Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FIQ-AES01-CL FortiAES High-Assurance Cryptographic Library

FortifyIQ’s AES cryptographic library delivers high-performance protection against side-channel (SCA) and fault injection attacks (FIA) via OTA deployment, enabling compliance with FIPS 140-3, Common Criteria AVA_VAN.5, and SESIP.

It secures both new and already-deployed devices, including those without hardware countermeasures, and is proven in millions of systems.

AES-SW achieves outstanding performance even on low-end processors, 100 Mbps on a 1.2 GHz ARM and 900 Mbps on a 3.4 GHz laptop, while supporting all AES chaining modes. The library integrates STORM, FortifyIQ’s advanced protection scheme, to block DPA, SIFA, cache, and other advanced attacks.

Portable and processor-agnostic, AES-SW provides consistent, high-assurance security across MPUs and MCUs. Validation includes no TVLA leakage in 100K noiseless traces and proven resistance at Common Criteria AVA_VAN.5 and FIPS 140-3 Levels 3–4.

A command-line interface is included for rapid encryption and decryption tasks.

 

Tech Specs

  • Part Number
 FIQ-AES-CL
  • Short description
 FortiAES high assurance cryptographic library
  • Provider
 FortifyIQ, Inc.
  • Availability
 Now
  • Compliant standard
 FIPS-197

 

Benefits

  • Can fix unprotected/vulnerable HW solutions, even already in the field
  • Ultra-strong certifiable protection against SCA, cache attacks, and SIFA-class fault attacks – for Common Criteria, FIPS 140-3, SESIP
  • High performance: up to 900 Mbps on 3.4 GHz and 100 Mbps on 1 GHz processors.
  • Low power usage, optimized for resource-constrained devices.
  • Flexible and implementation-agnostic, based on the STORM protection scheme.

Features

  • Ultra-strong side-channel and SIFA protection at high performance
  • NIST FIPS-197 compliant
  • AES-128/192/256 encryption and decryption
  • Tunable protection-level
  • Supports all chaining modes: ECB, CBC, CFB, OFB, CTR, XTS, CCM
  • Portable across processors: ARM, RISC-V, Intel, etc.

Request Technical Details

Applications

  • IoT devices
  • Medical devices
  • Automotive
  • Communications
  • Secure internet protocols (SSL/TLS, IPSec)
  • Content protection (Set-Top Boxes, Pay TV, SoCs)
  • Virtual Private Networks (VPN)
  • Embedded storage and disk encryption
  • Legacy systems without hardware acceleration
  • Secure boot and firmware validation
  • Over-the-air (OTA) updates
  • Cost-sensitive devices without hardware protections

Deliverables

  • Software library binaries and public header files
  • Command-line interface application (optional)
  • Integration files and build system scripts (CMake compatible)
  • Security and implementation documentation
  • Technical support and assistance

Related Products

 

FIQ-AES07C

AES-SX-ulp-full (STORM) – Compact

FIQ-AES08B

AES-SX-ulp-full (STORM) – Balanced

FIQ-AES09F

AES-SX-ulp-full (STORM) – Fast

FIQ-AES10F

AES-SX-ulp-full-up (STORM) – Fast

Request Full Document
FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details