























Feature articles |
By Nick Flaherty
Making sure data is secure all the time is a key challenge that chip designers are racing to address. While encrypting data on drives has been a staple approach for many years, making sure sensitive data is secure throughout operation has been a challenge. This is increasingly important with AI models such as Anthropic’s Mythos that can quickly find vulnerabilities in software that previously took months to locate.
Keeping data secure ‘in flight’ is being addressed in a number of ways. Datacentre operators are now able to include post-quantum encryption on networking cards that gives transparent protection of the data running on Fibre Channel connections.
Government regulations in the US and Europe are requiring that data is fully protected in flight by 2030. Chip technologies are now emerging in host bus adapters (HBA) for lines speed, on the fly encryption, while chips are being developed for fully homomorphic encryption (FHE) where the data stays encrypted while it is being used.
These measures are opening up the use of sensitive data, from private search data to using financial and health records for anonymised AI training.
“We started this effort five years ago and we are way out in front of any adapter vendor,” Jeff Hoogenboom, general manager of the Emulex Connectivity division at Broadcom, tells eeNews Europe. “There are two key pieces. The PQC algorithms, no other vendor has this today, and every adapter vendor will have to add this. We went beyond the platform and are now encrypting the data across the wire and these are two distinct things and will make Fibre Channel more secure than Ethernet.”

Jeff Hoogenboom, VP/ GM Emulex Connectivity
This is built on Gen7 silicon that is already used for real time ransomware detection, adding the PQC algorithms to the 64Gbit/s silicon that is used in the Fibre Channel adapter cards that link storage to servers in the data centre. Broadcom taped out 128Gbit/s silicon this year and that will launch in 2027 for higher performance links.
“We think it is really breakthrough technology right now. The ability to compress and de-duplicate, you can’t do that at the application level. It could also not be switch dependent or require management in the switch,” said Hoogenboom.
“For me it’s the elegance of the solution,” he said. “Back in January we launched the SecureHBA and the server vendors integrated that into their servers and the encouraging thing was that the storage OEMs started shipping with this as standard. What we are launching now is the storage OEMs have launched with storage and the rest will follow quickly. You have to have both ends of the wire to have that secure connection.”
There are 250,000 ports in the market today and that might seem small, but in 2026 and into 2027 98% of servers will ship with HBA. “You will quickly get to 1m, 2m ports over the next couple of years,” he said.
“I suggest this is broader than Fibre Channel. It is deep in the datacentre and that carries the most critical data,” he said, As a result Broadcom is sharing the technology with competitors such as Marvell to ensure that all the links are secured.
“We negotiate a random key for every connection, and then encrypt all the data running between the end points,” Dale Kaisner, the principal architect tells eeNews Europe.
“The AES-GCM256 algorithm is in silicon while the PQC algorithms are done in firmware. We made a very early call in algorithms and the algorithms were added as the HBA went to market.”
“This is at line speed and with thousands of connections, supporting fail-over to a backup port. Running through the gates on the ASIC the latency is around 2 microseconds.”
This is a key step in securing the data, especially with more use of AI.
“Homomorphic encryption I think will get there more quickly than people think,” said Hoogenboom. “AI deployment in the enterprise puts mission critical data at risk. While it has been slow to take off in the enterprise use cases are really set to accelerate. If you have to use your mission critical data in AI, how do you secure that on an NVIDIA server? We are closing one of the gaps by making the network secure but the second point is to make sure it does not hit the performance. We are not designing an HBA with homomorphic built in but making sure that we encrypt the data.”
That is coming, he says
“The Gen 8 silicon will maintain the line rate and security that will enable homomorphic encryption,” said Hoogenboom. “Brocade [another division of Broadcom] is shipping Gen8 silicon, with server silicon expected mid 2027, and I have prioritised the demand for security.”
Chip startup Niobium Microsystems is pushing the use of fully homomorphic encryption (FHE) to be able to manipulate the encrypted data in the cloud or AI data centre..
The company taped out a chip back in mid-2024 on a 12nm process at GlobalFoundries that it says was a prototype. It is now working with chip designer SemiFive on an 8nm chip to be built by Samsung.
“Because this specialised polynomial processing is so much faster we don’t need the latest node to get the increase in performance. It’s not the latest node so it’s a lower risk approach. Our team in total has taken 30 chips to market,” John Barrus VP of product tells eeNews Europe. He previously worked for Groq on an AI inference chip before the deal with Nvidia, and at Google on a cloud TPU chip design, “so this is my third chip to market,” he said. “We are trying to do a repeat of the TPU and the Groq LPU. One of the biggest challenges of bringing a chip to market is you need to have the whole stack and you also have to convince people to develop applications.”
So Niobium has implemented its design in an FPGA and is using that to build a cloud service that will use FHE to process encrypted data. Niobium calls this a Fog, rather than a cloud, as it is difficult to see inside.
“We have example applications that you can run on the chip or modify and when the ASIC is available it will be a drop in that will be substantially faster, up to 50x,” he said. “We expect to never see unencrypted data, that’s why we call it the Fog. They encrypt the data, we do the operations on it and send it back and they use their decryption key.
All the sensitive data stays encrypted, and the customer uses three keys, one for encryption, one for decryption and one for compute. Only the compute key and protected API is shared with the cloud service.
“That’s the key difference – you don’t send the decryption key to the hardware,” said Barrus. “We guarantee that if you use a client server the data will not be accessible, it won’t be exposed and when implemented in the cloud the data stream won’t be exposed. People can now use sensitive data in the cloud that they couldn’t before and with healthcare and medical records that’s 95 to 98% of data.”
“The Fog is a completely different approach. We can provide compute resources that allow you to keep the data private, that’s a whole new way of doing things.”
Niobium is using the 190W AMD Alveo V80 PCI Express add-in card with the AMD/Xilinx Versal FPGA and 32GB of HBM2e high bandwidth memory. This can be co-located near a customer’s data centre which allows the system to easily scale, he says.

The AMD Alveo FPGA card used by Niobium Microsystems for FHE
There are three applications being implemented, starting with secure search such as retrieval and generation (RAG) with sensitive documents. Then there is a deep learning recommendation engine that works on encrypted data, as well as federated learning for classification or predictive maintenance using sensitive data.
UK chip designer Optalysys is also using an FPGA to provide FHE in the cloud, but with optical processing to accelerate the computation.
“Fully homomorphic encryption (FHE) is a type of encryption that preserves the mathematical structure of data so you can process it and extract insights and value without ever being exposed to the actual data itself,” said Nick New, CEO and co-founder of Optalysys in Leeds.
“Typical encryption methods protect data during storage or movement but not during processing, so FHE closes this last area of vulnerability. FHE is even a Turing-complete encryption scheme, so you can perform any kind of computation on FHE-encrypted data and address use cases beyond data analysis in deep learning, database queries, or solving optimization problems. The challenge, though, is that you need to have sufficient processing power.”
FHE fundamentally relies on polynomial multiplications, and the most efficient way to produce them is by using Fourier transforms and number theoretic transforms—a generalization of the discrete Fourier transform over a finite domain. This maps well onto optical processing, providing higher performance and lower power consumption.
“We accelerate FHE from the ground up with our photonic accelerators by speeding up its basic building blocks, the Fourier and number theoretic transforms, leveraging the interference of laser beams and optical modulators,” he said.
Modulators are commonly used in transceivers to encode information in the optical carrier signals, which are then transmitted over optical fibres. The modulators are used to control the phase and amplitude of laser beams that then interfere. This precise control of the modulation parameters is key to generating the correct interference pattern that implements those transforms quickly and efficiently.
The challenge when implementing logic operations on the encrypted data is to keep the noise separated from the signal. For every addition and multiplication, the noise must be minimised.
Performing the base functions optically, rather than electronically, means the data can be processed faster, reducing the time to access electronic memory.
The company is developing chiplets to handle the Fourier processing that initially sit alongside an FPGA and can be integrated alongside CPUs or AI accelerator chips to keep the data secure.
“We had multiple tape-outs of our photonic chiplets that implement the transforms and provide our core functionality,” said New. “These photonic chips are now being driven from FPGAs on the cloud, on the pathway to creating fully integrated 3D-stacked hybrid chips. Ultimately, our goal is to sell our hardware to hyperscalers so they can include it in their data centre infrastructure, powering their cloud services.”
“To bridge the time until then, we have built our own Explore cloud service, which allows end users and interested third parties to engage with our technology. That way, we can demonstrate what we can offer and provide an FHE proving ground for people to learn what comes next.” This service is gaining traction with bitcoin and cryptocurrency systems which, although anonymous, can use AI to identify users. FHE can keep the details more secure.
“We’re working on standardization with other hardware developers and continuously benchmark our accelerators against CPUs. We achieve a 100x speedup currently, with 10,000x on the horizon, thanks to hardware development and software optimization,” said New.
Silicon is emerging to protect data in flight across the datacentre in the next key stage of development. Securing the critical backbone of Fibre Channel with line rate encryption is a key step, and that has taken many years. The next stage of FHE has also been in development for many years, and the roll out of the technology into the datacentre is happening now as the chips are developed and tested.
www.broadcom.com/support/emulex; www.niobiummicrosystems.com; www.optalysys.com
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。