To address the substantial area overhead, performance bottlenecks, and regulatory compliance shortcomings arising from off-chip encryption in NAND flash storage, this paper proposes FlashVault—the first on-die self-encrypting architecture with zero silicon area overhead. FlashVault innovatively repurposes idle storage cell regions in 4D V-NAND to embed a reconfigurable cryptographic engine, natively supporting symmetric (AES), asymmetric (RSA, ECDSA), and post-quantum (CRYSTALS-Kyber) algorithms for chip-level data encryption and digital signature generation. Each NAND die hosts an isolated, hardware-enforced security enclave without requiring additional logic area—verified via RTL synthesis and place-and-route. The architecture enables algorithm-level parallelism and dynamic resource scheduling. Experimental evaluation demonstrates speedups of 1.46–3.45× over CPU-based encryption and 1.02–2.01× over near-core processing architectures, significantly enhancing energy efficiency and cryptographic compliance for secure SSDs.

We present FlashVault, an in-NAND self-encryption architecture that embeds a reconfigurable cryptographic engine into the unused silicon area of a state-of-the-art 4D V-NAND structure. FlashVault supports not only block ciphers for data encryption but also public-key and post-quantum algorithms for digital signatures, all within the NAND flash chip. This design enables each NAND chip to operate as a self-contained enclave without incurring area overhead, while eliminating the need for off-chip encryption. We implement FlashVault at the register-transfer level (RTL) and perform place-and-route (P&R) for accurate power/area evaluation. Our analysis shows that the power budget determines the number of cryptographic engines per NAND chip. We integrate this architectural choice into a full-system simulation and evaluate its performance on a wide range of cryptographic algorithms. Our results show that FlashVault consistently outperforms both CPU-based encryption (1.46~3.45x) and near-core processing architecture (1.02~2.01x), demonstrating its effectiveness as a secure SSD architecture that meets diverse cryptographic requirements imposed by regulatory standards and enterprise policies.