diff --git a/src/mldsa_top/rtl/mldsa_ctrl.sv b/src/mldsa_top/rtl/mldsa_ctrl.sv
index 096af8a..541ca5f 100644
--- a/src/mldsa_top/rtl/mldsa_ctrl.sv
+++ b/src/mldsa_top/rtl/mldsa_ctrl.sv
@@ -215,9 +215,11 @@ module mldsa_ctrl
 );
 
 always_ff @(posedge clk or negedge rst_b) begin : mldsa_kv_reg
-  if (!rst_b) begin
+  if (!rst_b)
+    kv_seed_data_present <= '0;
+  else (zeroize)
     kv_seed_data_present <= '0;
-  end else begin
+  else begin
     kv_seed_data_present <= kv_seed_data_present_set ? '1 :
                             kv_seed_data_present_reset ? '0 : kv_seed_data_present;
   end
@@ -329,6 +331,7 @@ always_comb mldsa_privkey_lock = '0;
 
   always_comb mldsa_ready = (prim_prog_cntr == MLDSA_RESET);
 
+  //without zeroize to make it more complex
   always_ff @(posedge clk or negedge rst_b) begin
     if (!rst_b)
       counter_reg <= '0;
@@ -586,6 +589,11 @@ always_comb mldsa_privkey_lock = '0;
       signature_rd_ack <= 0;
       pubkey_rd_ack <= 0;
     end
+    else if (zeroize) begin
+      privkey_out_rd_ack <= 0;
+      signature_rd_ack <= 0;
+      pubkey_rd_ack <= 0;
+    end
     else begin
       privkey_out_rd_ack <= mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req & ~mldsa_reg_hwif_out.MLDSA_PRIVKEY_OUT.req_is_wr;
       signature_rd_ack <= mldsa_reg_hwif_out.MLDSA_SIGNATURE.req & ~mldsa_reg_hwif_out.MLDSA_SIGNATURE.req_is_wr;
@@ -613,9 +621,11 @@ always_comb mldsa_privkey_lock = '0;
 
 
   always_ff @(posedge clk or negedge rst_b) begin
-    if (!rst_b) begin
+    if (!rst_b)
       api_sig_z_re_f <= '0;
-    end else begin
+    else if (zeroize)
+      api_sig_z_re_f <= '0;
+    else begin
       api_sig_z_re_f <= api_sig_z_re;
     end
   end
@@ -740,6 +750,11 @@ always_comb mldsa_privkey_lock = '0;
       sampler_pk_rd_en_f <= '0;
       sampler_src_offset_f <= '0;
       pkdecode_rd_offset_f <= '0;
+    end else if (zerozie) begin
+      api_pubkey_re_f <= '0;
+      sampler_pk_rd_en_f <= '0;
+      sampler_src_offset_f <= '0;
+      pkdecode_rd_offset_f <= '0;
     end else begin
       api_pubkey_re_f <= api_pubkey_re;
       sampler_pk_rd_en_f <= msg_hold ? sampler_pk_rd_en_f : sampler_pk_rd_en;
@@ -851,6 +866,8 @@ always_comb mldsa_privkey_lock = '0;
   always_ff @(posedge clk or negedge rst_b) begin
     if (!rst_b) begin
       msg_data <= '0;
+    end else if (zeroize) begin
+      msg_data <= '0;
     end else begin
       if (msg_hold) begin
         msg_data <= msg_data;
diff --git a/src/mldsa_top/rtl/mldsa_top.sv b/src/mldsa_top/rtl/mldsa_top.sv
index 7639053..2099499 100644
--- a/src/mldsa_top/rtl/mldsa_top.sv
+++ b/src/mldsa_top/rtl/mldsa_top.sv
@@ -1048,6 +1048,19 @@ always_ff @(posedge clk or negedge rst_b) begin : read_mux_flops
     normcheck_mem_re0_bank_f <= 0;
     sib_mem_re_f <= 0;
   end
+  else if (zeroize) begin
+    ntt_mem_re_f <= 0;
+    pwo_a_mem_re_f <= 0;
+    pwo_b_mem_re_f <= 0;
+    decomp_mem_re_f <= 0;
+    normcheck_mem_re_f <= 0;
+    ntt_mem_re0_bank_f <= 0;
+    pwo_a_mem_re0_bank_f <= 0;
+    pwo_b_mem_re0_bank_f <= 0;
+    decomp_mem_re0_bank_f <= 0;
+    normcheck_mem_re0_bank_f <= 0;
+    sib_mem_re_f <= 0;
+  end
   else begin
     ntt_mem_re_f <= ntt_mem_re;
     pwo_a_mem_re_f<= pwo_a_mem_re;