Lightweight Unified Sha-3/Shake Architecture with a Fault-Resilient State

Abstract

This paper presents a lightweight, unified hardware architecture for SHA-3 and SHAKE hash functions, specifically designed for resource-constrained Post-quantum Cryptography (PQC) applications. The core innovation is a fault-resilient design that uses a novel multidimensional cross-parity check mechanism on the Keccak state, achieving near-perfect fault detection. This approach significantly minimizes hardware requirements, demonstrating a 4.5x smaller fault-resilient engine design compared to state-of-the-art solutions while maintaining compatibility with all standard hash configurations.

Report

Key Highlights

• Unified Support: The architecture provides a unified hash engine capable of supporting all standard SHA-3 and SHAKE configurations.
• Fault Resilience: It incorporates a fault detection mechanism utilizing two-dimensional parity checks, exploiting the Keccak state's cube structure.
• Superior Detection Rate: The design achieves 100% detection for three Keccak state faults and remains near 100% for higher numbers of faults.
• Area Efficiency: The overall fault-resilient engine design is 4.5x smaller than state-of-the-art (SoA) solutions, and the fault detection mechanism alone yields a 3.7x area overhead improvement.
• RISC-V Integration: When integrated into a RISC-V environment, the complete fault-resilient engine introduced less than 8% area overhead.

Technical Details

• Architecture Method: The engine employs a byte-wise in-place partitioning mechanism of the Keccak state to achieve unification and light weight.
• Fault Protection Method: Fault detection is implemented via a multidimensional cross-parity check mechanism applied to the Keccak state, specifically exploiting its inherent cube structure.
• Comparison: The proposed solution covers all standard hash configurations, which is cited as an advantage over previous SoA solutions that often lack full coverage.
• Implementation: The lightweight engine and integrated fault-resilient mechanism were demonstrated and verified through both ASIC and FPGA implementations.

Implications

• PQC Adoption Acceleration: SHA-3 and SHAKE are fundamental components of many PQC algorithms. Providing a highly efficient, small, and robust hardware accelerator removes a major implementation barrier for deploying quantum-resistant cryptography, especially in performance-sensitive systems.
• Reliability in Edge Computing: For resource-constrained PQC applications—such as IoT devices or embedded systems built on RISC-V—the high fault detection capability protects cryptographic operations from transient faults, increasing system reliability in untrusted or hostile physical environments.
• RISC-V Ecosystem Enhancement: The successful integration with a RISC-V environment with minimal (<8%) area overhead demonstrates that critical, fault-resilient security features can be added efficiently. This makes RISC-V cores more attractive for security-critical domains requiring robust cryptographic hardware acceleration.
• Area Optimization: The demonstrated 4.5x size reduction enables the integration of comprehensive cryptographic functions into smaller silicon footprints, freeing up valuable die area for other computational or application-specific components.