
    256-bit block cipher algorithm, used in numerous products. Specified in FIPS 197.

    Block cipher algorithm, used with products like PKCS#11, CDSA/CSSM, AIM, Cypris, APCO Project 25, MYK-85, Fortezza Plus, SecNet-11, Sierra, SafeXcel-3340 and PSIAM.

    NSA-developed cooperative key generation scheme, used for exchanging EKMS public keys. Used in products like AIM, SafeXcel-3340, PSIAM, STU-III, STE and SCIP.

    Interoperability Specification (IS) for the High Assurance Internet Protocol Encryptor (HAIPE). Based on Internert Protocol Security (IPsec), with additional restrictions and enhancements. Used in products like KOV-26 (Talon), KIV-7M, KG-175 (TACLANE), KG-240A, KG-245, KG-250 and KG-255.

    Frequency Hopping System used for ECCM. Implemented in the Cypris crypto chip.

    Narrow band voice encryption used for radio and telephone communication. Used with products like AIM, Cypris (SAVILLE I and II), Windster (SAVILLE I), VINSON (KY-57) and Spendex 40. Joint development of GCHQ (UK) and the NSA (US). More...

    Used for TTY broadcasts to submarines by AIM (2004).

    High-speed link encryption. Used in products like KG-81, KG-94, KG-194, KG-95 and AIM (2004). Generally used for Trunk Encryption Devices (TED).

    Cryptographic algorithm used in products like Cypris (2 modes), Windster and Indictor.

    Cryptographic algorithm used in SafeXcel-3340.

Type 2
    Cryptographic algorithm used in NSA-developed crypto chips, such as Cypris, Windster and Indictor.

  • KEA
    Asymmetric-key algorithm used in products like Fortezza, Fortezza Plus and the Palladium Secure Modem. KEA was declassified by the NSA on 24 June 1998. More...

    Block cipher algorithms used in products like Fortezza, Fortezza Plus and the Palladium Secure Modem. It was also used in the so-called Clipper Chip that was featured in products like the AT&T TSD-3600 telephone encryptor. The Skipjack algorithm was declassified by the NSA on 24 June 1998.

Type 3
  • DES - Data Encryption Standard
    Block cipher. Used in many NSA Type 3 products, such as the Motorola SECTEL 2500 (in Type 3 mode). Specified in FIPS 46-3.

  • AES - Advanced Encryption Standard
    Block cipher. Specified in FIPS 197.

  • DSA - Digital Signature Algorithm
    Used for digital signatures. Specified in FIPS 186.

  • SHA - Secure Hash Algorithm
    Cryptographic hash function. Specified in FIPS 180-2.

The following (incomplete) list shows which products are believed to have been (partly) developed by the NSA:
Key Escrow
In the early 1990s, the NSA developed the so-called Clipper Chip. It was intended for the implementation in secure voice equipment, such as crypto phones, and required users to give their cryptographic keys in escrow to the government. This would allow law enforcement agencies to decrypt any traffic for surveillance and intelligence purposes.

The controversial Clipper Chip was announced in 1993 and was already defunct by 1996.

 More information
Close-up of the Clipper Chip inside the TSD-3600

NSA on Wikipedia

  1. National Security Agency (NSA), Cryptologic Histories
    NSA website. Downloadable documents. Retrieved February 2013.

  2. Wikimedia Commons, Photograph of NSA headquarters in Fort Meade, Maryland, USA
    Originated from NSA website. Retrieved August 2013.

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Thursday, 08 August 2013 - 08:52 CET
Click for homepage