Protecting Quantum Era Cryptography. Today.
Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us
To the top

Protecting Quantum Era Cryptography

Today

Classical public-key algorithms such as RSA and ECC will become insecure once large-scale quantum computers are available.

Attackers are already harvesting encrypted data today to decrypt later, once quantum computers become powerful enough to break these algorithms.

To counter this threat, NIST has standardized post-quantum algorithms. 

ML-KEM (based on CRYSTALS-Kyber) and ML-DSA (based on CRYSTALS-Dilithium) in FIPS 203 and FIPS 204.

Contact Us

The Problem

While post-quantum algorithms are mathematically resistant to quantum attacks, their implementations are highly vulnerable to physical attacks, including SCA/FIA attacks, sometimes exploitable with only a single trace.

Masking-based protection methods significantly increase performance, area, and power costs, and many such implementations have already been broken in academia.

The FortifyIQ Difference

FortifyIQ’s algorithmic hardening protects at the mathematical level of the implementation, providing certifiable SCA/FIA resistance without the overhead  of masking.
Validated security – Algorithm from the family proven in FortifyIQ’s AES cores, validated AVA.VAN.5 by a Common Criteria lab.
Compliant by design – Meets FIPS 203, 204, 205, NIST SP 800-208, and ETSI TS 103 619.
Flexible deployment – Available as hardware IP, software libraries, or hybrid CryptoBoxes (PQC+classical cryptography) for migration period.
Seamless migration – Fully OTA/FOTA updatable and compatible with existing RSA/ECC systems.
Secures any device or system, from the smallest embedded controller to large-scale computing infrastructure, without compromising efficiency.

FortiPQC-SW

FortiPQC Software Libraries
Learn More

FortiPQC-HW

FortiPQC Hardware Solutions
Learn More
FortifyIQ AVA_VAN.5
Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details