Contact Us

FortiPKA — Hardware Public Key Accelerator

of Classic ECC and RSA algorithms

What Is FortiPKA?

FortiPKA delivers RSA and ECC algorithms with advanced protection against side-channel and fault injection attacks, including multi-layered SCA/FIA protections, it offers robust, security-certifiable cryptography with minimal performance degradation. The IP is engineered to meet or exceed rigorous security certification standards across all levels of FIPS 140-3 and Common Criteria.

FortiPKA Hardware IPs

FortiPKA Hardware soft macro IPs deliver asymmetric cryptography with certifiable resistance to side-channel and fault-injection attacks (SCA/FIA). Implementing RSA and ECC aligned with NIST standards, these cores provide extraordinary PPA.

FortifyIQ Differentiators for PKA

Intrinsic SCA/FIA resistance with algorithm-level hardening.
Secure FOTA updates address emerging threats.

Unified SW–HW interface enabling immediate deployment on legacy devices, and simple migration to hardware implementation.

Boutique tailoring for latency, area, or power targets, radiation hardening, and certification targets. Customization is flexible until tape-out.

Software libraries with minimal RAM use for legacy or cost-sensitive systems.

High-performance hardware intrinsically hardened and validated against side-channel and fault injection attacks.

Soft-macro, process-agnostic design.

Full internal lab validation via FortiEDA in simulation, on an FPGA board and in silicon

Features

  • A patented high-performance modulo multiplication algorithm contributes to the core’s compactness and speed
  • Secure ECC and RSA operations
  • Configurable key sizes and curves
  • Configurable performance/size tradeoff
  • Side-channel-hardened modular arithmetic
  • Supports FIPS 140-3 up to Level 4, Common Criteria AVA_VAN.5, SESIP up to Level 5 certification targets
  • Customization is flexible until tape-out

Use Cases

FortiPQC Hardware soft macro IPs

FortiPKA hardware soft macro IPs provide asymmetric cryptography RSA/ECC, SCA/FIA-resistant security with exceptional Power-Performance-Area (PPA) and full design portability. They integrate seamlessly into any semiconductor platform, from cost-constrained embedded devices to advanced data-center and multi-chip systems.

  • Key exchange, signatures, and attestation
  • Secure boot frameworks
  • Authentication protocols
  • Smart cards, IoT devices, cryptocurrency wallets
  • Government systems

Available Products

Integration Simplicity

Identical API across software and hardware allows early migration without rewriting application logic.

Certification & Assurance Readiness

Supports CC EAL6+, SESIP 5, FIPS 140-3/4, and AVA_VAN.5 requirements.

Why Choose FortifyIQ for PKA

FortiPKA provides hardened arithmetic and high-assurance security without the typical performance degradation found in protected RSA/ECC implementations.

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details