NIST has published Special Publication (SP) 800-56C Revision 2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, which describes two categories of key-derivation methods that can be used during a key-establishment scheme as defined in SP 800-56A or SP 800-56B. The keying material derived using these methods shall be computed in its entirety before outputting any portion of it and shall only be used as secret keying material. This revision permits the use of “hybrid” shared secrets, and a newly added section specifies the conditions under which multiple instances of key expansion can be performed using a single key-derivation key obtained via randomness extraction.
Security and Privacy: key management