NSE is changing the encryption algorithm. What does it mean for you?

This month (September 2025), NSE released new specifications for the NNF protocol used in the Futures & Options segment. The major update is a new encryption mechanism, which replaces the outdated MD5 checksum with an AES-GCM-256 authentication tag.

Why this matters for HFT and ultra-low latency trading

The current mechanism

The current NNF protocol requires an MD5 checksum of the message data in the message header. MD5 is outdated and relatively slow. It takes a long time to compute and is inherently sequential, meaning it cannot be parallelized. 

On FPGA-based HFT systems, this adds hundreds of nanoseconds of latency.

In the ultra-low latency world, hundreds of nanoseconds are an eternity. Naturally, trading firms have worked around this overhead — and in fact, they’ve reduced it all the way to zero.

The key protocol characteristic is that the sequence number in the header isn’t covered by the checksum. This means the MD5 checksum of a given message is always the same throughout the trading day. For instance, an Order Entry Request for a specific token, price, and size will always generate the same checksum. To capitalize on this, firms precompute hundreds or thousands of possible messages in advance. Then, they define a set of triggers for sending the precomputed messages. When the fast trading logic detects a trigger event, it simply selects the prebuilt payload (complete with checksum) and sends it directly to the exchange.

Balancing challenges and rewards

Of course, this approach comes with challenges: predicting future orders, keeping them updated, and ensuring fast access for the strategy. But the payoff is huge, avoiding on-the-fly checksum computation provides a critical latency edge. Last year, NSE added AES encryption of the payload, but the MD5 checksum was still computed from the unencrypted data. As a result, these precomputation systems continued to work and remained highly effective.

Magmio offers a latency-optimized AES-GCM-256 core and a complete tick-to-trade FPGA system, including fast triggers.

The new encryption mechanism with authentication

Now things change. The new NNF version introduces AES-GCM-256 authentication.

Under the current system, a packet can be precomputed in the morning and sent at any time during the day. With AES-GCM-256, you can still precompute packets — but as soon as one is transmitted, all other precomputed packets become invalid and must be discarded or recomputed.

The upside: AES-GCM-256 is faster than MD5, so computing authentication tags on-the-fly won’t add as much latency as before.

The question is, will the fastest firms abandon packet precomputation altogether and lose their edge? Or will new optimizations emerge? Only time will tell.

What’s certain is that this change will reshape the ultra-low latency landscape. Some strategies may no longer be profitable, while new opportunities will open up.

Make sure your technology is ready for this shift. Magmio offers a latency-optimized AES-GCM-256 core and a complete tick-to-trade FPGA system, including fast triggers. Get ahead of the competition and explore how our solutions can help you win the new race for speed.