NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Publishes SP 800-108 Revision 1, Recommendation for Key Derivation Using Pseudorandom Functions

NIST is pleased to announce the release of Special Publication (SP) 800-108r1, Recommendation for Key Derivation Using Pseudorandom Functions.

Share

NIST is pleased to announce the release of Special Publication (SP) 800-108r1, ***Recommendation for Key Derivation Using Pseudorandom Functions***. This publication specifies techniques for the derivation of additional keying material from a secret cryptographic key using pseudorandom functions. The key-derivation functions specified in the original edition of SP 800-108 (2008) used the Keyed-hash Message Authentication Code (HMAC) and Cipher-based MAC (CMAC) as pseudorandom functions.

This revision adds a Keccak-based MAC (KMAC) key-derivation function. It also discusses key-control issues when using CMAC as a pseudorandom function, as well as methods to prevent a single party from controlling the derived key block.

Information technology, Cybersecurity and privacy and Cryptography
Released August 18, 2022, Updated August 29, 2025
Was this page helpful?