Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FortiAES

High-Assurance AES IP and Software

What Is FortiAES?

FortiAES provides FortifyIQ’s high-assurance AES implementations in both hardware and software. These designs deliver intrinsic resistance to side-channel and fault-injection attacks, extremely small area, low latency, and performance that meets or exceeds traditional unprotected AES, while retaining high-assurance security across all operating conditions.

All FortiAES products utilize protection methods based on finite field arithmetic that implement attack resistance without extra latency costs. Purely mathematically-driven, these cores achieve a high maximum frequency, and one clock cycle per AES round.

Contact Us

All FortiAES products utilize protection methods based on finite field arithmetic that implement attack resistance without extra latency costs. Purely mathematically-driven, these cores achieve a high maximum frequency, and one clock cycle per AES round.

Our core protection algorithm was tested rigorously, passing the Test Vector Leakage Assessment (TVLA) test at 1 billion traces, and was validated by a third-party Common Criteria lab, SGS Brightsight at AVA_VAN.5 level, Common Criteria’s highest security level. Our cores are fully synthesizable, eliminating the need for custom cells or special place & route handling. This means they are technology-agnostic, implementation-agnostic, and even foundry-agnostic, ensuring compatibility and security across diverse platforms and devices.


Why Security in AES Matters

AES is embedded in nearly every secure system. Traditionally, implementers add multiple layers of countermeasures to mitigate leakage and fault vulnerabilities, leading to high area, lower performance, and integration complexity. As attackers increasingly use low-cost equipment to break naïve AES implementations, the need for robust, verifiable, evaluation-ready AES has become unavoidable.

FortifyIQ Differentiators for AES

Security Boutique:
Each FortiAES implementation is tailored to the device’s exact needs, balancing throughput, latency, area, RAM/ROM usage, and protection level. Optional radiation-induced fault hardening (SEU / SET / SEL) for space, aerospace, and safety-critical environments.

Intrinsic high-assurance security:
AES-IP cores evaluated and validated (by SGS Brightsight) to AVA_VAN.5-compliant design principles and validated internally against 1 billion power traces with FortiEDA pre/post-silicon security evaluation tools for robustness to side-channel and fault injection attacks.

Minimal PPA overhead:
Security is embedded in the algorithmic structure, avoiding heavy countermeasures.

High performance:
AES SW reaches ~900 Mbps on a 3.4 GHz processor; AES HW scales into the 100-Gbps range depending on configuration.

Mathematically grounded implementations:
The ultra-low power, ultra-compact algorithm, STORM, features a formal mathematical security proof. The high-performance algorithm, RAMBAM, features a variable which controls the protection strength, configurable up to zero leakage according to the needs of the customer.

Drop-in compatible:
Integrates exactly like a conventional AES core, with no added constraints or custom handling.

Soft-macro and implementation-agnostic:
Easily ports to any foundry, node, or design methodology.

Consistent HW–SW interface:
Software AES uses the same API as hardware, enabling direct comparison and seamless transition. Software AES can be deployed via OTA updates on existing devices, and migrated to HW when silicon is ready.

Features

  • Customizable throughput, latency, and footprint to meet device constraints and demands
  • Robust SCA and FIA resistance across voltage, temperature, and clock conditions
  • Small footprint with low latency
  • Unified HW/SW Application Programming Interface (API)
  • Comprehensive internal validation and external lab evaluation
  • Simple drop-in integration

Use Cases

  • Secure boot and firmware updates
  • Embedded SoC security functions
  • IoT, automotive, industrial, medical, and smart grid devices
  • Payment, Pay-TV, and DRM systems
  • Government and high-assurance environments
  • Data center / cloud: High-throughput encryption with minimal power overhead
  • Telecom / networking: Ultra-low latency, high-bandwidth encryption
  • Industrial & automotive: High-assurance AES without sacrificing efficiency

Available Products

  • AES Products all SCA/FIA resistance: Hardware AES IP Cores
  • Ultra-Low-Power (ULP) AES Cores: Designed for IoT, wearables, sensors, and power-limited edge devices.

  • Standard AES Cores: Optimized for higher-performance SoCs, secure elements, and data-center-grade applications.

  • AES Cryptographic Library (SW) :
  • Integrated Products Including AES: (Offer complete security subsystems for broader SoC integration). All are extremely efficient, due to their architecture. All are, of course, SCA/FIA resistant, as are all our products.
  • Cryptobox IPs (AES + HMAC + ECC/RSA + PQC under unified architecture)
  • Root of Trust (RoT) Solutions (AES included for secure boot, key storage, etc.)
  • RoT General Purpose FIQ-RoT00B
  • RoT Edge AI FIQ-RoT01B
  • RoT Data Centers FIQ-RoT03F
  • RoT IoT FIQ-RoT04C
  • RoT Chiplet FIQ-RoT05B

Integration Simplicity

FortiAES integrates like a conventional AES engine with no special operational constraints. Both the hardware and software options can be configured to your device’s PPA and memory constraints, with the unified API interface for seamless migration.

Certification & Assurance Readiness

FortiAES supports the highest level certification paths: for FIPS 140-3/4, SESIP up to level 5, and Common Criteria EAL6+ (AVA_VAN.5).

Why Choose FortifyIQ for AES

FortiAES eliminates the traditional tradeoff between high security and high performance. Its mathematical foundations and comprehensive testing make it suitable for both constrained devices and high-security systems. The Security Boutique ensures each device receives a solution customized for its exact needs.

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details