H33 vs StarkWare: FHE+STARK vs STARK-Only Scaling

H33 and StarkWare both build on STARK (Scalable Transparent Argument of Knowledge) zero-knowledge proofs, but they apply this technology to solve completely different problems. StarkWare uses STARKs to scale blockchain transactions by proving off-chain computation validity. H33 uses STARKs to verify that computations on fully homomorphically encrypted data were performed correctly, then signs everything with post-quantum digital signatures based on three independent hardness assumptions. The shared mathematical foundation obscures a fundamental architectural divergence.

This comparison matters because understanding how the same proof system serves radically different purposes helps organizations make informed decisions about which cryptographic infrastructure they need. Both represent serious engineering, but they address non-overlapping requirements in non-overlapping markets.

StarkWare: STARK Proofs for Blockchain Scaling

StarkWare builds two primary products: StarkEx, a permissioned scaling engine used by applications like dYdX and Immutable X, and Starknet, a permissionless Layer 2 network for Ethereum. Both use STARK proofs to verify that batches of transactions were executed correctly off-chain, then submit the proofs to Ethereum for on-chain verification and settlement finality. The economic model works because verifying a STARK proof on-chain costs a fixed amount of gas regardless of how many transactions the proof covers, so amortizing that cost across more transactions reduces per-transaction cost.

The key innovation of StarkWare is that STARKs do not require a trusted setup ceremony. Unlike SNARK-based systems, STARKs derive their security entirely from hash functions. This eliminates the trusted setup vulnerability where compromise of setup parameters could allow undetectable proof forgery. StarkWare's proofs are larger than SNARKs (hundreds of kilobytes versus hundreds of bytes), but they are quantum-resistant because they rely on hash function security rather than elliptic curve assumptions vulnerable to Shor's algorithm.

H33: STARK Proofs for Encrypted Computation Verification

H33 uses STARK proofs for verifying that computations on FHE-encrypted data were performed correctly without revealing the underlying plaintext. When H33 processes a batch of 32 encrypted biometric authentications through its BFV homomorphic encryption engine, the STARK proof confirms that every FHE operation was executed correctly according to the specified computation.

H33's STARK proofs are generated as part of an integrated pipeline that also includes BFV fully homomorphic encryption and a three-key post-quantum digital signature combining ML-DSA, FALCON, and SLH-DSA. The proofs are verified through cached lookups in the CacheeEngine, which brings verification latency down to sub-microsecond per operation. The pipeline sustains over 1.6 million authenticated operations per second on Graviton4 hardware with all three stages (FHE, ZKP, PQ signing) included in the throughput measurement.

The Encryption Difference

StarkWare does not provide encryption. The data processed through StarkEx or Starknet is transparent to the prover. The prover sees all transaction data in plaintext and generates a proof that the state transition was computed correctly. Privacy is not a goal of StarkWare's infrastructure; scalability is the goal. If you need private transactions on Starknet, you must add a privacy layer yourself.

H33 makes encryption the foundation. Every computation happens on encrypted data using BFV fully homomorphic encryption. The prover never sees the plaintext data at any point during computation. The STARK proof verifies computation correctness on ciphertexts, and the three-key post-quantum signature attests to the result. With StarkWare, you trust the prover not to misuse your data. With H33, the prover mathematically cannot access your data because it never exists in plaintext within the system boundary.

Post-Quantum Security Comparison

StarkWare's STARK proofs are quantum-resistant because they are based on hash function security. This is a genuine and important advantage over SNARK-based systems that rely on elliptic curves. However, StarkWare's systems still interact with Ethereum accounts that use ECDSA signatures, which are quantum-vulnerable. A quantum attacker could not forge STARK proofs but could forge the user signatures that authorize transactions.

H33 provides post-quantum security across every layer of the stack. The FHE layer uses lattice-based BFV (quantum-resistant). The STARK proofs use hash-based commitments (quantum-resistant). The signature layer uses three independent post-quantum families: MLWE lattices, NTRU lattices, and stateless hash functions. There is no quantum-vulnerable component anywhere in the pipeline. An attacker with a quantum computer faces three independent mathematical barriers and must break all three simultaneously.

The H33-74 substrate distills the full attestation into 74 bytes through cryptographic distillation, not compression. This makes post-quantum attestation practical for on-chain anchoring on any blockchain including Starknet.

AIR Representation: Shared Foundation, Different Circuits

Both H33 and StarkWare use Algebraic Intermediate Representation (AIR) to define the computations that their STARK proofs verify. AIR represents computations as systems of polynomial constraints over an execution trace. The prover fills in the trace, commits to it using Merkle trees, and proves that all constraints are satisfied without revealing the trace.

StarkWare's AIR circuits define the instruction set of the Cairo VM, their purpose-built virtual machine for provable computation. Any program compiled to Cairo can be proved, giving StarkWare broad generality. The tradeoff is that Cairo programs run somewhat slower than native code because computation must be structured to produce a provable trace within the VM abstraction.

H33's AIR circuits are purpose-built for FHE operation verification and cryptographic signature verification. They are not general-purpose; they verify specific classes of computation in H33's pipeline. This specialization allows H33 to optimize AIR constraints for minimal proof size and maximal verification speed for its workload, which is why cached STARK verification adds sub-microsecond latency.

Performance Profiles

StarkWare's performance is measured in proof generation time and on-chain verification cost. Generating a STARK proof takes seconds to minutes depending on batch size and requires substantial computational resources (GPUs are commonly used). On-chain verification costs a fixed amount of gas regardless of batch size.

H33's performance is measured in end-to-end pipeline throughput. The production pipeline on Graviton4 sustains over 1.6 million full-pipeline authentications per second. The STARK verification uses cached lookups completing in sub-microsecond time. The FHE batch takes approximately 943 microseconds for 32 users, and PQ signing takes approximately 391 microseconds per batch. The per-authentication latency is 42 microseconds for the complete pipeline.

Trust Models

StarkWare's trust model assumes transparent data with verified computation. You send your transaction in plaintext, and the STARK proof guarantees correct execution. You trust the prover not to front-run your transaction or leak your data. This works for public blockchain transactions but is insufficient for confidential data processing.

H33's trust model assumes encrypted data with verified computation and quantum-resistant attestation. You send encrypted data to H33, computation happens on ciphertexts, the STARK proof verifies correctness, and the three-key post-quantum signature creates an attestation valid indefinitely. You do not need to trust H33 with your data or its claims about the computation.

Complementary Applications

H33 and StarkWare work together naturally. Consider a healthcare application: H33 processes encrypted patient data through FHE, generates a STARK proof, signs with post-quantum signatures, and produces a 74-byte H33-74 attestation. This attestation anchors to Starknet using StarkWare's scaling infrastructure. The result: patient data never exposed (FHE guarantee), computation verified (STARK guarantee), attestation quantum-resistant (three-key guarantee), stored immutably on a scalable chain (StarkWare guarantee).

Neither system alone provides all these properties. Together they cover the full trustless verification stack from data confidentiality through computation integrity to permanent quantum-resistant public verifiability. This is the architecture organizations should consider when they need both privacy and permanence in the same system.

When to Choose Each

Choose StarkWare if you are building blockchain applications needing transaction scaling, if your data is inherently public, and if you want battle-tested infrastructure for blockchain scaling with quantum-resistant proofs at the proof layer. StarkWare is the leading STARK infrastructure for the blockchain ecosystem.

Choose H33 if you need to compute on encrypted data, need post-quantum signatures across the full attestation stack, or need to process confidential data with verifiable results. H33 is designed for workloads where data cannot be exposed at any point, including to the computation infrastructure itself, and where attestation must survive both classical and quantum attack for the lifetime of the data.

The choice is not between better or worse technology. It is between confidential encrypted computation with full-stack post-quantum attestation (H33) and scalable transparent computation with quantum-resistant proofs (StarkWare). Different requirements, different correct answers, and in many real scenarios the answer involves both.