AES SX-DPA-FIA IP Core – DPA- and FIA-Resistant Balanced FortiCrypt AES IP Core


The AES SX-DPA-FIA IP Core is a part of the FortiCrypt product family. It provides a balanced solution with a gate count comparable to unprotected solutions and the same latency and performance that unprotected solutions have, thereby upholding the original AES design goals of high performance and low latency and gate count.

This is a unique solution in the market since it combines protection against SCA and FIA with the same latency and performance as, and a gate count comparable, to unprotected implementations.

The AES SX-DPA-FIA IP Core, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA), including SIFA.

The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.

The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) methodology at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.

  FortifyIQ  Competitors
High Security
Low Latency
High Performance
Low Power Consumption
Low Gate Count

*We compare only against solutions with uncompromised security

  • Synthesizable Verilog RTL source code
  • Documentation
  • Testbench
  • SDC constraints for synthesis
  • Technical support and assistance
Tech Specs
  • Part Number


  • Short description

DPA- and FIA-resistant balanced FortiCrypt AES IP Core

  • Compliant standard


  • Provider

FortifyIQ, Inc.

  • Maturity

Silicon proven

  • Availability


Request This Core

  • A wide range of configurations to match the user’s cost/performance target
  • Low latency
  • Passes the rigorous Test Vector Leakage Assessment (TVLA) methodology at 1B traces
  • Protected against fault injection attacks, including SIFA
  • Tunable protection level
  • Optional embedded internal PRNG for random masking
  • NIST FIPS-197 compliant
  • AES-128/192/256 encryption and decryption
  • Support of all cipher modes of operation
  • Auxiliary key port hidden from software
  • Configurable choice of interfaces
    • Bare cryptographic core
    • AMBA, AXI, or APB
  • Optional input data FIFO
  • External DMA support
  • Fully synthesizable
  • Ultra-strong side-channel attack protection (at least 1B traces)
  • Protected against fault injection attacks, including SIFA
  • Highest-level security verified, both by FortifyIQ and by a third-party Common Criteria lab.
  • A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.)
  • IoT devices
  • Communications
  • Automotive
  • Secure internet protocols (SSL/TLS, IPSec)
  • Content protection (Set-Top Boxes, SoCs)
  • Virtual Private Networks (VPN)
  • Storage, disk encryption