Accelerating First-Order Secure ML-KEM with Masked SHA-3: Cost, Randomness, and Security Evaluation

Hash functions are fundamental for ensuring authenticity and integrity in digital communications. Their importance has grown with the advent of Post-Quantum Cryptography (PQC), as many newly standardized PQC algorithms, such as ML-KEM, heavily rely on hash functions for pseudo-random number generation. Among available standards, SHA-3, published by NIST in 2015, is the recommended choice for PQC applications. However, its adoption in embedded platforms remains limited, particularly in the presence of security threats such as side-channel attacks (SCAs). To mitigate SCAs, masking techniques are widely employed, but their implementation on SHA-3 accelerators is complex due to the non-linearity of the Keccak function. Domain-Oriented Masking (DOM) provides strong security guarantees but requires a significant amount of randomness, introducing additional implementation costs often overlooked in the literature. For instance, existing DOM implementations of Keccak demand 1600 bits of fresh randomness per clock cycle, raising practical concerns about randomness generation and deployment overhead. In this work, we present a hardware accelerator supporting all the SHA-3 functions with first-order masking countermeasure based on a DOM implementation of the Keccak core. For the generation of the randomness required by the DOM countermeasure, we implemented a randomness dispatcher based on Trivium and Bivium ciphers, and we evaluated the cost in terms of area of the circuit in FPGA and ASIC of the countermeasure and of the randomness generation. In addition, we assess its security through Test Vector Leakage Assessment on FPGA. Finally, the accelerator is integrated into a RISC-V-based 32-bit SoC and used to accelerate a first-order masked implementation of ML-KEM, achieving a speed-up ranging from 95x to 264x for the SHA-3-based functions of the KEM decapsulation.