Contact Us

FAQ: Our Post Quantum Cryptography (PQC)

FAQ Categories

Why Post-Quantum Cryptography Matters

Is post-quantum cryptography really needed today?

Yes. Data encrypted today can be recorded and decrypted later once quantum computers mature (“harvest now, decrypt later”). Sensitive data is already at risk.
In addition, long-lived systems, such as industrial, automotive, medical, defense, and infrastructure, must be protected now. NIST and major security agencies plan to deprecate classical public-key cryptography around 2030 and disallow it by 2035.

PQC is standardized and production-ready. NIST has selected and standardized algorithms such as ML-KEM (key establishment) and ML-DSA (digital signatures), which are already being deployed in real systems.

PQC Algorithms and Cryptographic Coverage

FortifyIQ supports a broad set of NIST-standardized and widely adopted post-quantum algorithms, available in both hardened software and hardware implementations.

Our current PQC portfolio includes:

  • ML-KEM (key establishment)

  • ML-DSA (digital signatures)

  • SLH-DSA (hash-based signatures)

  • XMSS and XMSS-MT (stateful hash-based signatures)

  • LMS and LMS/HSS (stateful hash-based signatures)

All supported algorithms are implemented using inherently side-channel and fault-injection resistant designs, protecting all algorithm stages, not just the core arithmetic.

Most PQC offerings focus on algorithm availability. FortifyIQ focuses on real-world security and long-term deployability:

  • Hardened software and hardware
    Each algorithm is available in both software and hardware, protected using the same algorithmic SCA/FIA-resistant paradigm.

  • Software-first, hardware-ready
    Systems can deploy PQC immediately in software and later migrate to hardware acceleration without changing APIs or the application stack.

  • True crypto-agility
    Algorithms, parameter sets, and their protections are designed to be OTA/FOTA-updatable, enabling adaptation to:

    • New cryptanalytic results

    • Emerging side-channel or fault attacks

    • Evolving standards and profiles

  • Configurable for real systems
    Implementations are tunable for performance, power, and memory footprint, enabling deployment from constrained devices to data-center-class systems.

Different systems have different constraints:

  • ML-DSA for general-purpose, high-performance PQC signatures

  • SLH-DSA for conservative, hash-based security

  • XMSS / LMS families for environments requiring long-term cryptographic assurance and well-understood security assumptions

FortifyIQ enables coexistence and migration between these schemes under a unified cryptographic architecture.

Yes. AES-256 (encryption) and HMAC-SHA-512 (integrity and authenticity) are inherently quantum-safe.
PQC replaces classical public-key cryptography, not symmetric cryptography. Together, PQC, AES-256, and HMAC-SHA-512 form a complete, high-assurance, quantum-safe cryptographic stack.

No. PQC replaces RSA and ECC (public-key cryptography). Symmetric cryptography remains essential for data protection.

Implementation Security: SCA & FIA

Yes, if not explicitly protected at all stages of the algorithms.

Academic research has repeatedly shown that:

  • Secret keys can be recovered from as little as a single trace with DPA, in SLH-DSA.

  • Attacks often target polynomial arithmetic, sampling, and compression/decompression in ML-KEM and ML-DSA.

  • Even implementations using standard share-based masking leave critical stages unprotected.

  • Consequently, a NIST-approved PQC algorithm can be compromised at the implementation level.

FortifyIQ’s PQC libraries are designed to address these vulnerabilities, protecting even algorithm stages that are typically left exposed.

Note on XMSS: The XMSS scheme is inherently more side-channel friendly.

They use a patented algorithmic protection method (from the same family as our AVA_VAN.5 validated AES). FortifyIQ’s PQC libraries were validated with 100,000 TVLApower traces with zero side-channel leakage, covering all stages of the algorithms. Our validation includes:
  • In-house evaluation in simulation and on physical devices
  • TVLA-based SCAtesting
  • Third-party certification (in process)
The libraries meet the highest security certification levels.

Software vs Hardware PQC

Yes.
Unlike symmetric cryptography, PQC is used during key exchange, authentication, or signature verification. It is not part of the high-throughput data path.
As a result, high-assurance software PQC is reasonable even for data centers and high-end systems, until a protected hardware PQC implementation is integrated and deployed.

The real advantages of hardware are:

  • Higher performance
  • Lower energy per operation
  • A higher level of fault-injection resistance for the most demanding threat models

FortifyIQ software PQC already provides high-assurance FI resistance, while hardware is available when the highest protection level is required.

FortifyIQ’s library stack is designed to use very minimal RAM, enabling deployment even on area-constrained devices. Actual figures depend on configuration and will be provided under NDA.

No, they do not.

FortifyIQ’s PQC software

  • Runs on ultra-low-power devices, microcontrollers, standard processors, and even data-center CPUs

  • Enables PQC on legacy platforms and where hardware security is not yet deployed

  • Offers an unmatched combination of security and performance for software-only deployments

  • Integrates seamlessly with FortifyIQ hardware IP via a unified software ↔ hardware API

Migration, Agility, and Lifecycle

Hybrid cryptography combines classical (RSA/ECC) and post-quantum algorithms. During the transition to PQC, one device may support PQC while the other is still legacy. Hybrid solutions ensure secure communication across this transition. FortifyIQ provides hybrid IP cores and a full library stack combining classical crypto, PQC, AES, and HMAC or any subset of the above, all with SCA/FIAprotection.
While standardized PQC algorithms are expected to remain stable, NIST emphasizes cryptographic agility as an operational necessity, including the ability to introduce new algorithms and update existing ones as standards and recommendations evolve.

FortifyIQ’s products support OTA/FOTAupdates of algorithms, parameter sets, and protections, enabling mitigation of emerging threats and alignment with updated standards without hardware redesign.

Newly standardized algorithms will be available by OTA in hardened software implementations, ready for migration to hardware on the same API.

Yes. This is a FortifyIQ design principle.
  • Identical APIs for software and hardware
  • No application-level changes required
  • Per-algorithm migration (PQC, ECC/RSA, AES, HMAC independently)
This enables secure deployment today and smooth migration to hardware when required.

FortifyIQ Differentiation

FortifyIQ provides tailored cryptographic solutions optimized per device and use case, including tunable:

  • Power
  • Performance
  • Memory
  • Security level


Each product is configured to meet exact system constraints and certification requirements.

Yes. FortifyIQ provides quantum-safe, Caliptra-compatible solutions.

Our advantages include:

  • Greater compactness
  • Flexibility in PPA trade-offs
  • Tailored Roots of Trust optimized per device
FortifyIQ delivers:
  • Certifiable, high-assurance PQC in software and hardware
  • Proven SCA and FIAresistance
  • High-performance, compact PQC software with low software power consumption
  • Outstanding power, performance, and area efficiency in hardware
  • A single unified API across software and hardware
  • End-to-end, OTA-enabled crypto-agility and seamless migration from software to hardware
This enables secure deployment today, continuous adaptation to evolving standards, and seamless migration from software to hardware.

Still Have Questions?

Ask us!

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details