Cipher Suite Reference - Complete Intelligence Database

Showing all 319 cipher suites

Cipher Suite (IANA)	OpenSSL Name	Risk	Category	Key Exchange	Encryption	Bits	Q-Bits	Protocols	NIST	FIPS 140-2	FIPS 140-3	PCI DSS	CNSA 2.0	IANA Rec

Key exchange algorithms determine how TLS session keys are established. Post-quantum algorithms protect against Shor's algorithm attacks on classical elliptic curve and Diffie-Hellman exchanges. CNSA 2.0 requires ML-KEM-1024 as the PQC component, paired with NIST P-384 for full compliance (SecP384r1MLKEM1024).

Showing all 66 key exchange algorithms

Algorithm Name	Family	Quantum Safe	Classical Bits	PQC Bits	CNSA 2.0 Level	Risk	IANA Reg.	FIPS 140-2	NIST 800-131A	Aliases

CNSA 2.0 Requirement: For digital signatures, CNSA 2.0 mandates ML-DSA-87 (FIPS 204 Level 5). All classical algorithms — RSA, ECDSA, and Ed25519 — are vulnerable to Shor's algorithm on a sufficiently powerful quantum computer and must be replaced or augmented with post-quantum signature algorithms in high-assurance environments. The NIST PQC signature standards are FIPS 204 (ML-DSA / Dilithium), FIPS 205 (SLH-DSA / SPHINCS+), and FIPS 206 (FN-DSA / Falcon).

Post-Quantum Digital Signature Algorithms (NIST FIPS 204 / 205 / 206)

Algorithm	Standard	Security Level	Quantum Safe	CNSA 2.0	FIPS	Notes
ML-DSA-44 (Dilithium2)	FIPS 204	Level 2 / 128-bit PQ	Yes	No	FIPS 204	Smallest ML-DSA parameter set; use where key size matters
ML-DSA-65 (Dilithium3)	FIPS 204	Level 3 / 192-bit PQ	Yes	Transition	FIPS 204	Balanced security and performance; suitable for transition period
ML-DSA-87 (Dilithium5)	FIPS 204	Level 5 / 256-bit PQ	Yes	Full	FIPS 204	CNSA 2.0 compliant — required for national security systems
SLH-DSA-SHA2-128s (SPHINCS+)	FIPS 205	128-bit PQ	Yes	No	FIPS 205	Hash-based; stateless; conservative security assumptions; large signatures
SLH-DSA-SHA2-256s (SPHINCS+)	FIPS 205	256-bit PQ	Yes	No	FIPS 205	Hash-based; highest security; very large signatures; ultra-conservative
FN-DSA-512 (Falcon-512)	FIPS 206	Level 1 / 128-bit PQ	Yes	No	FIPS 206	Lattice-based; compact signatures; fast verification; complex keygen
FN-DSA-1024 (Falcon-1024)	FIPS 206	Level 5 / 256-bit PQ	Yes	No	FIPS 206	Compact signatures at highest security; used in TLS certificate experiments

Classical Asymmetric Algorithms (TLS Certificates)

All classical signature algorithms below are vulnerable to Shor's algorithm on a cryptographically relevant quantum computer. They remain secure against classical attacks today but must be replaced with post-quantum algorithms for long-term assurance.

Algorithm	Standard	Classical Security	Quantum Safe	CNSA 2.0	FIPS	Notes
RSA-2048	RFC 3447 / PKCS#1	112-bit classical	No	No	FIPS 140-2 (transitional)	Vulnerable to Shor's; deprecated by NIST SP 800-131A for some uses
RSA-3072	RFC 3447 / PKCS#1	128-bit classical	No	No	FIPS 140-2	Vulnerable to Shor's; adequate for classical security through ~2030
RSA-4096	RFC 3447 / PKCS#1	140-bit classical	No	No	FIPS 140-2	Vulnerable to Shor's; best classical RSA option but still not PQC
P-256 (ECDSA)	NIST FIPS 186-5	128-bit classical	No	No	FIPS 186-5	Common in modern TLS; fast; vulnerable to Shor's
P-384 (ECDSA)	NIST FIPS 186-5	192-bit classical	No	Classical Acceptable	FIPS 186-5	CNSA 1.0 / NSS Suite B; acceptable during transition; still vulnerable to Shor's
P-521 (ECDSA)	NIST FIPS 186-5	260-bit classical	No	No	FIPS 186-5	Uncommon; highest classical security NIST curve; vulnerable to Shor's
Ed25519 (EdDSA)	RFC 8032	128-bit classical	No	No	Not FIPS approved	Fast; used in SSH and TLS; not FIPS-approved; vulnerable to Shor's

CNSA 2.0 Compliant (Signatures)

ML-DSA-87 (FIPS 204) is the CNSA 2.0 required signature algorithm for national security systems. Transition to ML-DSA-87 for all long-lived certificates.

Transition Period

ML-DSA-65 is acceptable during the CNSA 2.0 transition. Classical P-384 ECDSA certificates remain acceptable until quantum computers become practical.

Quantum Vulnerable

RSA (all key sizes), ECDSA (all curves), and EdDSA are all broken by Shor's algorithm on a cryptographically relevant quantum computer. Plan migration now.