NIST is pleased to announce the release of Special Publication (SP) 800-108r1, ***Recommendation for Key Derivation Using Pseudorandom Functions***. This publication specifies techniques for the derivation of additional keying material from a secret cryptographic key using pseudorandom functions. The key-derivation functions specified in the original edition of SP 800-108 (2008) used the Keyed-hash Message Authentication Code (HMAC) and Cipher-based MAC (CMAC) as pseudorandom functions.
This revision adds a Keccak-based MAC (KMAC) key-derivation function. It also discusses key-control issues when using CMAC as a pseudorandom function, as well as methods to prevent a single party from controlling the derived key block.