DEEP RESEARCH · ICTK

ICTK Deep Dive: VIA PUF and the Quantum-Security Era

Examining a hardware root-of-trust play sitting where IoT expansion, Zero Trust, and the PQC migration converge

Published: 2025-09-18 · Beginner investor study notes · Naver Blog

I am a beginner investor. This material is research, not a buy or sell recommendation. Final responsibility for investment decisions rests with the investor.

0. Bottom line first

ICTK is a security fabless that commercialized the world’s first ‘VIA PUF’ — a physical ‘fingerprint’ built into the chip itself. It sits at the intersection of three powerful currents: the IoT build-out, the Zero Trust shift, and the migration to post-quantum cryptography. It owns a moat of ~150 patents, was a WIPO Global Awards finalist, and has fielded the world’s first quantum security chip ‘G5’. The risks — early-stage operating losses, customer concentration, and potential overhang from share unlock — are real.

Interpretation: I do not view this as a one-trick technology story. It is a company standing where three secular tailwinds meet. Still, technical superiority alone is not enough — I need to see global-scale design wins translate into actual revenue.

1. ‘VIA PUF’ — why the moat is hard to copy

Official fact: A PUF (Physically Unclonable Function) converts unavoidable physical variation in semiconductor manufacturing into a unique digital ‘fingerprint’ for each chip. Because the key is generated on-chip on demand rather than stored, attacks that target key-storage memory are eliminated at the root.

Official fact: Earlier PUFs relied on active devices such as transistors, so the output drifted with temperature, humidity, and voltage — a fatal defect for mass-produced products. ICTK’s VIA PUF instead uses the physical variance in the formation of ‘Via’ holes (passive elements connecting chip layers), producing a stable, repeatable value across environments. That stability is the breakthrough that turned PUF from theory into the world’s first commercialized implementation.

Stability

Insensitive to environment

Passive-element design means the output does not shift with temperature, humidity, or voltage. The prerequisite for mass production.

Passive Via

Sidesteps active-PUF drift

Structurally avoids the drift problem of current/voltage-based active PUFs.

~150 patents

Global portfolio

A patent thicket of roughly 150 filings raises the barrier for any fast follower.

WIPO

Global Awards finalist

Recognized internationally as a finalist for the WIPO Global Awards — often called the ‘Nobel of patents’.

Software key vs. PUF hardware key

Legacy

Software key storage

Keys are generated externally and stored in memory. One memory-side attack and the key is gone.

PUF

On-chip dynamic generation

Keys are not stored — they are derived from the chip’s own ‘fingerprint’ on demand. The storage and transmission attack surface disappears.

2. The quantum era — PUF + PQC fused in ‘G5’

Official fact: When sufficiently powerful quantum computers arrive, today’s public-key crypto (RSA and friends) breaks. Governments led by the U.S. are setting 2030 as the PQC migration target. ICTK loads PQC algorithms directly onto its PUF-based security chip, delivering the world’s first quantum security chip, ‘G5’.

Interpretation: PUF certifies the device identity as unclonable; PQC protects the data that flows through it from quantum attack. Two layers of defense fused in a single chip. I think this combination has a real shot at becoming standard issue for next-generation IoT devices.

3. The macro current — the ‘perfect storm’ of IoT, Zero Trust, and PQC

ICTK sits where three currents convergeStructured from the three trends in the source

IoT expansionBillions of devices, exploding attack surface

Zero TrustNever trust, always verify

PQC migrationU.S. 2030 roadmap

PUF root-of-trustVIA PUF + PQC = G5

The three trends reinforce one another, forming a ‘perfect storm’ of demand for integrated PUF solutions.

4. Market size

Market	Outlook	Notes
Global IoT security	~$37.41B by 2030	CAGR 33.53%
Embedded security	~KRW 13 trillion by 2028	Broader scope
Hardware Security Module (HSM)	~$3.74B by 2032	North America is the largest region

Interpretation: The headline numbers matter less than the structural driver: weight is shifting from traffic-level security toward device-level root-of-trust and hardware security. That is the common denominator across every series above.

5. Policy tailwind — digital ID and PQC

Korea: state-led digital ID systems including the mobile resident registration card.
EU: eIDAS 2.0 going live.
U.S. and others: PQC migration roadmaps targeting 2030.
Korean government: regulation moving toward mandating traceability and hardware security for semiconductor components.

Interpretation: Policy is the accelerant. Tamper-proof digital ID is the most natural application for PUF, and when regulation writes the standard the value of an incumbent grows non-linearly.

6. Risk check

Early-stage operating losses — revenue growth is steep, but breakeven has not yet been achieved.
Customer concentration — a few customers (LG U+, KEPCO) account for a large share of revenue.
Potential overhang — possible supply pressure as lock-ups roll off.
Quarterly volatility — revenue lumps with services/IP project recognition timing.

7. Checkpoints

Whether global big-tech design wins (e.g., MS Xbox accessory authentication) turn into real revenue.
Whether ‘G5’ quantum security chip references accumulate.
Whether the mix shifts from hardware sales toward IP licensing, lifting margins.
Whether national digital ID and PQC roadmaps translate into actual orders.

Sources

Original Naver Blog post: https://m.blog.naver.com/PostView.naver?blogId=star_of_self&logNo=224013344205

Naver original