NIST SP 800-133 Rev. 3 Draft: Recommendation for Cryptographic Key Generation
Summary
NIST has released an Initial Public Draft of SP 800-133 Rev. 3, seeking public comments by June 16, 2026. The revision expands asymmetric key-pair generation to include methods for deriving randomness during key generation, adds options for key derivation similar to symmetric keys, introduces seed expansion using SHAKE and DRBGs, and incorporates post-quantum cryptography (PQC) references throughout. Comments are specifically requested on HSM design alignment with existing root seed practices and on PQC implementations including ML-KEM key storage and hybrid classical/post-quantum approaches.
Organizations using hardware security modules or implementing key-derivation functions should identify which of their current practices may be affected by the new seed-expansion provisions using SHAKE and DRBGs. NIST's specific request for input on storing keys as seeds for ML-KEM signals that future HSM requirements may diverge from traditional key-wrapping approaches, making early feedback on implementation feasibility worth submitting before the June 16 deadline.
What changed
NIST SP 800-133 Rev. 3 substantially revises cryptographic key generation guidance by adding randomness derivation methods for asymmetric key-pair generation, introducing seed expansion options using SHAKE and DRBGs, and incorporating post-quantum cryptography references including PQC signatures throughout. The revision also adds key-encapsulation mechanisms as a key-establishment option and aligns text with SP 800-90C on random number generation.
Technology companies, HSM manufacturers, and organizations implementing cryptographic systems should review the draft and submit comments by June 16, 2026. Specific areas where NIST seeks input—HSM design using root seeds/secrets and PQC implementations with ML-KEM key storage as seeds—represent guidance likely to affect future system design and procurement decisions.
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Official websites use .gov
A .gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
Information Technology Laboratory Computer Security Resource Center
- Publications
NIST SP 800-133 Rev. 3 (Initial Public Draft)
Recommendation for Cryptographic Key Generation
Date Published: April 17, 2026
Comments Due: June 16, 2026
Email Comments to: [email protected]
Author(s)
Quynh Dang (NIST), Dustin Moody (NIST), Andrew Regenscheid (NIST), Hamilton Silberg (NIST)
Announcement
This document describes the generation of keys to be managed and used by approved cryptographic algorithms.
Proposed changes in this revision include the following:
- Asymmetric key-pair generation has been expanded to include methods for deriving randomness during key-pair generation.
- Key-pair generation now has options for derivation similar to symmetric keys and new methods for “seed expansion,” which allows for the limited use of SHAKE and deterministic random bit generators (DRBGs).
- Key-encapsulation mechanisms (KEMs) are discussed as a key-establishment option for symmetric key generation, and post-quantum cryptography (PQC) references have been added throughout (e.g., the new PQC signatures).
Text has been reworded to address random number generation in alignment with SP 800-90C.
Comments are especially requested regarding:Hardware security module (HSM) design — How do these requirements align with common practice and existing systems using a root seed/secret value?
PQC implementations and protocol — How do these requirements fit with storing keys as seeds (e.g., for ML-KEM) and performing hybrid (i.e., combined classical and post-quantum) implementations?
Abstract
Cryptography is often used in an information technology security environment to protect data that is sensitive, has high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography relies upon two basic components: an algorithm (or cryptographic methodology) and a cryptographic key. This recommendation discusses the generation of the keys to be managed and used by the approved cryptographic algorithms.
Cryptography is often used in an information technology security environment to protect data that is sensitive, has high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography relies upon two basic components: an algorithm...
Keywords
asymmetric key; key agreement; key derivation; key generation; key replacement; key transport; key wrapping; private key; public key; symmetric key
Control Families
None selected
Documentation
Publication:
https://doi.org/10.6028/NIST.SP.800-133r3.ipd
Download URL
Supplemental Material:
None available
Document History:
04/17/26: SP 800-133 Rev. 3 (Draft)
Topics
Security and Privacy key management
Related changes
Get daily alerts for NIST Publications
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from NIST.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when NIST Publications publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.