Conformance to Suite-B Cryptography requirements

Suite B is a set of cryptographic algorithms used for encryption, key exchange, digital signature, and hashing. As per RFC 6460, the Fact Sheet on Suite B Cryptography requires key establishment and authentication algorithms based on Elliptic Curve Cryptography and encryption using AES.

In particular, Suite B includes the following:

Advanced Encryption Standard (AES) – FIPS 197 (with key sizes of 128 and 256 bits)
Elliptic Curve Digital Signature Algorithm (ECDSA) using 256 and 384 bit prime module curves – digital signatures
Elliptic Curve Diffie-Hellman (ECDH) using 256 and 384 bit prime module curves – key exchange
Secure Hash Algorithm 2 (SHA-256 and SHA-384) – message digest
Additional PKI / Certificate management requirements: Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)

Suite B algorithms are defined to support two minimum levels of security, minLoS, with security strengths of 128 and 192 bits:

minLOS-128
minLOS-192

The level of security is determined by the strength of the keys.