Fully homomorphic encryption and zero-knowledge proofs are the two most powerful privacy-preserving computation technologies available today. They are frequently mentioned together, often confused with each other, and almost always compared as if they are competing solutions to the same problem. They are not. FHE and ZKP solve fundamentally different problems, and understanding the distinction is essential for choosing the right technology for your application.
FHE answers the question: can a third party compute on my data without seeing it? You encrypt your data, send it to a server, and the server performs computation on the encrypted data. The server never sees the plaintext. The encrypted result comes back to you, and you decrypt it to get the answer. The server did useful work on your data without learning anything about it.
ZKP answers a different question: can I prove a fact about my data without revealing the data itself? You have some secret data and you want to convince someone that a specific property of that data is true, without showing them the data. For example, you want to prove that your age is over 21 without revealing your exact age, or that your bank balance exceeds a threshold without revealing the balance.
The key difference is who sees the data. In FHE, no one except the data owner sees the data, not even the computing party. In ZKP, the prover (who generates the proof) must see the data in order to prove statements about it. The verifier does not see the data, but the prover does. This makes FHE suitable for outsourced computation (where the computing party is untrusted) and ZKP suitable for self-attestation (where the prover is the data owner).
FHE: Computation Without Visibility
FHE's superpower is enabling computation by parties who should not see the data. The canonical example is cloud computing on sensitive data. An organization encrypts patient records, credit applications, or biometric templates and sends them to a cloud service. The cloud service performs homomorphic computation, producing encrypted results. The organization decrypts the results locally. The cloud service performed useful computation without ever accessing plaintext data.
This model requires that the FHE scheme supports the operations needed by the computation. BFV supports exact integer arithmetic. CKKS supports approximate real arithmetic. TFHE supports boolean logic. The choice of scheme determines which computations can be performed efficiently.
FHE does not require interaction between the data owner and the computing party beyond the initial data submission and result retrieval. The computing party can process the encrypted data at any time, in any order, without consulting the data owner. This makes FHE suitable for batch processing, asynchronous workloads, and scenarios where the data owner may be offline during computation.
The limitation of FHE is that it does not prove correctness. The computing party could return fabricated encrypted results, and the data owner would have no way to detect the fabrication after decryption. This is why H33 adds attestation to every FHE computation, but attestation is an addition to FHE, not a property of FHE itself.
ZKP: Proof Without Revelation
ZKP's superpower is proving statements without revealing supporting evidence. The prover possesses some private data (the witness) and wants to convince a verifier that a statement about the witness is true. The proof reveals nothing about the witness beyond the truth of the statement.
Common ZKP applications include identity verification (prove you are over 18 without revealing your birthdate), financial compliance (prove your transaction is valid without revealing amounts), and credential verification (prove you have a valid license without revealing the license number). In each case, the prover knows the full data and selectively proves specific properties.
ZKP systems come in two families: interactive proofs (where the prover and verifier exchange messages) and non-interactive proofs (where the prover generates a single proof that anyone can verify). Non-interactive proofs (like STARKs and SNARKs) are more practical for production systems because they do not require real-time interaction between prover and verifier.
The limitation of ZKP is that the prover must know the plaintext data. You cannot generate a ZK proof about data you have never seen. This means ZKP cannot solve the outsourced computation problem: if the computing party does not see the data (because it is encrypted), it cannot generate proofs about the data. This is precisely the gap that FHE fills.
When to Use FHE
Use FHE when the computing party should not see the data. Specific scenarios include: outsourced ML inference where the model runs in the cloud but patient data stays encrypted; biometric authentication where the matching service compares encrypted templates without seeing biometric features; encrypted search where the database server evaluates queries on encrypted data without seeing query contents or record values; and consortium computation where multiple organizations contribute encrypted data to a shared analysis without revealing data to each other or to the analysis platform.
FHE is the right choice whenever the trust model requires that the computing party operates blindly. The computing party is a utility that processes ciphertexts. It does not need to understand what the ciphertexts contain, and it should not be able to learn what they contain.
When to Use ZKP
Use ZKP when the data owner needs to prove properties to a verifier. Specific scenarios include: age verification where a user proves they meet an age requirement without revealing their exact age; financial compliance where a trader proves a transaction satisfies regulatory constraints without revealing trade details; credential verification where an employee proves they hold a valid certification without revealing the certification number or issuing authority; and blockchain privacy where a user proves a transaction is valid without revealing sender, receiver, or amount.
ZKP is the right choice whenever the data owner is the prover and wants to convince an external verifier. The data owner retains full control of the data and chooses which properties to prove. The verifier learns only the truth of the stated property, nothing more.
When to Use Both
The most sophisticated applications combine FHE and ZKP. The combination is necessary when the computing party should not see the data (requiring FHE) and the data owner needs proof that the computation was performed correctly (requiring ZKP).
H33's production pipeline is an example of this combination. FHE ensures that H33 never sees plaintext biometric data. The STARK proof ensures that the biometric comparison was actually performed (not fabricated). The Dilithium signature binds the proof to H33's identity. The 74-byte H33-74 token delivers both properties in a single verifiable artifact.
Other combined applications include: privacy-preserving credit scoring where FHE protects applicant data from the scoring service and ZKP proves that the scoring model meets regulatory fairness requirements; encrypted auction systems where FHE hides individual bids from the auctioneer and ZKP proves that the winning bid was selected correctly; and multi-party analytics where FHE protects each party's data from the others and ZKP proves that the agreed-upon analysis was actually performed.
The Cost Comparison
FHE computation is expensive because every arithmetic operation on encrypted data involves polynomial operations on large ciphertexts. A single homomorphic multiplication might require millions of CPU cycles. The overhead factor compared to plaintext computation is typically 10,000x to 1,000,000x, depending on the scheme and parameters.
ZKP proof generation is also expensive, but in a different way. The prover must convert the computation into an algebraic constraint system and solve that system to produce a proof. For complex computations, proof generation can take seconds or minutes. However, proof verification is fast, typically milliseconds regardless of the computation complexity.
The combined FHE+ZKP pipeline amortizes both costs. FHE computation is performed once per batch (with 4096 SIMD slots providing throughput). The ZKP proof is cached for common computation patterns, reducing proof generation to a cache lookup. The combined pipeline at H33 achieves 2,293,766 operations per second at 38 microseconds each, demonstrating that the combination is production-viable.
FHE and ZKP are complementary tools. FHE provides confidentiality from the computing party. ZKP provides integrity verification for the data owner. Together, they provide both, which is what production systems actually need. Understanding when to use each, and when to use both, is the foundation for building privacy-preserving systems that are both secure and practical.
The Taxonomy of Privacy Technologies
FHE and ZKP are the two most powerful privacy-preserving computation technologies, but they are not the only options. Understanding the full taxonomy helps architects select the right tool for each component of a privacy-preserving system.
Secure multi-party computation (MPC) enables multiple parties to jointly compute a function on their private inputs without revealing inputs to each other. MPC requires interaction between parties during computation, unlike FHE which allows non-interactive computation. MPC is suitable for real-time collaborative computation where all parties are online simultaneously.
Differential privacy (DP) adds calibrated noise to computation results, ensuring that individual records cannot be identified from aggregate statistics. DP is suitable for analytics and reporting where aggregate trends are valuable but individual-level precision is not required. DP is simpler and faster than FHE but provides weaker privacy guarantees.
Trusted execution environments (TEEs) like Intel SGX and ARM TrustZone provide hardware-isolated enclaves where computation occurs on decrypted data in a protected memory region. TEEs are faster than FHE because they operate on plaintext, but they rely on hardware trust assumptions that have been repeatedly broken by side-channel attacks.
Each technology has its place. FHE provides the strongest confidentiality guarantee (the computing party literally cannot see the data) but is the most computationally expensive. ZKP provides the strongest verifiability guarantee (the proof is mathematically sound) but requires the prover to see the data. MPC provides multi-party privacy but requires interaction. DP provides aggregate privacy with minimal overhead but loses individual precision. TEEs provide near-native performance but rely on hardware trust.
H33's architecture combines FHE (for confidentiality) with ZKP (for verifiability) and post-quantum signatures (for identity binding). This combination provides the strongest possible guarantees at the cost of higher computation overhead. For applications where the data is sensitive enough to justify the overhead, such as biometric authentication, medical diagnostics, and financial compliance, the combined approach is the right choice. For applications where approximate privacy is acceptable, simpler technologies may suffice.