NSA Suite B Cryptography

Suite B is a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It is to serve as an interoperable cryptographic base for both unclassified information and most classified information. Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is intended for highly sensitive communication and critical authentication systems.

Suite B's components are:
 * Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. For traffic, AES should be used with the Galois/Counter Mode (GCM) mode of operation (see Block cipher modes of operation) — symmetric encryption
 * Elliptic Curve Digital Signature Algorithm (ECDSA) — digital signatures
 * Elliptic Curve Diffie–Hellman (ECDH) — key agreement
 * Secure Hash Algorithm 2 (SHA-256 and SHA-384) — message digest

Per CNSSP-15, the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information.

Certicom Corporation of Ontario Canada holds some elliptic curve patents, which have been licensed by NSA for U.S. government use. These include patents on ECMQV, but ECMQV has been dropped from Suite B. AES and SHA had been previously released and have no patent restrictions.

In December 2006, NSA submitted an Internet Draft on implementing Suite B as part of IPsec. This draft has been accepted for publication by IETF as RFC 4869, later obsoleted by RFC 6379.