Contact Us

FortifyIQ Secure
Systems Boutique

Customized cryptography in hardware and software, Roots of Trust,
and secure subsystems configured for each device, ensuring certification and resistance against side-channel and fault injection attacks.

FortifyIQ supports our customers’ product security as a security and cryptography boutique. We do not sell only fixed, one-size-fits-all products, but also configure every solution precisely to the needs of each device, application, and deployment environment, from ultra-constrained smart cards and IoT nodes to high-performance SoCs, data centers, and cloud platforms.

Our services ensure that security, performance, power, and area are balanced optimally, without compromising certifiable high-assurance protection against side-channel and fault-injection attacks.

Tailored by Design

Most security vendors offer fixed hardware IP or predefined software packages. FortifyIQ takes a fundamentally different approach.

Our products, cryptographic software libraries and hardware IP cores, are fully configurable, including:

  • Area, performance, power, and security level
  • Algorithm variants and parameters
  • Key sizes and cryptographic profiles
  • Design trade-offs up to tape-out (for hardware IP)

This allows each customer to deploy fully protected cryptography, while we configure the power, performance, and area trade-offs to match the priorities of each device, whether that means ultra-small area and minimal power for constrained IoT nodes, or maximum throughput for high-performance systems.

Best-in-Industry PPA with High Assurance Security

A core differentiator of FortifyIQ is our ability to deliver outstanding Power, Performance, and Area (PPA) even with advanced SCA/FIA protections enabled.

Our boutique configuration process ensures:

  • Minimal security tax, even at high assurance levels
  • Optimized designs for both constrained 
and high-throughput systems
  • Consistent protection across software 
and hardware implementations

This enables customers to deploy strong cryptographic protection where it was previously considered impractical.

Post-Quantum Security,
End-to-End

FortifyIQ provides post-quantum cryptography implementations hardened against side-channel and fault-injection attacks across all stages of the algorithms, including stages that are typically not covered by standard masking techniques.

This applies to modern PQC schemes such as ML-KEM, ML-DSA, SLH-DSA, XMSS, XMSS-MT, LMS, LMS/HSS and is available in both software and hardware configurations, tailored to the target platform.

Our Services

Security &
System Analysis

  • Analysis of system architecture and threat model
  • Collection of specifications and security requirements
  • Identification and recommendation of optimal cryptographic and protection strategies

Design &
Configuration

  • High-level design proposal and review
  • Configuration creation tailored to device constraints
  • Low-level design review and updates as required

Optimization & Integration

You provide the constraints. We deliver the security.

  • Optimization across area, performance, power, 
and security level
  • Detailed integration instructions: As simple as standard implementations, with no additional constraints
  • Configuration of IP cores and libraries
  • Troubleshooting and iterative refinement

(Hands-on integration support can be provided as part of a dedicated engagement.)

Verification, Validation & Tooling

  • Use of FortifyIQ studio and EDA tools for security evaluation
  • Verification and validation reporting
  • Lab testing and optional initial off-site monitoring

FortifyIQ tools may be licensed for customer use, with guidance on correct operation and interpretation of results.

Validation performed directly by FortifyIQ can be provided where required as a dedicated service.

Certification Support

FortifyIQ supports customers throughout high-assurance certification preparation by providing comprehensive technical documentation and evidence, including:

  • Functional specifications (e.g., Common Criteria ADV_FSP)
  • Functional and security test materials (e.g., Common Criteria ATE_FUN)
  • Test coverage and depth documentation (e.g., Common Criteria ATE_COV and ATE_DPT)
  • Security proofs, validation results, and supporting academic material
  • Integration-specific security documentation

While certification outcomes ultimately depend on the evaluation body, FortifyIQ provides all materials and technical support within its responsibility to enable a successful assessment.

Additional assistance during the evaluation process, including direct interaction with certification bodies or hands-on support, can be provided as part of a dedicated engagement, where needed.

Knowledge Transfer & 
Customer Enablement

  • Technical walkthroughs of the configured libraries and IP cores
  • Explanation of design choices, security mechanisms, 
and configuration trade-offs
  • Guidance on correct integration and usage within the customer’s development flow

 

Sustainable Deployment

  • Documentation and guidance to support internal maintenance and future adaptations
  • Support for evolving requirements, such as new device variants or algorithm updates

What’s Included vs. Optional Services

FortifyIQ Secure Systems Boutique offerings include a range of tailored design and support capabilities. To help budget planning, core documentation and configuration guidance are included with product delivery. Additional engagements, such as hands-on integration assistance, EDA tool licenses, lab validation, and direct certification support, are available as separate, fee-based services. Please contact sales for detailed pricing and scope.

Contact Us

A True Boutique Approach

  • Precisely configured per device and application

  • Post-quantum security beyond standard masking capabilities
  • Support from early design through certification and deployment
  • Best-in-class PPA with high-assurance SCA/FIA protection
  • Deep technical involvement, offered as a dedicated service
FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details