Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NIST Proposes to Update SP 800-56A and Revise SP 800-56C
NIST's Crypto Publication Review Board proposes to update Special Publication 800-56A and revise SP 800-56C. Submit public comments through Monday, September 15, 2025.
In December 2024, NIST's Crypto Publication Review Board initiated a review of the following Special Publications (SP):
- NIST SP 800-56Ar3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (2018)
- NIST SP 800-56Br2, Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography (2019)
- NIST SP 800-56Cr2, Recommendation for Key-Derivation Methods in Key-Establishment Schemes (2020)
In response, NIST received public comments.
NIST proposes to:
- update SP 800-56Ar3
- reaffirm SP 800-56Br2
- revise SP 800-56Cr2
Submit comments on this decision by September 15, 2025 to cryptopubreviewboard [at] nist.gov (subject: Comments%20on%20Decision%20Proposal%20of%20SP%20800-106) (cryptopubreviewboard[at]nist[dot]gov) with "Comments on SP 800-56 Decision Proposal" in the subject line. Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.
Details
The main goals for the update of SP 800-56Ar3 are the following:
- Approve x-coordinate-only implementations of certain ECC key-agreement schemes that are widely adopted and essentially equivalent to the existing specifications
- Align with the curve requirements that are already specified in SP 800-186
- Improve the editorial quality
Contrary to requests in several of the public comments, NIST does not propose to approve the X25519 and X448 key exchange schemes, regarding new schemes as secondary in the ongoing transition to post-quantum cryptography. Other public comments may be addressed in the update.
NIST proposes to reaffirm SP 800-56Br2 because no significant changes were suggested in the public comments.
The main goals for the revision of NIST SP 800-56Cr2 are the following:
- Allow the shared secret Z to include (or equal) a shared secret obtained from an approved key-encapsulation mechanism (KEM)
- Allow greater flexibility in the formatting of hybrid shared secrets
- For the two-step key derivation method, allow KMAC as an option for the randomness extraction step (in addition to the expansion step)
Other public comments may be addressed in the revision.