Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FortiCryptoBox

Unified Multi-Algorithm Security IP

What Is FortiCryptoBox?

FortiCryptoBox integrates various combinations of FortifyIQ’s AES, HMAC, ECC/RSA, and PQC engines into a single high-assurance subsystem. Each instance is custom-configured for the specific security, performance, and area requirements of the target device.

Contact Us

FortifyIQ Differentiators for CryptoBox

Security Boutique Customization
Each CryptoBox is tailored to specific throughput, latency, area, RAM, and security requirements, with optional SEU/SET/SEL resilience for aerospace and high-altitude environments. Customization remains flexible up to tape-out.

Exceptional PPA Efficiency
A fully integrated architecture delivers superior power, performance, and area compared to modular or stitched IP solutions.

Soft-Macro and Foundry-Agnostic
Easily migrates across nodes and process technologies with minimal integration effort.

Unified Classical + Post-Quantum Cryptography
Combines RSA, ECC, AES, SHA-2/HMAC with ML-KEM and ML-DSA in a single IP for scalable, long-term security.

Mathematically grounded implementations:
The ultra-low power, ultra-compact algorithm, STORM, features a formal mathematical security proof. The high-performance algorithm, RAMBAM, features a variable which controls the protection strength, configurable up to zero leakage according to the needs of the customer.

High-Assurance SC/FI Resistance
Algorithmic RTL-level resistance to side-channel and fault-injection attacks across all crypto engines. Verified with FortiEDA TVLA and attack testing; FortiAES is third-party validated to AVA_VAN.5.

Native Hybrid-Protocol Support
Enables seamless transition to quantum-safe security with unified classical/PQC operation.

Secure Boot and Device Integrity
Built-in support for secure boot, attestation, authenticated firmware updates, and robust key-management frameworks.

Optimized for High-Performance Workloads
Delivers ultra-fast key exchange, digital signatures, and data-path acceleration for performance-critical platforms.

Designed for High-Assurance Markets
Suitable for aerospace, critical infrastructure, financial, and other systems requiring long-term, certifiable security.

Features

  • Full Elliptic Curve Support
  • RSA-2048, RSA-3072, RSA-4096
  • ML-KEM (Kyber) and ML-DSA (Dilithium)
  • AES-128, AES-192, AES-256
  • Efficient Performance
  • SCA/FIA Protections
  • Patented High-Performance Modulo Multiplication
  • Flexible Interfaces
  • RAM/ROM Firmware Support
  • Security Certification Readiness
  • Low area for embedded deployments

Use Cases

  • Data Centers
  • Secure Networking Equipment
  • Secure Communications
  • High-end Edge Computing
  • Automotive ECUs
  • Embedded and Industrial Control
  • IoT Devices
  • Payment Systems
  • Authentication Tokens
  • Aerospace and satellite systems
  • High-assurance consumer platforms

Available Products

  • Cryptobox IPs (AES + HMAC + ECC/RSA + PQC under unified architecture)


Integration Simplicity

FortiCryptoBox provides a unified interface tailored to SoC architecture, reducing system complexity.

Certification & Assurance Readiness

Meets requirements for SESIP 5, FIPS 140-3/4, and CC EAL6+.

Why Choose FortifyIQ for CryptoBox

It provides a complete cryptographic foundation in a compact, evaluation-ready subsystem with exceptional PPA characteristics.

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details