Confidential computing refers to technologies that protect data while it is being processed, focusing on encryption in use, which complements traditional protections for data at rest and in transit.

At the heart of this approach are Trusted Execution Environments (TEEs). These are isolated hardware-based environments within a CPU that securely process data, away from the reach of the operating system, hypervisor, or cloud provider. TEEs enforce:

• Isolation: Processing happens in a sealed environment
• Integrity: Code and data cannot be altered from outside
• Attestation: A cryptographic mechanism proves the TEE is authentic and secure

Common implementations include Intel SGX, AMD SEV-SNP, and Arm TrustZone. TEEs are already in use across industries from financial modeling and AI to collaborative analytics and regulated healthcare data.

How Secure Is Confidential Computing?

Confidential computing greatly enhances security posture by ensuring that data remains protected during processing. With TEEs, decrypted data is only accessible inside the secure enclave, away from infrastructure-level threats.

This trust is further reinforced by attestation, which enables systems to cryptographically verify the integrity of the environment before sensitive data is processed. Enterprises can enforce policies where only attested environments receive encryption keys.

While highly secure, TEEs aren’t without their challenges. Potential risks include:

• Side-channel attacks: Exploiting physical properties like timing or cache access
• Implementation flaws: Bugs in firmware or enclave code
• Supply chain vulnerabilities: Hardware-level backdoors or compromised components

However, these risks are being continually addressed with evolving standards, robust auditing practices, and secure enclave design patterns. As part of a layered security model, confidential computing is a resilient and reliable technology.

What Are the Limitations of Confidential Computing?

Despite its strengths, enterprises must weigh certain trade-offs when deploying TEEs:

• Performance considerations: Compared to more advanced privacy-enhancing technologies like fully homomorphic encryption (FHE), TEEs are far more performant. While enclave transitions and memory encryption can add slight latency, TEEs generally deliver near-native performance relative to alternatives.
• Development complexity: Applications may need to be refactored to split trusted and untrusted components, manage secure I/O paths, and operate within enclave constraints.
• Scalability limitations: Current TEEs are bound to a single physical server, which can limit scale-out deployments. However, industry roadmaps suggest scale-out TEE solutions will become available later this year.
• Vendor differences: Hardware and cloud support varies, and attestation mechanisms differ in format and validation.
• Residual risks: Physical and firmware attacks may still fall outside the TEE’s defense scope.

These challenges are real but solvable. With maturing vendor ecosystems, open-source tooling, and forthcoming distributed TEE models, confidential computing is becoming increasingly scalable and enterprise-ready.

Confidential Computing and Post-Quantum Security

It’s not accurate to describe confidential computing itself as post-quantum. TEEs are hardware-based solutions whose guarantees depend on CPU/accelerator integrity, firmware, and microcode and they remain exposed to non-quantum risks such as side-channel attacks.

However, the protocols around TEEs (e.g., data encryption and key exchange) can be post-quantum secure. At Duality, we see the following advancements:

• Post-quantum key exchange and attestation (e.g., ML-KEM from the Open Quantum Safe project).
• Hybrid cryptography, pairing classical algorithms with quantum-resistant ones.
• Upgradeable firmware to replace vulnerable primitives as PQC standards evolve.

In practice, this means:

• The TEE enclave itself is not inherently post-quantum.
• The external flows including data encryption (AES-256) and key exchange protocols (e.g., ML-KEM-1024), can already be secured against quantum attacks.

This layered approach ensures enterprises remain protected as quantum threats become more realistic, without overstating the guarantees of TEEs themselves.

TEEs and GPUs: Extending Confidential Computing to Accelerators

As enterprises increasingly run compute-intensive workloads like AI training and inference, GPUs are critical. The next frontier is confidential GPUs, bringing TEE-like protections to GPU accelerators.

Recent developments from vendors such as NVIDIA extend enclave-based protections to GPU memory and execution flows. This enables:

• Secure training and inference of AI/ML models where both the model and the data remain confidential.
• Encrypted GPU memory, isolating sensitive workloads from host or hypervisor inspection.
• Attestation for GPU workloads, ensuring that data is only processed in trusted environments.

This GPU integration is crucial for sectors like defense, healthcare, and finance, where sensitive data often requires high-performance parallel processing. By combining CPUs and GPUs under a confidential computing model, enterprises can scale secure AI pipelines without sacrificing performance.

When Should Enterprises Use Confidential Computing?

Not every workload needs confidential computing—but for those that do, the benefits are game-changing.

Ideal use cases include:

• Regulated industries like finance, health, or defense
• Multi-tenant SaaS platforms handling sensitive user data
• AI/ML pipelines where both models and data must remain confidential
• Cross-border data processing with data sovereignty concerns

When evaluating confidential computing, enterprises should consider:

• Risk profile: Is sensitive data processed in shared or untrusted infrastructure?
• Compliance: Does your industry require auditability and isolation guarantees?
• Performance: Can the application tolerate enclave overhead?
• Deployment: – Do you have the resources and knowledge to run your application on confidential computing?

The decision to adopt TEEs should be rooted in both business priorities and technical feasibility. As privacy and compliance demands rise, confidential computing provides a secure path forward.

Duality Technologies’ Approach
At Duality Technologies, confidential computing is just one part of a holistic approach to privacy-enhancing computation.

We combine:

• Homomorphic encryption allows analysts to run queries on encrypted data—ideal for regulated investigations where even the query itself must stay hidden.
  Duality combines TEE with FHE in order to maximize security without compromising on utility.
• Federated learning trains models across decentralized datasets without moving or pooling data—key for healthcare, banking, or defense environments where data sharing is blocked by law or policy. Duality combines federated learning with confidential computing in a way that protects the intermediate weights sent to the confidential computing to perform the weight aggregation in a secure enclave.

Our platform supports flexible deployments across cloud, on-premises, and edge ensuring data privacy throughout its lifecycle. With built-in support for cryptographic agility and transparent trust verification, we help organizations align security strategy with innovation.

Whether you’re securing collaborative analytics, training AI on encrypted data, or meeting regulatory requirements, Duality provides the tools to do so safely and scalably.

FAQs

What’s the difference between encryption at rest / in transit vs encryption in use?
Encryption at rest protects stored data; in transit protects data in motion. Encryption in use, enabled by confidential computing, protects data during processing.

Can a cloud provider access my data if it’s processed in a TEE?
Not if the TEE is properly configured and attestation is verified. The data remains encrypted and isolated from cloud infrastructure.

What is attestation and why is it important?
Attestation proves that a TEE is running verified code in a trusted environment. It’s crucial for verifying security before processing sensitive data.

What flow is quantum safe when working with confidential computing?
Using Duality the data encryption is done using AES 256 which is considered as quantum safe. In addition, the key exchange is also quantum safe as we’re using ML-KEM-1024 protocol implemented in liboqs library from the Open Quantum Safe (OQS) project.

Michal Wachstock Head of Marketing, Duality Technologies