Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FAQ: Our Post Quantum Cryptography (PQC)

FAQ Categories

Why Post-Quantum Cryptography Matters

Is post-quantum cryptography really needed today?

Yes. Data encrypted today can be recorded and decrypted later once quantum computers mature (“harvest now, decrypt later”). Sensitive data is already at risk.
In addition, long-lived systems, such as industrial, automotive, medical, defense, and infrastructure, must be protected now. NIST and major security agencies plan to deprecate classical public-key cryptography around 2030 and disallow it by 2035.

PQC is standardized and production-ready. NIST has selected and standardized algorithms such as ML-KEM (key establishment) and ML-DSA (digital signatures), which are already being deployed in real systems.

PQC Algorithms and Cryptographic Coverage

ML-KEM and ML-DSA are post-quantum asymmetric cryptography primitives:

    • ML-KEM (Key Encapsulation Mechanism) establishes shared secret keys
    • ML-DSA (Digital Signature Algorithm) generates digital signatures

Together, they cover all public-key (asymmetric) cryptographic needs.

NIST-standardized PQC algorithms fall into different mathematical families, each with distinct implementation characteristics:

  • Lattice-based (ML-KEM, ML-DSA)

The most widely adopted family; efficient, well-analyzed, and suitable for embedded, edge, and data-center platforms.

  • Hash-based ( SLH-DSA )
    Very conservative security assumptions, but much larger signatures and higher computational cost.

FortifyIQ focuses on ML-KEM and ML-DSA as they provide the best balance of security, performance, and deployability.

Yes, for most systems.

  • ML-KEM replaces classical key exchange mechanisms (RSA, DH, ECDH)
  • ML-DSA replaces classical digital signature schemes (RSA, ECDSA, EdDSA)

Together, they cover secure communications, authentication, firmware signing, and secure boot chains.

  • ML-KEM + ML-DSA are sufficient for the vast majority of real-world deployments, although in certain applications, SLH-DSA may be preferred. 

Yes. AES-256 (encryption) and HMAC-SHA-512 (integrity and authenticity) are inherently quantum-safe.
PQC replaces classical public-key cryptography, not symmetric cryptography. Together, ML-KEM, ML-DSA, AES-256, and HMAC-SHA-512 form a complete, high-assurance, quantum-safe cryptographic stack.

No. PQC replaces RSA and ECC (public-key cryptography). Symmetric cryptography remains essential for data protection.

Implementation Security: SCA & FIA

Yes, if not explicitly protected at all stages of the algorithms.

Academic research has repeatedly shown that:

  • Secret keys can be recovered with as little as a single trace
  • Attacks target polynomial arithmetic, sampling, and especially compression and decompression in ML-KEM and ML-DSA
  • Even implementations using standard share-based masking often leave critical stages unprotected

As a result, a NIST-approved PQC algorithm can be completely broken at the implementation level.

FortifyIQ’s PQC libraries are designed specifically to address these weaknesses, including stages not covered by other implementations to the best of our knowledge.

Using a patented algorithmic protection method (from the same family as our AVA_VAN.5 AES), FortifyIQ’s PQC libraries were validated with 100,000 TVLApower traces with zero side-channel leakage, covering all stages of the algorithms. Our validation includes:
  • In-house evaluation in simulation and on physical devices
  • TVLA-based SCAtesting
  • Third-party certification (in process)
The libraries meet the highest security certification levels.

Software vs Hardware PQC

Yes.
Unlike symmetric cryptography, PQC is used during key exchange, authentication, or signature verification. It is not part of the high-throughput data path.
As a result, high-assurance software PQC is reasonable even for data centers and high-end systems, until a protected hardware PQC implementation is integrated and deployed.

The real advantages of hardware are:

  • Higher performance
  • Lower energy per operation
  • A higher level of fault-injection resistance for the most demanding threat models

FortifyIQ software PQC already provides high-assurance FI resistance, while hardware is available when the highest protection level is required.

PQC requires more memory than classical public-key cryptography due to larger keys, polynomial arithmetic, and intermediate buffers.
Despite this, FortifyIQ’s library stack is designed to use very minimal RAM, enabling deployment even on area-constrained devices. Actual figures depend on configuration and will be provided under NDA.

No, they do not.

FortifyIQ’s PQC software:

  • Runs on standard CPUs
  • Enables PQC even on legacy platforms

When hardware security is available, FortifyIQ’s hardware IP integrates seamlessly using a unified software ↔ hardware API.

Migration, Agility, and Lifecycle

Hybrid cryptography combines classical (RSA/ECC) and post-quantum (ML-KEM/ML-DSA) algorithms. During the transition to PQC, one device may support PQC while the other is still legacy. Hybrid solutions ensure secure communication across this transition. FortifyIQ provides hybrid IP cores and libraries combining classical crypto, PQC, AES, and HMAC or any subset of the above, all with SCA/FIA protection.
While standardized PQC algorithms are expected to remain stable, NIST emphasizes cryptographic agility as an operational necessity, including the ability to introduce new algorithms and update existing ones as standards and recommendations evolve.
FortifyIQ’s products support OTA/FOTA updates of algorithms, parameters, and protections, enabling mitigation of emerging threats and alignment with updated standards without hardware redesign.
Yes. This is a FortifyIQ design principle.
  • Identical APIs for software and hardware
  • No application-level changes required
  • Per-algorithm migration (PQC, ECC/RSA, AES, HMAC independently)
This enables secure deployment today and smooth migration to hardware when required.

FortifyIQ Differentiation

FortifyIQ provides tailored cryptographic solutions optimized per device and use case, including tunable:

  • Power
  • Performance
  • Memory
  • Security level


Each product is configured to meet exact system constraints and certification requirements.

Yes. FortifyIQ provides quantum-ready, Caliptra-compatible solutions. Our advantages include:
  • Greater compactness
  • Flexibility in PPA trade-offs
  • Tailored Roots of Trust optimized per device
FortifyIQ delivers:
  • Certifiable, high-assurance PQC in software and hardware
  • Proven SCA and FIA resistance
  • Outstanding power, performance, and area efficiency
  • A single unified API across software and hardware
This enables secure deployment today and easy migration tomorrow.

Still Have Questions?

Ask us!

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details