Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FIQ-AES05F AES-SX-GCM-XTS Secure Core

High-Performance AES Encryption Core with GCM/XTS Support and Advanced SCA/FI Protection

FortifyIQ’s High-Performance AES Encryption Core is a fast, encryption-only hardware accelerator built for systems that demand secure and authenticated data processing at scale. Supporting AES-128/256 encryption in ECB, CBC, CTR, GCM, and XTS modes (encryption only), the core delivers high throughput for data-in-motion and data-at-rest applications, including storage encryption and secure communications. Based on a 20 S-box architecture, it combines speed with strong physical security using FortifyIQ’s RAMBAM protection scheme, which provides advanced side-channel and fault injection resistance at the RTL level. Silicon-proven and validated by a Common Criteria accredited lab, the core is engineered for use in systems targeting FIPS 140-3 and Common Criteria certification.

Features

  • Efficient Performance
  • SCA/FIA Protections
  • Flexible Interfaces
  • Security Certification Readiness

Applications

  • Automotive Systems
  • Embedded and Industrial Control
  • Payment Systems
  • Secure Communications
  • Network Devices
Technical Overview

FortifyIQ’s High-Performance AES Encryption Core is a silicon-proven, high-throughput hardware IP designed for security-focused systems that require fast and authenticated data encryption without decryption. Supporting AES-128 and AES-256 in a wide range of modes, including ECB, CBC, CTR, GCM, and XTS. This core is ideal for applications such as secure storage, encrypted file systems, authenticated communication, and disk-level encryption, where only encryption is required.

The core is architected around 20 parallel S-boxes, enabling high-throughput parallelism across AES rounds. Despite its speed-focused architecture, the core includes robust countermeasures against side-channel and fault injection attacks, powered by FortifyIQ’s RAMBAM protection scheme. It provides robust protection against physical attacks, incorporating FortifyIQ’s innovative RAMBAM protection scheme, a highly efficient algorithmic countermeasure framework designed to mitigate both side-channel analysis (SCA) and fault injection (FI) attacks.

RAMBAM operates entirely at the RTL level, is implementation-agnostic, and introduces no dependency on physical design constraints, ensuring consistent security across ASIC and FPGA targets. RAMBAM has been independently validated by a Common Criteria accredited laboratory at the highest security assurance level.

Designed with certification in mind, the core meets the architectural and protection requirements for FIPS 140-3 and Common Criteria, making it a reliable component for secure systems with demanding performance and compliance needs. FortifyIQ’s High-Performance AES Encryption Core combines speed, flexibility, and advanced protection mechanisms, enabling security-conscious developers to deliver quantum-resilient, high-throughput encryption in their next-generation platforms.

Deliverables

  • SystemVerilog source code or netlist
  • Testbench, input vectors, and expected results
  • Sample timing constraints, synthesis, and simulation scripts
  • Hardware Abstraction Layer (HAL) reference implementation
  • Integration, configuration, and usage manuals
  • Software library
  • Security documentation

Related Products

  • FIQ-AES03F – High-Throughput AES Core with Advanced SCA/FI Protection for Performance-Critical Systems
  • FIQ-AES04F – High-Performance AES Encryption/Decryption Core with Advanced SCA/FI Protection
  • FIQ-AES06F – AES Encryption Core with Extreme SCA protection for Ultra-High-Security Applications
  • FIQ-AES11T – Ultra-High-Performance AES-GCM Core with RAMBAM-Based SCA/FI Protection
View All Products
Get in Touch
FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details