Product Overview Certifiable Security IP and Tools
High-assurance cryptographic implementations of AES, HMAC, PKA, PQC, CryptoBox, and Root-of-Trust families, plus software libraries, all exceptionally efficient (PPA-optimized). Validated across simulation, FPGA, and silicon using FortiEDA, our advanced security evaluation suite, against side-channel and fault-injection attacks. Soft-macro and fully portable, our IP is certification-ready (FIPS 140-3, Common Criteria, EMVCo) and deployable across any technology, foundry, or platform.
Cryptographic IP Cores
Features excellent PPA efficiency with robust protection against side-channel and fault-injection attacks.
Tunable to each deployment’s needs. Ideal for future-proof security in embedded systems, chips, and chiplets.
Post-Quantum Cryptographic IPs
FIQ-PQC01C
FIQ-PQC02C
FIQ-PQC03B
FIQ-PQC04B
FIQ-PQC05F
Delivers exceptional power, performance, and area efficiency while supporting both classical public-key cryptography (RSA, ECC) and post-quantum algorithms (ML-KEM, ML-DSA).
Their flexible architecture unifies key exchange, digital signatures, authenticated encryption, secure boot, and firmware updates, with advanced protections against side-channel and fault injection attacks, providing a secure, future-proof foundation for long life-cycle applications.
Integrated Secure Crypto Subsystems
FIQ-BOX01C
FIQ-BOX02B
FIQ-BOX03B
FIQ-BOX04F
Configurable AES IPs for every application, from ULP to pipelined high-throughput. SCA/FIA-resistant.
FortiCrypt products utilize protection methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.
Our core protection algorithm was tested rigorously, passing the Test Vector Leakage Assessment (TVLA) test at 1 billion traces, and was validated by a third-party Common Criteria lab.
Our cores are fully synthesizable, eliminating the need for custom cells or special place & route handling. They are technology-agnostic, ensuring compatibility and security across diverse platforms and devices.
FortiCrypt AES cores deliver high-assurance encryption/decryption with exceptional PPA efficiency, tunable to each deployment case. Their proven protection against side-channel and fault-injection attacks is validated in simulation, FPGA, and in silicon. All cores are designed to support high-assurance certification under standards such as FIPS 140-3 and Common Criteria.
AES IP Cores
AES-SX Family
(Standard, GCM/XTS, DFA-protected)
FIQ-AES01C
FIQ-AES02B
FIQ-AES03F
FIQ-AES04F
FIQ-AES05F
FIQ-AES06F
AES-STORM ULP Family
(Configurable)
FIQ-AES07C
FIQ-AES08B
FIQ-AES09F
FIQ-AES10F
AES-XP Turbo Family
(High-throughput, GCM/XTS)
FIQ-AES11T
FIQ-AES12T
FIQ-AES13T
Provides high-performance, side-channel and fault injection–resistant hardware implementations of SHA-2 and HMAC. Available in fast-efficient and secure, or highest-security zero-leakage variants, the cores support a range of SHA-2 functions (224, 256, 384, 512) and corresponding HMACs, offering flexibility for embedded and high-assurance systems.
All FortiMAC designs are protected at the RTL-level, and the protection is implementation-agnostic and integration-friendly, supporting systems aiming for the highest levels of Common Criteria and FIPS 140-3 certification.
Integrated Secure Crypto Subsystems
Fast-Efficient FortiMAC Family
FortiMAC Family
Delivers high-throughput elliptic curve cryptography (ECC) with advanced protection against side-channel and fault injection attacks. Supporting ECDH, ECDSA, and EdDSA, it combines low-latency performance with efficient power usage for secure, fast SoC integration. The IP is designed to meet the highest levels of FIPS 140-3 and Common Criteria certifications.
Public-Key Accelerators
FIQ-PKA01C
FIQ-PKA02B
FIQ-PKA03B
FIQ-PKA04C
Family of fully customisable Roots of Trust designed for a wide range of applications. All RoTs are hardened against side-channel and fault injection attacks, ensuring strong security even in highly constrained or hostile environments.
The portfolio includes specialized variants for IoT, cloud, chiplets, general-purpose (balanced), and edge AI, providing flexible integration and performance trade-offs to suit your system requirements. FortifyIQ RoTs are fully compatible with Caliptra, supporting robust cryptographic operations, secure key management, and on-the-fly encryption where applicable.
Root-of-Trust IP
FIQ-RoT01B
FIQ-RoT02F
FIQ-RoT03C
FIQ-RoT04B
FIQ-RoT05B
FIQ-RoT06F
FIQ-RoT07C
MACsec, IPsec, and TLS modules based on our hardened AES-GCM cores. SCA/FIA-resistant.
Cryptographic Protocol Engines
Secure entropy sources for compliant systems.
Forti Software Libraries SCA/FIA Hardened SW Crypto
FortifyIQ’s software libraries provide devices with certifiable, side-channel and fault injection-resistant protection, even in the absence of dedicated security hardware. Each library is optimized for efficient execution, achieving up to ~100 Mbps on 1.2 GHz processors and ~900 Mbps on 3.4 GHz processors, with minimal memory requirements (from ~4 KB RAM) and OTA-readiness.
All libraries share a unified API with FortifyIQ hardware IP cores, ensuring consistent integration and enabling seamless migration from software to hardware as system requirements evolve. This interface also supports mixed deployments, where critical operations are accelerated in hardware while others remain in software.
SW library based on the STORM scheme with proven security, validated beyond 100K+ traces
SW library based on the Threshold Implementation scheme with proven security
Hardened Public Key (ECC, RSA, etc.) cryptography in software library for secure boot, and key exchange
PQC Software Libraries:
Hardened post-quantum cryptography in software for secure boot, key exchange, and digital signature
Forti EDA Tools Validation Studios
FortifyIQ offers a unique pre-silicon simulation and analysis solution, SideChannel Studio, which enables you to eradicate SCA vulnerabilities during the design phase. This can result in significant cost and schedule savings in your product development process. The following tools are included in the Studio.
Fault Injection Studio is a software tool which checks the robustness of your device’s design to FIA and analyzes the results, whether simulated or from an actual device.
Why FortifyIQ ?
Validation Assurance
Both the classical and post-quantum solutions are built on mathematically grounded foundations and deep research and validated with FortiEDA tools at certification-grade levels, using industry-standard TVLA methods on up to 1 billion traces and against real-world SCA/FIA attacks, in simulation, on an FPGA board and where applicable, in silicon and in independent labs.
Comprehensive
Complete suite of crypto solutions: hardware IP, software libraries, subsystems, such as Roots of Trust and CryptoBoxes, plus advanced validation tools.
Certifiable
Designed for all compliance levels, including the highest FIPS 140-3, Common Criteria, SESIP, government and others.
Efficient
Outstanding area, power, and latency even under highest levels of protection.
Deployment-Ready
Certifications & Security Validation
FortifyIQ’s AES IP core is SGS Brightsight AVA_VAN.5 validated, representing the highest level of side-channel and fault injection attack resistance in hardware cryptography.
All other FortifyIQ products undergo rigorous internal security validation, exceeding the requirements of standards such as FIPS 140-3, SESIP, and similar industry benchmarks. We provide comprehensive security validation documentation to support customer certification efforts and system integration.
Our hardware security IPs are engineered to meet the most stringent global security demands, ensuring robust protection without compromising power, performance, or area efficiency.
