Cryptographic Algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information (ITSP.40.111)

Cryptographic algorithm guidance for protecting UNCLASSIFIED, PROTECTED A, and PROTECTED B data, including approved encryption, digital signature standards, and post-quantum readiness.

This document provides authoritative guidance on the selection and use of cryptographic algorithms to protect sensitive information handled by organizations. It establishes a clear baseline for securing UNCLASSIFIED, PROTECTED A, and PROTECTED B information within modern information systems.

The publication explains the role of cryptography in protecting confidentiality, integrity, and authenticity of information across interconnected systems. It recognizes that organizations rely heavily on digital infrastructure to deliver services and that compromised systems can lead to data breaches, operational disruption, and financial loss. Cryptographic controls are positioned as a core component of broader IT security risk management. The guidance is designed to support informed decision-making rather than prescribe a single implementation model.

The document situates cryptographic decisions within the Government of Canada’s IT security risk management lifecycle. It emphasizes that cryptography should be considered at both the organizational and system levels throughout planning, deployment, monitoring, and maintenance. Algorithms and parameters are meant to align with defined security objectives and risk tolerance. This approach ensures cryptographic controls remain effective as systems evolve.

A significant focus of the publication is the transition toward post-quantum cryptography. It explains that advances in quantum computing pose long-term risks to traditional public-key algorithms. Newly standardized post-quantum algorithms are introduced to address these risks and are recommended for future implementations. The document outlines how these algorithms will gradually replace existing key establishment and digital signature schemes. Organizations are encouraged to prepare for this transition as part of long-term planning.

The guidance provides detailed recommendations for encryption algorithms used to protect data confidentiality. It identifies the Advanced Encryption Standard as the preferred symmetric encryption algorithm and specifies acceptable key lengths. The document also explains how encryption modes of operation affect security outcomes. Proper configuration of these modes is highlighted as essential to preventing misuse or weakened protection.

Beyond encryption, the publication addresses methods for protecting both confidentiality and authenticity simultaneously. Authenticated encryption modes are recommended for scenarios where tamper detection and data integrity are required. The guidance clarifies when different modes should be used based on data handling needs. This helps organizations match cryptographic mechanisms to real-world use cases.

The document also outlines approved key establishment schemes for securely creating shared secrets between parties. It covers traditional public-key approaches as well as newer post-quantum mechanisms. Key sizes and phase-out timelines are included to help organizations plan upgrades. This ensures cryptographic strength remains aligned with evolving threat capabilities.

Digital signature algorithms receive dedicated attention due to their role in verifying identity and data origin. The publication recommends specific algorithms and curves while identifying others that should be phased out. It explains that improper selection or delayed replacement can undermine trust mechanisms. Post-quantum signature schemes are introduced as viable alternatives for future deployments.

Hash functions and extendable-output functions are addressed as foundational building blocks used across many cryptographic processes. The document explains their role in ensuring data integrity and resistance to collision attacks. It clearly identifies which hash algorithms are no longer recommended and which remain acceptable. Phase-out timelines are included to reduce long-term risk.

Additional guidance is provided for message authentication codes and key derivation functions. These mechanisms support secure communications, authentication, and key management across protocols and applications. The document emphasizes correct algorithm pairing and minimum key lengths. Consistent application of these recommendations helps maintain cryptographic assurance across systems.

The publication also addresses supporting components such as deterministic random bit generators and key wrapping methods. It explains why sufficient entropy and validated implementations are critical to cryptographic strength. Organizations are encouraged to rely on validated modules and recognized assurance programs. This reinforces confidence that cryptographic products perform as intended.

Readers often have practical questions about which algorithms to use, how long current implementations remain acceptable, and how to prepare for future cryptographic changes. This guide is designed to answer those questions in a way that is accessible, structured, and practical. It supports clear prioritization, incremental improvement, and measurable progress. The result is a baseline that can guide security planning, system design, and risk management without overwhelming practitioners.

This is a public document intended for broad distribution and citation. Document status: UNCLASSIFIED (TLP:CLEAR). Publisher: Canadian Centre for Cyber Security, Government of Canada. Intended audience: technology practitioners and organizations responsible for protecting sensitive information using cryptographic controls.

• Click here to download