Conformance to Suite-B Cryptography requirements

Suite B is a set of cryptographic algorithms used for encryption, key exchange, digital signature, and hashing. As per RFC 6460, the Fact Sheet on Suite B Cryptography requires key establishment and authentication algorithms based on Elliptic Curve Cryptography and encryption using AES.

In particular, Suite B includes the following:
  • Advanced Encryption Standard (AES) – FIPS 197 (with key sizes of 128 and 256 bits)

  • Elliptic Curve Digital Signature Algorithm (ECDSA) using 256 and 384 bit prime module curves – digital signatures

  • Elliptic Curve Diffie-Hellman (ECDH) using 256 and 384 bit prime module curves – key exchange

  • Secure Hash Algorithm 2 (SHA-256 and SHA-384) – message digest

  • Additional PKI / Certificate management requirements: Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)

Suite B algorithms are defined to support two minimum levels of security, minLoS, with security strengths of 128 and 192 bits:
  • minLOS-128
  • minLOS-192

The level of security is determined by the strength of the keys.