This section features FortifyIQ's academic publications, presenting AES protection techniques against side-channel and fault injection attacks and side-channel attacks on SHA-2-based HMAC.
Learn More
Product Overview Certifiable Security IP and Tools
High-assurance cryptographic implementations of AES, HMAC, ECC/RSA, PQC, CryptoBox, and Root-of-Trust families, plus software libraries, all exceptionally efficient (PPA-optimized). Validated across simulation, FPGA, and silicon using FortiEDA, our advanced security evaluation suite, against side-channel and fault-injection attacks. Soft-macro and fully portable, our IP is certification-ready (FIPS 140-3, Common Criteria, EMVCo) and deployable across any technology, foundry, or platform.
Features excellent efficiency with robust protection against side-channel and fault-injection attacks.
Tunable to each deployment’s needs. Ideal for future-proof security in embedded systems, chips, and chiplets.
Post-Quantum Cryptography Solutions
FIQ-PQC03-SW
ML-DSA compact signature verification
FIQ-PQC05-SW
SLH-DSA Hardened Stateless Hash-Based Signature Cryptographic Library
FIQ-PQC06-SW
XMSS Hardened Stateful Hash-Based Signature Cryptographic Library
FIQ-PQC07-SW
XMSS-MT Hardened Stateful Hash-Based Signature Cryptographic Library
FIQ-PQC08-SW
LMS Hardened Stateful Hash-Based Signature Cryptographic Library
FIQ-PQC09-SW
LMS/HSS Hardened Stateful Hash-Based Signature Cryptographic Library
Datasheets available upon request
Delivers exceptional power, performance, and area efficiency while supporting both classical public-key cryptography (RSA, ECC) and post-quantum algorithms (ML-KEM, ML-DSA).
Their flexible architecture unifies key exchange, digital signatures, authenticated encryption, secure boot, and firmware updates, with advanced protections against side-channel and fault injection attacks, providing a secure, future-proof foundation for long life-cycle applications.
Integrated Secure Crypto Subsystems
Datasheets available upon request
Configurable AES IPs for every application, from ULP to pipelined high-throughput. SCA/FIA-resistant.
FortiCrypt products utilize protection methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.
Our core protection algorithm was tested rigorously, passing the Test Vector Leakage Assessment (TVLA) test at 1 billion traces, and was validated by a third-party Common Criteria lab.
Our cores are fully synthesizable, eliminating the need for custom cells or special place & route handling. They are technology-agnostic, ensuring compatibility and security across diverse platforms and devices.
FortiCrypt AES cores deliver high-assurance encryption/decryption with exceptional PPA efficiency, tunable to each deployment case. Their proven protection against side-channel and fault-injection attacks is validated in simulation, FPGA, and in silicon. All cores are designed to support high-assurance certification under standards such as FIPS 140-3 and Common Criteria.
AES IP Cores
AES-SX Family
(Standard, GCM/XTS, DFA-protected)
AES-STORM Ultra-Low Power (ULP) Family
AES-XP Turbo Family
(High-throughput, GCM/XTS)
Datasheets available upon request
Provides high-performance, side-channel and fault injection–resistant hardware implementations of SHA-2 and HMAC. Available in fast-efficient and secure, or highest-security zero-leakage variants, the cores support a range of SHA-2 functions (224, 256, 384, 512) and corresponding HMACs, offering flexibility for embedded and high-assurance systems.
All FortiMAC designs are protected at the RTL-level, and the protection is implementation-agnostic and integration-friendly, supporting systems aiming for the highest levels of Common Criteria and FIPS 140-3 certification.
Hardware IP Cores
Fast-Efficient FortiMAC Family
FortiMAC Family
Datasheets available upon request
Delivers high-throughput elliptic curve cryptography (ECC) with advanced protection against side-channel and fault injection attacks. Supporting ECDH, ECDSA, and EdDSA, it combines low-latency performance with efficient power usage for secure, fast SoC integration. The IP is designed to meet the highest levels of FIPS 140-3 and Common Criteria certifications.
Public-Key Accelerators
Datasheets available upon request
Family of fully customisable Roots of Trust designed for a wide range of applications. All RoTs are hardened against side-channel and fault injection attacks, ensuring strong security even in highly constrained or hostile environments.
The portfolio includes specialized variants for IoT, cloud, chiplets, general-purpose (balanced), and edge AI, providing flexible integration and performance trade-offs to suit your system requirements. FortifyIQ RoTs are fully compatible with Caliptra and support both classical and post-quantum cryptography, enabling robust key management and on-the-fly encryption where applicable.
Root-of-Trust IP
FIQ-RoT01B
Edge AI – Balanced
FIQ-RoT03C
IoT – Compact
FIQ-RoT05B
General Purpose – Balanced
Datasheets available upon request
MACsec, IPsec, and TLS modules based on our hardened AES-GCM cores. SCA/FIA-resistant.
Cryptographic Protocol Engines
FIQ-PRO01F
MACsec – Fast
FIQ-PRO02F
IPsec – Fast
FIQ-PRO03F
TLS – Fast
Datasheets available upon request
Secure entropy sources for compliant systems.
Number Generators
TRNG
Via partnership
PRNG/DRBG
Datasheets available upon request
FortifyIQ’s software libraries provide devices with certifiable side-channel and fault injection-resistant protection, even in the absence of dedicated security hardware. Each library is optimized for efficient execution, with the AES, for example, achieving up to ~100 Mbps on 1.2 GHz processors and ~900 Mbps on 3.4 GHz processors, with minimal memory requirements and OTA-readiness. All libraries share a unified API with its parallel FortifyIQ hardware IP cores, ensuring consistent integration and enabling seamless migration from software to hardware as system requirements evolve. This interface also supports mixed deployments, where critical operations are accelerated in hardware while others remain in software.
Forti Cryptographic Libraries
SCA/FIA Hardened CL Crypto
FIQ-PK01-CL
Hardened Public Key (ECC, RSA, etc.) cryptography in software library for secure boot, and key exchange
PQC Cryptographic Library:
Hardened post-quantum cryptography in software for secure boot, key exchange, and digital signature
FIQ-PQC05-SW
SLH-DSA Hardened Stateless Hash-Based Signature Cryptographic Library
FIQ-PQC06-SW
XMSS Hardened Stateful Hash-Based Signature Cryptographic Library
FIQ-PQC07-SW
XMSS-MT Hardened Stateful Hash-Based Signature Cryptographic Library
FIQ-PQC08-SW
LMS Hardened Stateful Hash-Based Signature Cryptographic Library
FIQ-PQC09-SW
LMS/HSS Hardened Stateful Hash-Based Signature Cryptographic Library
Datasheets available upon request
Forti EDA Validation Studios
FortifyIQ offers a unique pre-silicon simulation and analysis solution, Side-Channel Studio, which enables you to eradicate SCA vulnerabilities during the design phase. This can result in significant cost and schedule savings in your product development process. The following tools are included in the Studio.
A simulated oscilloscope that captures traces from the design
A leakage analysis tool that extracts cryptographic keys, using all known attack types on simulated or real traces
Acts as a form of leakage-aware debugging, using Hamming weights and distances
Precisely identifies leakage sources down to specific gates or modules
Collects the data relevant to glitch-related leakage
Identifies glitch-related leakage
Enables trace acquisition in massive numbers in parallel
Fault Injection Studio is a software tool which checks the robustness of your device’s design to FIA and analyzes the results, whether simulated or from an actual device.
Simulates the known types of fault injection
Extracts cryptographic keys by analyzing the results of simulated or real fault injection attacks
Why FortifyIQ ?
Validation Assurance
Both the classical and post-quantum solutions are built on mathematically grounded foundations and deep research and validated with FortiEDA tools at certification-grade levels, using industry-standard TVLA methods on up to 1 billion traces and against real-world SCA/FIA attacks, in simulation, on an FPGA board and where applicable, in silicon and in independent labs.
ComprehensiveComplete suite of crypto solutions: hardware IP, software libraries, subsystems, such as Roots of Trust and CryptoBoxes, plus advanced validation tools.
CertifiableDesigned for all compliance levels, including the highest FIPS 140-3, Common Criteria, SESIP, government and others.
EfficientOutstanding area, power, and latency even under highest levels of protection.
Deployment-ReadyFor any digital device. Soft-macro, easy integration. Ideal for smart cards, automotive, satellites, servers, secure AI, and more. Portable across any implementation, technology, and foundry.
Certifications & Security Validation
FortifyIQ’s AES IP core is SGS Brightsight AVA_VAN.5 validated, representing the highest level of side-channel and fault injection attack resistance in hardware cryptography. All other FortifyIQ products undergo rigorous internal security validation, exceeding the requirements of standards such as FIPS 140-3, SESIP, and similar industry benchmarks. We provide comprehensive security validation documentation to support customer certification efforts and system integration. Our hardware security IPs are engineered to meet the most stringent global security demands, ensuring robust protection without compromising power, performance, or area efficiency.
