Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FAQ: Our Post Quantum Cryptography (PQC)

FortifyIQ delivers cryptographic IP and software libraries, and roots of trust that are validated, documented, and can be configured to help your products meet even the highest standards of security and regulatory compliance. Using our advanced EDA tools and closely guided integration support, we ensure that the protections validated in our labs are preserved in your actual devices. This approach gives you a trusted foundation for NIST FIPS 140-3 level 4, Common Criteria up to EAL6+, and industry-specific certifications, while reducing the complexity, time, and cost of achieving compliance. Together, these validations give customers the confidence that FortifyIQ technology provides enduring security for today and tomorrow, including the post-quantum era.

What types of post-quantum algorithms are standardized, and how do they differ?

NIST-standardized PQC algorithms fall into different mathematical families, each with distinct implementation characteristics:

  • Lattice-based (e.g., ML-KEM, ML-DSA)
    The most widely adopted family. Efficient, well-analyzed, and suitable for a broad range of platforms.
  • Hash-based (e.g., SPHINCS+)
    Very conservative security assumptions, but significantly larger signatures and higher computational cost.
  • Code-based
    Strong theoretical foundations but large key sizes, limiting practical deployment in many systems.

FortifyIQ focuses on ML-KEM and ML-DSA, as they represent the best balance of security, performance, and deployability across embedded, edge, and data center environments.

Yes, for most systems.

  • ML-KEM replaces classical key establishment mechanisms such as RSA and ECC-based key exchange.
  • ML-DSA replaces classical digital signature schemes (RSA, ECDSA, EdDSA).

Together, they cover the core public-key functionality required for secure communications, authentication, firmware signing, and secure boot chains.
While other PQC algorithms may be relevant for niche use cases, ML-KEM + ML-DSA are sufficient for the vast majority of real-world deployments.

Yes, if not explicitly protected at all stages of the algorithms.

PQC implementations are highly vulnerable to side-channel attacks, and this has been demonstrated repeatedly in academic research:

  • Secret keys have been recovered with as little as a single trace;
  • Attacks target polynomial arithmetic, sampling, and especially compression and decompression stages in ML-KEM and ML-DSA, and in hashing in the other standardized algorithms;
  • Even implementations using standard share-based masking techniques often leave critical operations unprotected.

This means that a mathematically secure, NIST-approved PQC algorithm can still be completely broken at the implementation level.

FortifyIQ’s PQC libraries are designed specifically to address these weaknesses, including stages not currently covered by other implementations to the best of our knowledge.

No. AES-256 and HMAC-SHA-512 are inherently quantum-safe. PQC replaces classical public-key cryptography.

A secure system combines PQC for key establishment and signatures with symmetric cryptography for data protection.

Yes. Unlike symmetric cryptography (e.g., AES), PQC is used only occasionally, primarily during key exchange, authentication, or signature verification. It is not part of the high-throughput data path. As a result, software PQC is sufficient even for data centers and high-end systems.

The real advantages of hardware are in higher performance, lower power consumption, and a higher level of fault injection resistance, for highest security needs.

PQC algorithms require more memory than classical public-key cryptography due to larger keys, polynomial arithmetic, and intermediate buffers. Despite this, the library stack will use minimal RAM, allowing deployment on most area-constrained devices. Actual figures will vary according to the configuration best fitting the device. (Details available under NDA.)

This makes our high-assurance, high-performance software solutions extremely practical for low-cost embedded devices, where hardware is less practical than minimal RAM.

It is not expected that the standardized PQC algorithms will change. More algorithms may be standardized.

What will likely evolve are new attack techniques. Our products are OTA / FOTA updatable for this purpose.

Yes. This is a basic FortifyIQ design principle.

Identical APIs for software and hardware, with no application-level changes required, enable a smooth migration path where desired. These APIs are per algorithm, so even AES256, HMAC-SHA2-512, can be implemented first as SW libraries, and as hardware when the new design is ready.

This allows organizations to deploy PQC securely today, and migrate to hardware when they are ready, if needed.

Not necessarily. FortifyIQ’s PQC software:

  • Runs on standard CPUs
  • Does not require secure elements or trusted execution environments
  • Enables PQC even on legacy platforms

When hardware security is available, FortifyIQ’s hardware IPs integrate seamlessly with a unified SW ←→ HW API.

Yes. Data encrypted today can be recorded and decrypted later once quantum computers mature (“harvest now, decrypt later”). So sensitive data is already in danger.

Additionally, systems with long lifetimes, such as industrial, automotive, medical, defense, infrastructure, must be protected now, since NIST and major security agencies around the world plan to stop using (deprecate) current encryption methods in 2030 and completely forbid them (disallow) in 2035.

PQC is standardized and production-ready. NIST has selected and standardized algorithms such as ML-KEM (key establishment) and ML-DSA (digital signatures). These algorithms are already being deployed in real systems.

PQC is computationally heavier, especially for signatures and key exchange, but as it’s asymmetric cryptography, it is not used continually.

  • Performance is predictable and manageable
  • Software PQC is sufficient for most use-cases
  • Hardware acceleration can be added later with no software rewrite

FortifyIQ’s approach ensures performance without sacrificing security.

FortifyIQ delivers:

  • High-assurance PQC in software and hardware
  • Proven SCA and FIA resistance
  • Outstanding power, performance, and area efficiency
  • A single API across software and hardware

This enables secure deployment today and easy migration tomorrow.

Still Have Questions?

Ask us!

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details