You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repository collects the RTL implementations, software reference, and verification work for the Keccak SHA-3 accelerator, developed in the context of a European research project.
Our work spans three areas:
💻 64-bit integration on CVA6 — Standalone RTL core and loosely coupled integration on the 64-bit CVA6 RISC-V processor (this repository, across multiple branches).
Keccak is the permutation-based cryptographic design standardized as SHA-3. Its core primitive is the Keccak-f permutation operating on a 1600-bit state arranged as a 5×5 matrix of 64-bit lanes.
For each round, the state is transformed by five steps:
Theta (θ): mixes columns by XORing each bit with parities from neighboring columns.
Rho (ρ): rotates each lane by a fixed offset.
Pi (π): permutes lane positions.
Chi (χ): applies a non-linear row-wise boolean layer.
Iota (ι): injects a round constant into one lane.
The repeated composition of these steps provides diffusion, confusion, and resistance against known generic attacks.
This repository targets a 64-bit architecture. The RTL core is developed as a standalone module and then integrated as a loosely coupled peripheral into the CVA6 RISC-V processor.
Branches
Branch
Description
main
Software-only Keccak snapshot and theory notes
loosely-standalone
Standalone 64-bit RTL core and ModelSim verification flow
loosely_cva6
Loosely coupled integration overlay for the 64-bit CVA6 RISC-V core, with usage notes
The loosely_cva6 branch contains the files required to wrap the Keccak core as a 64-bit AXI-mapped peripheral and integrate it into the CVA6 platform.
What Is In main
sw/main.c: software-side Keccak usage/example
sw/Makefile: software build flow
Navigating the Branches
For the standalone RTL Keccak module, testbench, and ModelSim scripts:
git checkout loosely-standalone
For the loosely coupled 64-bit CVA6 integration overlay:
git checkout loosely_cva6
32-bit Integration: KRONOS on X-HEEP
A complementary line of work targets a 32-bit RISC-V SoC. The KRONOS repository implements three integration variants of the Keccak accelerator — loosely coupled, tightly coupled, and Instruction Set Extension (ISE) — on the open-source X-HEEP SoC platform.
See the KRONOS README for build and simulation instructions.
📚 Reference Publication:
Valeria Piscopo, Alessandra Dolmeta, Mattia Mirigaldi, Maurizio Martina, and Guido Masera. 2025. A Deep Dive into Integration Methodologies in RISC-V. In Proceedings of the 22nd ACM International Conference on Computing Frontiers: Workshops and Special Sessions (CF '25 Companion). Association for Computing Machinery, New York, NY, USA, 30–33. https://doi.org/10.1145/3706594.3726969
A. Dolmeta, V. Piscopo, M. Mirigaldi, M. Martina and G. Masera, "RISC-V Based Keccak Co-Processor for NIST Post-Quantum Cryptography Standards,"2025 IEEE International Symposium on Circuits and Systems (ISCAS), London, United Kingdom, 2025, pp. 1–5. doi: 10.1109/ISCAS56072.2025.11043433
Verification
Formal and simulation-based verification work for the X-HEEP integration is maintained in two dedicated branches of the keccak_integration repository:
P. Bardonek, A. Dolmeta, M. Zachariášová and G. Masera, "Towards Achieving Vertical Reuse in SoC-Level Verification,"2025 IEEE Nordic Circuits and Systems Conference (NorCAS), Riga, Latvia, 2025, pp. 1–7. doi: 10.1109/NorCAS66540.2025.11231287
Authors
Alessandra Dolmeta
Valeria Piscopo
Mattia Mirigaldi
Petr Bardoneck
Maurizio Martina
Guido Masera
License
This project is licensed under the Apache License 2.0 — see the LICENSE file for details.
Acknowledgement
This work is supported by the EU TRISTAN project with GA 101095947, which has received funding from the Chips Joint Undertaking and its members.
