Cryptographic Protection

Accelerator Interconnect Encryption: AI accelerators within Weight Enclaves cryptographically protect all data transmitted over chip-to-chip interconnects (e.g., NVLink, UALink, custom fabrics). Hardware-level encryption prevents interception from physical interconnects during distributed operation.

Interconnect encryption protects data between accelerators; end-to-end encryption (where data arrives encrypted from origin and is re-encrypted before host-accessible export) protects data from host access at trust boundary crossings. Both are required. The accelerator must revoke host memory access before decrypting incoming data and complete encryption before restoring host access.

Inter-Facility Encryption: The organization implements cryptographic protection for all inter-facility network traffic within the SL5 Network using inline network encryptors deployed at facility boundaries. Inline network encryptors must use cryptographic modules validated to FIPS 140-3 Level 3 minimum [11]. This is aligned with FedRAMP’s requirement to use FIPS-validated cryptography and is intentionally stronger on validation level [5], [21]. The organization deploys at least two inline network encryptors from different suppliers in series at each inter-facility connection per SC-29.