Flexible In-NAND Cryptographic Processing for Secure Flash Storage
Abstract
We present FlashVault, an in-NAND self-encryption architecture that embeds a reconfigurable cryptographic engine into the unused silicon area of a state-of-the-art 4D V-NAND structure. FlashVault supports not only block ciphers for data encryption but also public-key and post-quantum algorithms for digital signatures, all within the NAND flash chip. This design enables each NAND chip to operate as a self-contained enclave without incurring area overhead, while eliminating the need for off-chip encryption. We implement FlashVault at the register-transfer level (RTL) and perform place-and-route (P&R) for accurate power/area evaluation. Our analysis shows that the power budget determines the number of cryptographic engines per NAND chip. We integrate this architectural choice into a full-system simulation and evaluate its performance on a wide range of cryptographic algorithms. Our results show that FlashVault consistently outperforms both CPU-based encryption (1.46~3.45x) and near-core processing architecture (1.02~2.01x), demonstrating its effectiveness as a secure SSD architecture that meets diverse cryptographic requirements imposed by regulatory standards and enterprise policies.
Cite
@article{arxiv.2508.03866,
title = {Flexible In-NAND Cryptographic Processing for Secure Flash Storage},
author = {Seock-Hwan Noh and Hoyeon Lee and Junkyum Kim and Junsu Im and Jay H. Park and Sungjin Lee and Sam H. Noh and Yeseong Kim and Jaeha Kung},
journal= {arXiv preprint arXiv:2508.03866},
year = {2025}
}
Comments
15 pages, 14 figures