SP 800-56C Rev. 2 (Draft)

Recommendation for Key-Derivation Methods in Key-Establishment Schemes

Date Published: March 2020
Comments Due: May 15, 2020 (public comment period is CLOSED)
Email Questions to: 800-56C_Comments@nist.gov


Elaine Barker (NIST), Lily Chen (NIST), Richard Davis (NSA)


NIST requests comments on Special Publication (SP) 800-56C Revision 2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, which describes two categories of key-derivation methods that can be used during a key-establishment scheme as defined in SP 800-56A or SP 800-56B. The keying material derived using these methods shall be computed in its entirety before outputting any portion of it and shall only be used as secret keying material. This revision permits the use of “hybrid” shared secrets, and a newly added section specifies the conditions under which multiple instances of key expansion can be performed using a single key-derivation key obtained via randomness extraction.

NOTE: A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



expansion; extraction; extraction-then-expansion; hash function; key derivation; key establishment; message authentication code
Control Families

System and Communications Protection


SP 800-56C Rev. 2 (Draft) (DOI)
Local Download

Supplemental Material:
Comments received on Draft SP 800-56C Rev. 2 (pdf)

Document History:
03/24/20: SP 800-56C Rev. 2 (Draft)
08/18/20: SP 800-56C Rev. 2 (Final)


Security and Privacy
key management