Contact Us

FortifyIQ Secures the Quantum Era with Over-the-Air Updatable Cryptography

FortifyIQ, Inc., a provider of high-assurance hardware and software security solutions and services, announced today the release of FortiPQC, its new post-quantum cryptographic suite designed for certifiable resistance to side-channel and fault-injection attacks (SCA/FIA). The suite comprises soft macro hardware IP cores and software libraries to match any deployment situation. They implement NIST PQC standards (ML-KEM/FIPS203 and ML-DSA/FIPS204) and support a wide range of applications, from cloud to edge to chiplet-based architectures. Both are OTA (over-the-air) updatable, making them adaptable to emerging standards.

The imminent arrival of mature quantum computing, projected within the next decade, threatens to break the asymmetric cryptography (such as RSA and ECC) that currently secures our most critical systems in banking, defense, and energy. In response, new, quantum-resistant algorithms ML-KEM and ML-DSA were standardized by NIST in August 2024. However, these solutions are computationally intensive and vulnerable to well-known attacks like Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA). FortifyIQ’s patented hardware and software implementations provide an efficient remedy, delivering the robust performance and enhanced security required for the post-quantum era.

FortiPQC extends FortifyIQ’s portfolio of algorithmically hardened cryptography, which includes both software libraries and hardware IPs for AES, HMAC-SHA2, ECC/RSA (PKA), and even complete Roots-of-Trust (RoT), with a unified API interface. All FortifyIQ solutions are engineered to meet the most rigorous certification targets, such as FIPS 140-3 Level 4, Common Criteria AVA_VAN.5, and SESIP Level 5, with configurability to device and industry requirements for the optimal balance of protection, performance, area, and power efficiency.

High-Assurance, High-Performance Cryptography Software

FortifyIQ’s hardened software libraries provide certifiable SCA/FIA protection with practical performance levels:

  • FortiAES achieves up to 900 Mbps on a 3.4 GHz CPU and 100 Mbps on a 1.2 GHz ARM core.
  • FortiHMAC-SHA2 and FortiECC/RSA deliver physically hardened authentication and public-key cryptography for secure boot, digital signatures, and key exchange.
  • Like FortifyIQ’s other libraries, FortiPQC delivers high-assurance, certifiable security with performance, latency, and power on par with naive PQC implementations, and only a minimal code-size increase of less than 10%.
  • All libraries require minimal memory and can be deployed over-the-air (OTA) to retrofit certifiable protection into legacy or cost-constrained devices, without hardware changes.
Exceptional Hardware Efficiency

FortifyIQ’s hardware IP family, including FortiAES-SX, FortiHMAC-SHA2, FortiPKA, and FortiPQC, delivers extraordinary Power-Performance-Area (PPA) and proven resilience – validated up to 1 billion traces. They can operate standalone or as part of FortifyIQ’s CryptoBoxes and Roots of Trust (RoT), which combine traditional and post-quantum cryptography under a unified, certifiable architecture.

“While the post-quantum era definitely needs to be prepared for, starting now, post-quantum cryptography must not only be algorithmically strong but also attack-resistant,” said Alexander Kesler, CEO of FortifyIQ. “Using FortiPQC with our proven protections, manufacturers can already deploy post-quantum resilience that’s certifiable, efficient, and field-upgradable, from chip to cloud.”

FortifyIQ’s PQC, AES, HMAC, and ECC/RSA (PKA implementations form a complete, cross-platform security foundation that is algorithmic, foundry-, technology-, and implementation-agnostic, and supports cloud, edge, embedded, and mission-critical environments alike.

About FortifyIQ

FortifyIQ engineers certifiable cryptographic IP cores, software libraries, and roots of trust with traditional and post-quantum algorithms, all hardened against side-channel and fault injection attacks, without compromising performance, area, or energy efficiency. Our solutions are foundry- and platform-agnostic, integrating securely across a wide spectrum, from smart cards and IoT devices to AI accelerators and cloud systems.

Backed by a strong portfolio of granted and pending patents, deep cryptographic research, and formal and practical security proofs, FortifyIQ’s IP is developed and validated using our own pre- and post-silicon EDA tools, enabling systematic evaluation of physical attack resilience.

FortifyIQ delivers advanced cryptography that is certifiable, reliable, and built to meet the challenges of high-assurance, real-world applications.
FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details