Questions About the SHA-3 CRACEN Implementation

Kollin 1 day ago

Hi all,

I am wondering if it is possible to implement SHAKE128 and SHAKE256 (FIPS 202) via the CRACEN hardware accelerator on the nRF54L15. Looking through the nRF Connect SDK (v3.3.0), I can see support for the SHA-3 algorithms, and what appears to be limited (fixed-output-size) support for SHAKE256, but no SHAKE128 or variable-output-size SHAKE256. Here are some specific questions I have:

1. What exactly does the SHA-3 module of CRACEN actually do? Is it just a hardware implementation of Keccak-f, or does it also implement the sponge construction surrounding Keccak-f? If it's the latter, can we specify parameters like the rate/capacity and the output length, or are these hard-wired? I am trying to understand whether it would be feasible to create a custom driver for the SHAKE algorithms.

2. Are there any plans to update the nRF Connect SDK to support variable-length CRACEN-accelerated SHAKE128 and SHAKE256 in the near future?

If you know of any good documentation on the specific CRACEN module behaviors I would be happy to take a look. Thanks!

Parents

0 Sigurd Hellesvik 22 hours ago

Hi,

I will have a look

Regards,
Sigurd Hellesvik
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Sigurd Hellesvik 1 hour ago in reply to Sigurd Hellesvik

1. What exactly does the SHA-3 module of CRACEN actually do? Is it just a hardware implementation of Keccak-f, or does it also implement the sponge construction surrounding Keccak-f? If it's the latter, can we specify parameters like the rate/capacity and the output length, or are these hard-wired? I am trying to understand whether it would be feasible to create a custom driver for the SHAKE algorithms.

Our official support for CRACEN usage is via the PSA Crypto API. And as you can see under Supported Hash algorithms, we only support SHAKE256 512 bits. As you can see, Oberon software crypto drivers support other algorithms, so this is likely the easiest path for thetting SHAKE.

If you this want to have a look at our docs and source code yourself, here are available resources: CRACEN chapter in nRF54L15 datasheet, and CRACEN drivers. And for SHA3, see specicifally drivers/cracen/sxsymcrypt/src/sha3.c.

2. Are there any plans to update the nRF Connect SDK to support variable-length CRACEN-accelerated SHAKE128 and SHAKE256 in the near future?

No, we do not have plans for this in the near future.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Sigurd Hellesvik 1 hour ago in reply to Sigurd Hellesvik

1. What exactly does the SHA-3 module of CRACEN actually do? Is it just a hardware implementation of Keccak-f, or does it also implement the sponge construction surrounding Keccak-f? If it's the latter, can we specify parameters like the rate/capacity and the output length, or are these hard-wired? I am trying to understand whether it would be feasible to create a custom driver for the SHAKE algorithms.

Our official support for CRACEN usage is via the PSA Crypto API. And as you can see under Supported Hash algorithms, we only support SHAKE256 512 bits. As you can see, Oberon software crypto drivers support other algorithms, so this is likely the easiest path for thetting SHAKE.

If you this want to have a look at our docs and source code yourself, here are available resources: CRACEN chapter in nRF54L15 datasheet, and CRACEN drivers. And for SHA3, see specicifally drivers/cracen/sxsymcrypt/src/sha3.c.

2. Are there any plans to update the nRF Connect SDK to support variable-length CRACEN-accelerated SHAKE128 and SHAKE256 in the near future?

No, we do not have plans for this in the near future.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data