The FHE market is maturing, and three distinct approaches have emerged. Duality Technologies focuses on privacy-preserving data collaboration and analytics, primarily for the intelligence community and financial services. Enveil focuses on encrypted search and analytics, enabling queries on encrypted data without decryption. H33 provides a full-stack encrypted computation platform that includes FHE, ZK verification, post-quantum attestation, and production-grade infrastructure.
These companies share a belief that FHE will be foundational to the next generation of data infrastructure. Where they differ is in scope, architecture, and what they consider production-ready. Understanding these differences helps organizations evaluate which approach matches their requirements.
Scope: Analytics vs Full Stack
Duality and Enveil both focus on encrypted analytics. Duality's primary product enables organizations to share data for collaborative analytics without exposing plaintext. Enveil's primary product enables encrypted search and encrypted machine learning inference. Both operate primarily in the analytics domain: organizations have data, they want to analyze it, and they want the analysis to happen without exposing the data.
H33's scope extends beyond analytics to include encrypted computation for real-time decision-making. Biometric authentication at 2,293,766 operations per second is not an analytics workload; it is a production transaction processing workload with strict latency requirements. Fraud detection, deepfake detection, and real-time compliance screening are similarly transaction-oriented, requiring throughput and latency characteristics that differ from batch analytics.
This scope difference drives architectural differences. Analytics workloads can tolerate higher latency because they typically run in batch mode. Transaction processing workloads require low per-operation latency and high sustained throughput. H33's architecture is optimized for both patterns, while Duality and Enveil are primarily optimized for the analytics pattern.
Cryptographic Implementation
Duality builds on OpenFHE, an open-source FHE library that Duality's founders helped create at the PALISADE project. OpenFHE provides implementations of BFV, BGV, CKKS, and other FHE schemes. Duality adds a software layer on top of OpenFHE that provides data collaboration features, access control, and workflow management.
Enveil similarly builds on established FHE libraries, adding application-layer functionality for encrypted search and machine learning. The cryptographic core is provided by existing implementations, and Enveil adds the application logic, deployment infrastructure, and integration layers.
H33 uses five proprietary cryptographic engines with zero external FHE or ZK dependencies. The BFV implementation, the CKKS implementation, the TFHE implementation, the STARK proof system, and the post-quantum signature system are all built from scratch by H33's engineering team. This proprietary approach enables workload-specific optimizations that are not possible when building on generic libraries.
The performance implications are significant. Generic FHE libraries must support every parameter set, every use case, and every hardware platform. H33's implementations are specialized for specific workloads on specific hardware (ARM Graviton4), enabling aggressive optimizations that generic libraries cannot make. The 2,293,766 operations per second at 38 microseconds is not achievable with off-the-shelf FHE libraries on the same hardware.
Attestation and Verification
This is the most significant architectural difference between H33 and its competitors. Neither Duality nor Enveil provides cryptographic attestation of computation correctness. Their systems encrypt data and compute on it homomorphically, but they do not generate proofs that the computation was performed correctly.
H33 generates a 74-byte post-quantum attestation (H33-74) for every computation. The attestation uses three independent hardness assumptions (MLWE lattices, NTRU lattices, and stateless hash functions) and includes a STARK proof of computation correctness. Any party can verify the attestation without accessing the encrypted data.
This difference matters for regulated industries where audit and verification are requirements, not features. A financial institution using encrypted credit scoring needs to prove to regulators that scores were computed correctly. A healthcare organization using encrypted diagnostics needs to prove that the diagnostic algorithm was actually applied. Without attestation, these proofs are impossible. With H33-74, they are standard.
Post-Quantum Security
H33 uses post-quantum cryptography throughout its stack: lattice-based FHE, Dilithium signatures, SHA3-256 hashing, and hash-based STARK commitments. The entire system is designed to resist quantum attacks from day one.
Duality and Enveil use post-quantum FHE (the BFV and CKKS schemes are inherently lattice-based and thus quantum-resistant) but may use classical signatures and hashing in their application layers. The FHE encryption is quantum-safe, but the surrounding infrastructure may not be fully post-quantum.
For organizations with long-term security requirements, the full-stack post-quantum approach provides stronger guarantees. Data encrypted today must remain secure for decades. Attestations generated today must remain verifiable for decades. Both require post-quantum cryptography at every layer, not just the FHE layer.
Production Readiness
Production readiness in FHE means more than correct cryptographic operations. It means sustained throughput under load, automated key management with rotation, multi-tenant isolation, monitoring and alerting, error recovery, and deployment automation. These operational requirements are what distinguish a demo from a production system.
H33 publishes sustained throughput numbers measured over 30-second windows on production hardware: 2,293,766 operations per second at 38 microseconds on ARM Graviton4. These numbers include all pipeline stages (FHE computation, attestation, ZK verification) and represent full production operation, not isolated benchmarks.
Duality and Enveil have published benchmarks for specific operations but have not published equivalent sustained throughput numbers for their full production pipelines. This makes direct performance comparison difficult, but the architectural differences (analytics-focused vs transaction-processing-focused, library-based vs proprietary implementations) suggest different performance profiles.
Use Case Alignment
Choose Duality when your primary need is privacy-preserving data collaboration for analytics. Duality's strengths are in multi-party analytics where organizations need to combine data without sharing it, particularly in intelligence and financial analytics.
Choose Enveil when your primary need is encrypted search and encrypted machine learning on sensitive databases. Enveil's strengths are in query-based workloads where the database should never see the query or the matching records in plaintext.
Choose H33 when you need any of the following: real-time encrypted transaction processing at production throughput, cryptographic attestation of computation correctness, post-quantum security at every layer, ZK verification of encrypted computations, encrypted biometric authentication or fraud detection, or a full-stack platform that includes FHE, ZK proofs, and post-quantum signatures in a single pipeline.
The FHE market is large enough for multiple approaches. Analytics, search, and transaction processing are all valid use cases for encrypted computation. The question is not which company is best in absolute terms but which approach matches your specific requirements. For organizations that need production-grade encrypted decision-making with post-quantum attestation, H33 is the platform purpose-built for that workload.
The Full-Stack Advantage
H33's full-stack approach provides advantages that are difficult to replicate with a library-based or analytics-only approach. The most significant advantage is end-to-end optimization: when the same team controls the FHE engine, the ZK proof system, the signature system, and the operational infrastructure, every component can be optimized for the others.
For example, H33's BFV implementation uses a specific polynomial representation that is optimized for the STARK proof system that follows it. The ciphertext format is designed to be hash-friendly, minimizing the overhead of the SHA3-256 attestation step. The SIMD packing strategy is chosen not just for FHE throughput but for the interaction between FHE batching and attestation batching. These cross-component optimizations are impossible when components come from different vendors or open-source projects.
Another full-stack advantage is consistent post-quantum security. When H33 controls every cryptographic component, it can ensure that post-quantum algorithms are used consistently throughout. There are no classical-cryptography components that would become quantum-vulnerable. There are no dependency libraries that might introduce quantum-vulnerable algorithms. The security guarantee is uniform across the entire stack.
A third advantage is operational simplicity. One vendor, one support contract, one SLA, one API, one set of documentation. Organizations using Duality or Enveil may also need separate vendors for key management, attestation, ZK proofs, and operational monitoring. H33 provides all of these as a single integrated platform, simplifying procurement, integration, and ongoing operation.
When Analytics-Only Is Sufficient
Not every organization needs a full stack. For organizations whose primary need is privacy-preserving analytics, whether for regulatory compliance, competitive intelligence protection, or multi-party collaboration, an analytics-focused approach may be sufficient and simpler to deploy.
Duality's strength in data collaboration makes it well-suited for intelligence community and defense applications where multiple agencies need to analyze combined datasets without sharing raw data. The workflow is batch-oriented, the security requirements are high, and the latency tolerance is generous. These characteristics align well with an analytics-only approach.
Enveil's strength in encrypted search makes it well-suited for database-heavy applications where the primary operation is querying encrypted data rather than computing on it. Search-oriented workloads have different optimization priorities than computation-oriented workloads, and Enveil's focus on search enables specific optimizations for that pattern.
The decision framework is: if your workload is batch analytics or encrypted search, evaluate Duality or Enveil alongside H33. If your workload includes real-time transactions, attestation requirements, or multi-primitive pipelines (FHE+ZK+PQ), H33 is the platform designed for that scope.
The FHE market has room for all three approaches. Analytics, search, and full-stack computation address different segments of the market. As the market matures, organizations will increasingly need all three capabilities, and the platform that provides them in a single integrated offering will have a natural advantage. H33 is building toward that integration today.
The Vendor Selection Framework
Selecting an FHE vendor requires evaluating several dimensions beyond feature lists. Performance under sustained load is the most important dimension for production deployments. An FHE system that performs well in a ten-second burst benchmark may exhibit very different characteristics under sustained production load lasting hours or days. Thermal throttling, memory fragmentation, garbage collection pauses, and connection pool exhaustion are all issues that appear only under sustained load. H33 publishes sustained throughput numbers measured over 30-second windows on production hardware, providing a realistic baseline for capacity planning.
Cryptographic provenance is another important dimension. Organizations should understand where the cryptographic implementations come from, who audits them, and what dependencies they introduce. H33's zero-dependency approach means there are no transitive security risks from external libraries. Duality's reliance on OpenFHE means that security updates to OpenFHE must propagate to Duality's platform. Enveil's library dependencies similarly require tracking upstream security advisories.
Operational maturity encompasses monitoring, alerting, key management, deployment automation, and incident response. A vendor may have excellent cryptographic implementations but immature operational tooling. H33 provides comprehensive operational infrastructure including automated key rotation, health monitoring, anomaly detection, and attestation audit trails. Organizations should evaluate operational maturity independently of cryptographic capability.
Total cost of ownership includes compute costs, licensing fees, integration engineering, and ongoing operational costs. FHE compute costs depend on the workload complexity, the encryption parameters, and the hardware platform. H33's ARM Graviton4 deployment provides favorable compute economics compared to x86 or GPU-based alternatives. Integration costs depend on the API design and SDK quality. Operational costs depend on the automation level and the support model.
For organizations beginning their FHE evaluation, the recommended approach is to define the target workload precisely (including throughput, latency, and security requirements), evaluate all three vendors against those specific requirements, and select based on fit rather than general capability. The FHE market is young enough that each vendor has distinct strengths, and the best choice depends heavily on the specific application.