DocsQuick StartAI News
AI NewsHaiguang embedded quantum-resistant cryptography into the chip, achieving 30,000 TPS in real-world financial scenarios.
Product Update

Haiguang embedded quantum-resistant cryptography into the chip, achieving 30,000 TPS in real-world financial scenarios.

2026-06-16T07:13:00.108Z
Haiguang embedded quantum-resistant cryptography into the chip, achieving 30,000 TPS in real-world financial scenarios.

On June 16, Haiguang Information showcased its "Trusted Intelligent Agent Engine" and a quantum-resistant cryptographic solution for the financial sector at the Shanghai International Financial Expo. With a dual CPU+DCU core foundation, a single solution achieved a tested peak of up to 30,000 TPS, and has already been implemented in banks, insurance companies, and securities firms.

Haiguang Embeds Quantum-Resistant Cryptography into Chips, Achieves 30,000 TPS in Financial Scenarios

On June 16, Haiguang Information played two cards at the Shanghai International Financial Expo: one is the “Trusted Agent Engine” aimed at large-model training and intelligent agent inference, and the other is a quantum-resistant cryptography solution prepared for the financial industry. Both share only one common feature — security capabilities are no longer an external add-on but directly etched into the CPU and DCU.

According to official data, this quantum-resistant cryptography solution can support 10,000 to 30,000 TPS for high-concurrency processing in real-world financial scenarios. This figure on the table means it’s no longer a PoC-stage toy but an industrial-grade solution ready for production. Haiguang’s current customer list includes banks, insurance, and capital markets, with deployments moving faster than expected.

Trusted Agent Engine: Full-Process Token Context Encryption

Let’s start with the name “Trusted Agent Engine.” It sounds like a concept, but on closer inspection it addresses a very specific pain point: during large-model inference, is the Token context data plaintext or encrypted?

Those who’ve done enterprise-level AI deployment have likely encountered this awkward issue — the model runs in the cloud, and the Prompt containing contract terms, customer information, and trading strategies has to be fed in as plaintext. Even if transmission encryption looks perfect, once it’s in GPU memory it’s still exposed. Operations staff, platform providers, and underlying cloud vendors could theoretically see it. For clients in finance and government, where data ownership is extremely sensitive, this is practically a compliance red line.

Haiguang’s solution is based on a dual-core CPU+DCU architecture, extending chip-level confidential computing (CSV) to the entire inference process. In simple terms, from the moment the Prompt enters the compute node, through model inference, to Token output, all context data runs in an encrypted zone throughout its lifecycle. Moreover, Haiguang’s CSV confidential computing supports direct passthrough for parallel inference across multiple DCU cards — which is key, since traditional confidential computing usually sacrifices performance, and multi-card parallelism is a major hurdle.

An imprecise but easy analogy: before, it was like placing a bulletproof glass cover over the safe; now, it’s like welding the safe into the vault wall.

Quantum-Resistant Cryptography: Sooner or Later It's Coming — Better Sooner than Later

Quantum resistance has been a hot topic in the industry for the past two years, but there’s been little real work at the chip level. The reason is simple — no one can say when quantum computers will be able to run Shor’s algorithm and truly threaten RSA/ECC. However, finance and government clients are already on alert because of an attack called “harvest now, decrypt later”: encrypted data is grabbed now and stored, and once quantum computing capacity is available, it can be decrypted at leisure. For financial contracts and government archives that need to remain confidential for 20 or 30 years, this threat is real.

Haiguang’s strategy can be summarized as:

  • All CPUs already have a built-in quantum-resistant algorithm instruction set — the hardware foundation is laid.
  • Uses a “commercial cryptography + quantum-resistant cryptography” hybrid architecture — smoothly switch between traditional, hybrid, and purely quantum-resistant modes.
  • No complete overhaul — legacy business stays intact; new business can directly adopt quantum resistance.

This approach is pragmatic from an engineering perspective. Algorithm swaps aren’t the problem — synchronously updating the entire application ecosystem, key management, certificate systems, and protocol stacks is the real challenge. SM2, SM3, SM4 and quantum-resistant algorithms differ significantly in key length, interface protocols, and signature size. Forcing an all-at-once switch would mean rewriting all business systems.

Haiguang VP Ying Zhiwei’s words are worth noting: “In the past, cryptography technology iteration cycles were 5 or even 10 years, but CPU iteration is much faster.” This actually points to the real value of intrinsic security — CPUs iterate every two years, and cryptographic capabilities iterate alongside them, forcibly accelerating security upgrades.

Haiguang CPU+DCU dual-core architecture and intrinsic security technology panorama

Roadmap: Quantum-Resistant CCP Hardware and Dedicated Instruction Set in 2027

On June 11 at the Commercial Cryptography Exhibition of the China International Industry Fair, Haiguang also revealed its next steps: it will gradually achieve full software ecosystem coverage for quantum-resistant algorithms and launch Quantum-Resistant CCP (Cryptographic Co-Processor) hardware and dedicated instruction sets.

According to Ying Zhiwei’s previously disclosed timeline:

  • 2025–2026 Foundation Phase: Rapidly support NIST quantum-resistant cryptography standards, complete algorithm implementation, achieve full software ecosystem coverage, and integrate key management.
  • 2027–2028 Hardware Reconstruction Phase: Launch quantum-resistant CCP hardware and dedicated instruction sets, evolving from co-processor acceleration to native instruction-set acceleration.

The key here is “dedicated instruction set.” Current quantum-resistant algorithms (Kyber, Dilithium, and other lattice-based schemes) require significantly more computation than RSA/ECC, putting heavy performance pressure on pure software implementations. Co-processors can solve part of this, but instruction-set level acceleration is the real way to unleash chip computing power. Intel’s AES-NI, which boosted AES encryption performance by an order of magnitude, followed the same logic.

An Observation: Intrinsic Security as a Differentiator for Domestic Computing Power

From an industry perspective, there are several details worth pondering.

First, Haiguang is taking the “native chip-level” route, not the “security card + encryption machine” old path. Traditionally, an encryption machine is an independent device, performance limited by PCIe bandwidth and external scheduling, and critical keys could still leak during transmission. Intrinsic security within the chip means keys never leave the CPU, and performance isn’t bottlenecked by external add-ons. In the AI era with massive concurrency, this advantage becomes even more pronounced.

Second, Haiguang has already worked with over 35 partners to complete adaptation for more than 50 software and hardware products, covering categories such as server encryption machines and security gateways. Ecosystem building can’t be scaled by chip makers alone — ISV cooperation is necessary. The fact that projects in securities, police cloud, and government cloud have been implemented indicates this isn’t just PPT.

Third, Haiguang’s C86 architecture reportedly has “native immunity to meltdown, Spectre, and other critical vulnerabilities.” The actual effectiveness needs time to verify, but from a competitive standpoint, it’s clearly an effort to shed some historical baggage of traditional x86.

Fourth, financial clients are extremely demanding; TPS is a hard metric tied to real money. 30,000 TPS in a quantum security scenario is a very competitive number — keep in mind that purely software implementations of lattice-based algorithms on ordinary servers tend to only reach a few thousand TPS. This performance level indicates that hardware acceleration truly makes a difference.

Final Thoughts

The security model of the AI era has indeed changed. Ying Zhiwei once remarked at a forum that “in the past it could take security researchers 1–2 years to find a deep vulnerability, but now an AI model can find 10 overnight.” With attack-side automation capabilities skyrocketing, defensive measures limited to patching and firewalls can no longer keep pace.

Pushing security to the lowest level and letting cryptographic capabilities iterate with the chip makes logical sense. The two solutions Haiguang introduced here effectively bring this approach to the product level, and the real-world financial data serves as proof. The remaining question is how fast the ecosystem will expand — quantum-resistant cryptography is not a project a single chip maker can complete alone; ISVs, clients, and regulators must synchronize.

At least judging from this wave of concentrated activity in June, Haiguang is out in front.

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: