Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-108 Rev. 1 (Initial Public Draft)

Recommendation for Key Derivation Using Pseudorandom Functions

Date Published: October 18, 2021
Comments Due: January 18, 2022 (public comment period is CLOSED)
Email Questions to:

Planning Note (08/17/2022): The final release of NIST SP 800-108r1 is now available, along with public comments and resolutions for the October 2021 public draft.


Lily Chen (NIST)


This document specifies families of key derivation functions for deriving additional keys from existing cryptographic keys.

This revision specifies key derivation functions using Keccak-based message authentication codes (KMAC) in addition to key derivation functions using keyed-hash message authentication codes (HMAC) and cipher-based message authentication codes (CMAC).

NOTE:  A call for patent claims is included on page iii of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



CMAC; HMAC; key derivation; KMAC; pseudorandom function
Control Families

None selected


Download URL

Supplemental Material:
Comments and resolutions (pdf)

Document History:
10/18/21: SP 800-108 Rev. 1 (Draft)
08/17/22: SP 800-108 Rev. 1 (Final)


Security and Privacy

key management, random number generation