Contact Us

FortiMAC — HMAC-SHA2 Hardware and Software

What is FortiMAC?

FortiMAC provides secure HMAC-SHA2 implementations in both hardware
and software, designed to meet the highest assurance levels with minimal performance and area impact.

It includes two hardware variants: a Zero-Leakage TI version and a fast, compact version validated beyond 100M traces against the known attacks on HMAC-SHA2.

Why Security in Message Authentication Matters?

Message authentication is heavily targeted by fault injection and subtle side-channel techniques because breaches often bypass encryption entirely. HMAC is widely used in secure boot, OTA updates, and attestation, meaning a failure can compromise an entire ecosystem.

FortifyIQ Differentiators for HMAC SHA-2

Mathematical and provably secure foundations for the TI variant.

Unified HW–SW API enabling seamless migration.

Compact, Fast, Low-Power HW option validated at extreme levels — beyond 100M traces against the known HMAC attacks.

Zero-Leakage HW option: Threshold Implementation (TI) design with strict non-completeness properties and validated at zero-leakage against over 100M traces.

Technology-agnostic soft-macro for easy portability. It is implementation and foundry agnostic, as well.


SW library validated similarly, offering a practical option for existing devices. It is a software implementation of the security-proven Threshold Implementation.

Low area and high throughput with the highest security guarantees.

Features

  • Zero-leakage TI or fast, compact, low-power option

  • High-assurance protection against SCA and FIA
  • Strong performance suitable for secure boot and runtime integrity checks
  • Software library with minimal RAM/ROM footprint
  • Integrated support for common system frameworks

Use Cases

  • Secure boot and measured boot
  • OTA firmware verification
  • Embedded authentication engines
  • Automotive ECUs, industrial controllers, IoT devices
  • High-assurance government systems

Available Products

  • HMAC-SHA2 Zero-Leakage HW
  • HMAC-SHA2 Cryptographic Library (SW) FIQ-HMAC01-CL
  • HMAC-SHA2 Fast/Efficient HW

Integration Simplicity

FortiMAC is designed to integrate exactly like conventional HMAC or SHA units, with pre-tuned soft macro tailored to the required performance and memory profile and no customer programming needed. 

Both hardware and software use the same unified API for seamless migration.

Certification & Assurance Readiness

Designed to support SESIP 5, FIPS 140-3/4, CC EAL6+, and AVA_VAN.5 evaluations.

Why Choose FortifyIQ for MAC

FortiMAC offers measurable, evaluation-ready security with minimal overhead, backed by rigorous testing and mathematical guarantees.

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details