In December 2024, NIST's Crypto Publication Review Board initiated a review of the following Special Publications (SP):
In response, NIST received public comments.
NIST proposes to:
- update SP 800-56Ar3
- reaffirm SP 800-56Br2
- revise SP 800-56Cr2
Submit comments on this decision by September 15, 2025 to [email protected] with "Comments on SP 800-56 Decision Proposal" in the subject line. Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.
Details
The main goals for the update of SP 800-56Ar3 are the following:
- Approve x-coordinate-only implementations of certain ECC key-agreement schemes that are widely adopted and essentially equivalent to the existing specifications
- Align with the curve requirements that are already specified in SP 800-186
- Improve the editorial quality
Contrary to requests in several of the public comments, NIST does not propose to approve the X25519 and X448 key exchange schemes, regarding new schemes as secondary in the ongoing transition to post-quantum cryptography. Other public comments may be addressed in the update.
NIST proposes to reaffirm SP 800-56Br2 because no significant changes were suggested in the public comments.
The main goals for the revision of NIST SP 800-56Cr2 are the following:
- Allow the shared secret Z to include (or equal) a shared secret obtained from an approved key-encapsulation mechanism (KEM)
- Allow greater flexibility in the formatting of hybrid shared secrets
- For the two-step key derivation method, allow KMAC as an option for the randomness extraction step (in addition to the expansion step)
Other public comments may be addressed in the revision.
