FortifyIQ

The AES SX-DPA-FIA IP Core is a part of the FortiCrypt product family. It provides a balanced solution with a gate count comparable to unprotected solutions and the same latency and performance as unprotected solutions have, thereby upholding the original AES design goals of high performance, low latency, and gate count.

This is a unique solution in the market since it combines protection against SCA and FIA with the same latency and performance as, and a gate count comparable to unprotected implementations.

The AES SX-DPA-FIA IP Core, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA) including SIFA.

The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.

The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.

Features 

• A wide range of configurations to match the user’s cost/performance target
• Low latency
• Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
• Protected against fault injection attacks including SIFA
• Tunable protection level
• Optional embedded internal PRNG for random masking
• NIST FIPS-197 compliant
• AES-128/192/256 encryption and decryption
• Support of all cipher modes of operation
• Auxiliary key port hidden from software
• Configurable choice of interfaces
  • Bare cryptographic core
  • AMBA, AXI, or APB
• Optional input data FIFO
• External DMA support
• Fully synthesizable

Benefits 

• Ultra-strong side-channel attack protection (at least 1B traces)
• Protected against fault injection attacks including SIFA
• Highest-level security verified, both by FortifyIQ and by a third-party Common Criteria lab. 
• A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.) 

Applications 

• IoT devices
• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)
• Storage, disk encryption

The AES XP-DPA-FIA IP core belongs to the FortiCrypt product family. It is intended for applications that require the handling of ultra-high bandwidth and implements AES GCM for high-volume authenticated network communications and AES XTS for high-volume storage encryption. The AES XP IP core employs a multi-pipelined architecture with a configurable number of pipelines. In AES GCM, in addition to the protection of AES, it protects the GHASH authentication mechanism.

This is a unique solution in the market since it combines multi-pipelined architecture with protection against SCA and FIA.

The AES XP-DPA-FIA IP Core, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA) including SIFA.

The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.

The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.

Features 

• Ultra-high bandwidth due to multi-pipeline architecture, HUNDREDs Gbps (@500 MHz on a 45nm tech. process)
• Extensible pipeline architecture 
• Low latency
• Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
• Protected against fault injection attacks including SIFA
• Tunable protection level
• Optional embedded internal PRNG for random masking
• NIST FIPS-197 compliant
• AES-128/192/256 encryption and decryption
• XTS or GCM modes of operation 
• Auxiliary key port hidden from software
• Configurable choice of interfaces
  • Bare cryptographic core
  • AMBA, AXI, or APB
• Optional input data FIFO
• External DMA support
• Fully synthesizable

Benefits 

• Ultra-high bandwidth due to multi-pipeline architecture, HUNDREDs Gbps (@500 MHz on a 45nm tech. process)
• GCM authentication tag protection (patent pending)
• Ultra-strong side-channel attack protection (at least 1B traces)
• Protected against fault injection attacks including SIFA
• Highest-level security verified, both by FortifyIQ and by a third-party Common Criteria lab. 
• A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.)

Applications 

• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)
• Storage, disk encryption

The AES ULP-DPA-FIA IP core belongs to the FortiCrypt product family. This protected AES IP core provides an extraordinary AES throughput per watt. 

This can be an ideal solution for battery-powered devices, which often work in a power-save mode and wake up from time to time for as-short-as-possible periods.

In addition, devices that do massive AES decrypt/encrypt operations can benefit from this IP core, by saving on electricity bills.

This is a unique solution in the market since it consumes significantly less power than other commercially available solutions.

The AES ULP-DPA-FIA IP Core, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA) including SIFA.

The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.

The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.

Features 

• Ultra-low power in terms of performance per watt 
• Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
• Protected against fault injection attacks including SIFA
• Tunable protection level
• Optional embedded internal PRNG for random masking
• NIST FIPS-197 compliant
• AES-128/192/256 encryption and decryption
• Support of all cipher modes of operation
• Auxiliary key port hidden from software
• Configurable choice of interfaces

• Bare cryptographic core
• AMBA, AXI, or APB

• Optional input data FIFO
• External DMA support
• Fully synthesizable

Benefits 

• Ultra-low power in terms of performance per watt 
• Ultra-strong side-channel attack protection (at least 1B traces)
• Protected against fault injection attacks including SIFA
• Highest-level security verified, both by FortifyIQ and by a third-party Common Criteria lab. 
• A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.)

Applications 

• IoT devices
• Battery-operated devices
• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)
• Storage, disk encryption

The AES UC-DPA-FIA IP Core belongs to the FortiCrypt product family. Like all the FortiCrypt product family members, this IP provides the highest DPA resistance level, while using a very low number of standard digital gates.

This is a unique solution in the market since its gate count is the lowest in the market (starting from 12K gates).

The AES UC-DPA-FIA IP Core, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA) including SIFA.

The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.

The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.

Features

• Ultra-compact 
• Ultra-efficient in terms of performance per gate 
• Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
• Protected against fault injection attacks including SIFA
• Tunable protection level
• Optional embedded internal PRNG for random masking
• NIST FIPS-197 compliant
• AES-128/192/256 encryption and decryption
• Support of all cipher modes of operation
• Auxiliary key port hidden from software
• Configurable choice of interfaces

• Bare cryptographic core
• AMBA, AXI, or APB

• Optional input data FIFO
• External DMA support
• Fully synthesizable

Benefits 

• Ultra-Compact 
• Ultra-efficient in terms of performance per gate 
• Ultra-strong side-channel attack protection (at least 1B traces)
• Protected against fault injection attacks including SIFA
• Highest-level security verified, both by FortifyIQ and by a third-party Common Criteria lab. 
• A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.) 

Applications 

• IoT devices
• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)
• Storage, disk encryption

The FortiCrypt software library provides ultra-strong protection against SCA and FIA while preserving exceptional performance enabling encryption/decryption of HD video streams on low-end CPUs. In this aspect, it is a unique solution in the market.

The Forticrypt library implements the AES block cipher in numerous modes of operation with various padding conventions while protecting it against side-channel attacks by the RAMBAM protection scheme. Other block ciphers and other padding conventions can be added to the library. In addition to the library, a command-line interface is available for quick encryption/decryption tasks.

The FortiCrypt software library, as well as all the FortiCrypt products, is based on RAMBAM – the next-generation purely algorithmic, implementation-agnostic protection scheme of AES. It is designed to provide the highest level of protection against side-channel attacks (SCA) and fault injection attacks (FIA) including SIFA.

The RAMBAM protection scheme utilizes masking methods based on finite field arithmetic that implement attack resistance without incurring extra latency costs.

The core protection mechanism was verified using the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces, both by FortifyIQ and by a third-party Common Criteria lab. Resistance to attacks was validated analytically and on a physical device. The cores are fully synthesizable and do not require custom cells or special place & route handling.

Features 

• Ultra-strong side-channel and SIFA protection at high performance
• NIST FIPS-197 compliant 
• AES-128/192/256 encryption and decryption
• Tunable protection level 
• Supports all chaining modes: ECB, CBC, CFB, OFB, CTR, XTS
• Portable to popular CPUs: ARM, RISC-V, Intel, etc.

Benefits 

• Can fix unprotected/vulnerable HW solutions already in the field 
• Ultra-strong SCA and FIA protection, including SIFA 
• Exceptional performance, enabling encryption/decryption of HD video streams on low-end CPUs

Applications 

• IoT devices
• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)
• Storage, disk encryption

The HMAC-SHA2-DPA-FIA IP core belongs to the FortiMac product family. Like all the FortiMac product family members, this IP provides ultra-strong protection against SCA and FIA using a very low number of standard digital gates.

The underlying protection is purely algorithmic and implementation-agnostic. Resistance to attacks was validated analytically and on a physical device. The protection is based on the Threshold Implementation (TI) approach, the security of which has been proven. 

Features 

• Configurable number of protected rounds
• Passes the rigorous Test Vector Leakage Assessment (TVLA) test at 1B traces
• Protected against fault injection attacks including SIFA
• Optional embedded internal PRNG for random masking
• NIST FIPS 180-4 compliant
• Supports SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 schemes
• Auxiliary key port hidden from software
• Configurable choice of interfaces
  • Bare cryptographic core
  • AMBA AXI or APB
• Optional input data FIFO
• External DMA support
• Fully synthesizable

Benefits 

• Ultra-strong side-channel attack protection (at least 1B traces)
• Protected against fault injection attacks including SIFA
• Highest-level security verified both by FortifyIQ and by a third-party Common Criteria lab. 
• A purely digital solution, agnostic to the specific implementation (ASIC/FPGA, etc.) 

Applications 

• IoT devices
• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)

The FortiMac library belongs to the FortiMac product family. This software library provides ultra-strong protection against SCA, FIA, and cache attacks.

This is the only pure SW solution in the market. 

The underlying protection is purely algorithmic and implementation-agnostic. Resistance to attacks was validated analytically and on a physical device. The protection is based on the Threshold Implementation (TI) approach, the security of which has been proven.

Features 

• Ultra-strong side-channel and SIFA protection
• NIST FIPS 180-4 compliant
• Supports SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 schemes
• Supports HMAC based on any one of these schemes
• Portable to popular CPUs: ARM, RISC-V, Intel, etc.

Benefits 

• Countermeasures against power and electromagnetic analysis attacks by pure SW means
• Can fix unprotected/vulnerable HW solutions already in the field 
• Excellent performance 

Applications 

• IoT devices
• Communications
• Automotive
• Secure internet protocols (SSL/TLS, IPSec)
• Content protection (Set-Top Boxes, SoCs)
• Virtual Private Networks (VPN)