Protecting Quantum Era Cryptography. Today.
Learn more
Contact Us

FIQ-BOX02B Crypto Box Toolset Secure Accelerator

Versatile Crypto Box IP Core with Robust SCA/FI Protections for Balanced Embedded Systems

FortifyIQ’s Crypto Box IP core is a high-efficiency cryptographic solution that combines RSA, ECC, AES, and a SHA-2/HMAC engine, all with advanced protections against side-channel and fault injection attacks. Designed for devices with balanced budgets for performance, area, and power, it enables secure key exchange, digital signatures, data encryption, and message authentication in a unified, compact architecture. The AES and SHA-2/HMAC cores feature algorithmic, RTL-level protections that are implementation-agnostic, ensuring consistent resistance to physical attacks across platforms. With support for secure boot, authenticated firmware updates, and compliance with FIPS 140-3 and Common Criteria, this Crypto Box is ideal for embedded applications requiring scalable, long-term security.

Features

  • Full Elliptic Curve Support
  • RSA-2048, RSA-4096
  • AES-128, AES-192, AES-256
  • Efficient Performance
  • SCA/FIA Protections
  • Patented High-Performance Modulo Multiplication
  • Flexible Interfaces
  • RAM/ROM Firmware Support
  • Security Certification Readiness

Applications

  • IoT Devices
  • Automotive Systems
  • Embedded and Industrial Control
  • Authentication Tokens
  • Payment Systems
  • Secure Communications
  • Network Devices
Technical Overview

FortifyIQ’s Crypto Box IP core is a highly integrated cryptographic engine tailored for embedded systems that require a balanced trade-off between performance, power, and area efficiency. It consolidates essential cryptographic primitives: RSA, ECC, AES, and SHA-2/HMAC into a unified hardware block with advanced physical attack protections.

The asymmetric cryptography module supports RSA-2048/3072/4096 and ECC operations (ECDH/ECDSA over NIST P-192 to P-521), enabling digital signatures, certificate validation, and secure key establishment. The symmetric engine includes AES-128/192/256 supporting ECB, CBC, CTR, and GCM modes for fast and authenticated data encryption.

In addition, the Crypto Box integrates a dedicated SHA-2/HMAC engine (supporting SHA-224, SHA-256, SHA-384, and SHA-512) for message hashing and MAC generation, commonly used in secure communication protocols, firmware authentication, and integrity validation.

All security-sensitive cores, such as AES, SHA-2/HMAC, and asymmetric cryptography, are protected against side-channel analysis (SCA) and fault injection (FI) attacks. These protections are optimized for efficiency, adding minimal area and power overhead while preserving high throughput. The Crypto Box includes support for secure boot and authenticated firmware updates. Firmware update flows include cryptographic authentication and integrity validation, preventing unauthorized or malicious code from being executed.

With its modular architecture, scalable protections, and support for modern cryptographic protocols, FortifyIQ’s Crypto Box IP is ideal for secure embedded applications such as industrial IoT, automotive, edge devices, and connected medical systems. It is engineered to meet the requirements of FIPS 140-3, Common Criteria, and other high-assurance security standards.

External Dependencies

  • Requires an external cryptographically secure random number generator (CSPRNG)

Deliverables

  • SystemVerilog source code or netlist
  • Testbench, input vectors, and expected results
  • Sample timing constraints, synthesis, and simulation scripts
  • Hardware Abstraction Layer (HAL) reference implementation
  • Integration, configuration, and usage manuals
  • Firmware code
  • Software library
  • Security documentation

Related Products

  • FIQ-PQC04B – Accelerator for Classical and Post-Quantum asymmetric cryptography
  • FIQ-BOX01C – Compact Crypto Box IP Core for Resource-Constrained Devices
  • FIQ-BOX03B – Hybrid Crypto Box IP Core with Classical and PQ Cryptography
View All Products
Get in Touch
FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details