Side-channel countermeasure for SHA-3 at almost-zero area overhead

Keccak is a hashing function selected by NIST as the SHA-3 standard. Keccak provides an interesting opportunity to have a single core that can perform hashing, MAC generation, authenticated encryption and more. For all applications that involve processing of a secret key, side-channel protection should be considered. Indeed, Keccak authors proposed threshold implementations using three and four shares. However, their proposal contradicts using the same core in different applications. Using a threshold implementation for unkeyed application will involve a huge loss of performance (3x to 4x). In this paper, we solve this problem by proposing a countermeasure that employs a new message format and requires only two gates at 3.7 GE. For unkeyed applications, there will be no loss of any kind. For keyed applications, there will be a one-time performance loss that can be trivialized at long message lengths. Our contribution is essential to provide a single core for all the protected and unprotected applications of SHA-3.