I've got 21 MSEE interns starting May 15th. Based on your timely suggestion, I will put one of them on the 2 out 3 voting latches/flops protecting the flipped bit just to say we can handle it. Sure, we will do it on GF22fdsoi too (horses for courses), but it seems to me that you are better off making 3 systems in radiation hardened packages rather than making bloated and slower die. This is just my first order opinion.
I think it was a legitimate question. Any radiation/EMI experts in this forum?
Space radiation is not blocked by lead - that works for X-rays, where the dense electron clouds with high-voltage inner orbitals do the work. Radiation from space is stronger stuff, needs nucleii and light elements give you a higher blocking ratio per weight, but it varies a lot since some nucleii love to participate in some reactions, while others do not. But up in space it is mostly just high energy protons (ranging up to absurd energy) so water and plastic (all that hydrogen) are best ratio. But not nearly practical in thickness, mostly. It gets nicely effective at a meter thick.
In practice, your circuit has to live with it. Which means firstly, do not suffer permanent damage. Don't have weak crystals and don't include features prone to avalanche damage when a particle drills through an insulator or a channel that is supposed to be off. This is why specific processes and materials are preferred. They still have glitches, just not permanent ones. Over a decade or so the radiation will add up to permanent damage, but you want a reasonably long life until then.
As for the glitches, which are hopefully just soft errors, you want to detect them. SRAM is easy, SECDED parity should solve it, along with regular sweeps to write back corrections and avoid accumulating dual errors. Busses should have SECDED, too. DRAM is surprisingly good due to its large capacitor size, it has much lower radiation fault rate per bit than SRAM, but there are lots of bits, and the same recipe -ECC and regular sweeps writing back the corrections. I do not offhand know what happens to Flash, but it is likely you want to stick with SLC or MLC for margins and then apply the same sweep strategy.
Which pretty much leaves the logic. There is some progress in using modular checksums within a core, this is what IBM does on its POWER mainframes, so for example a multiply or divide is designed in IP blocks which self-check at some tradeoff for overhead vs. detection ratio. I don't know if that kind of IP is available. I have never heard of anyone building voting circuits down to the gate level. Usually voting is done at a higher level. For most purposes duplication with retry is acceptable, because the dominant fault modes are transient (if you have the right process and material to survive the years needed). Triplicate can be needed for real time.
Just as you say, it is cheaper to replicate whole sub-assemblies because then each of them will have best case performance and low cost.