Lightweight Unified Sha-3/Shake Architecture with a Fault-Resilient State

TL;DR

This paper presents a lightweight, unified Sha-3/Shake hash engine with a fault-resilient design using multidimensional parity checks, achieving high fault detection and reduced area overhead suitable for resource-constrained post-quantum cryptography systems.

Contribution

A novel unified hash engine supporting Sha-3 and Shake with integrated fault detection based on cube structure parity checks, covering all standard configurations.

Findings

Achieves 100% fault detection for three faults in Keccak state.

Reduces area overhead by 3.7 times with multidimensional cross-parity checks.

Overall 4.5 times smaller fault-resilient engine in ASIC and FPGA implementations.

Abstract

Hash functions have become a key part of standard Post-quantum cryptography (PQC) schemes, especially Sha-3 and Shake, calling arXiv:submit/7045552 [cs.AR] 3 Dec 2025 for lightweight implementation. A fault-resilient design is always desirable to make the whole PQC system reliable. We, therefore, propose a) a unified hash engine supporting Sha-3 and Shake that follows a byte-wise in-place partitioning mechanism of the so-called Keccak state, and b) an according fault detection for Keccak state protection exploiting its cube structure by deploying two-dimensional parity checks. It outperforms the state-of-the-art (SoA) regarding area requirements at competitive register-level fault detection by achieving 100% detection of three and still near 100% of higher numbers of Keccak state faults. Unlike SoA solutions, the proposed unified hash engine covers all standard hash configurations. Moreover, the introduced multidimensional cross-parity check mechanism achieves a 3.7x improvement in area overhead, with an overall 4.5x smaller fault-resilient engine design as demonstrated in ASIC and FPGA implementations. Integrated into a RISC-V environment, the unified hash engine with the integrated fault-resilient mechanism introduced less than 8% area overhead. Our approach thus provides a robust and lightweight fault-detection solution for protecting hash functions deployed in resource-constrained PQC applications.