A Real Milestone for Homomorphic Encryption
Let's start where credit is due. Zama's TFHE team has achieved something that, just four years ago, most cryptographers would have called a pipe dream. In 2021, bootstrapping a single TFHE ciphertext on a CPU took 53 milliseconds for 4-bit integers and 19 milliseconds for booleans. Their latest result — 945 microseconds for 4-bit integers and 796 microseconds for booleans — represents a 56x improvement. On 8×H100 GPUs, they're pushing 189,000 programmable bootstraps per second. That's real, reproducible progress, and it matters for the entire industry.
TFHE bootstrapping is one of the hardest operations in all of cryptography. It evaluates the decryption circuit homomorphically, resetting accumulated noise while simultaneously applying arbitrary lookup table functions to encrypted data. Every FHE scheme accumulates noise with each operation; without bootstrapping, you hit a wall after a handful of multiplications. Zama's sub-millisecond result means that noise-refreshing — the fundamental bottleneck of general-purpose FHE — is no longer the insurmountable barrier it once was. That opens doors for encrypted computation across blockchain, private AI inference, and confidential smart contracts.
The techniques behind their result are impressive: multi-bit bootstrapping algorithms (building on Zhou 2018 and Joye 2022), compile-time specialization to reduce GPU register pressure, and new noise management techniques that lower post-bootstrap noise levels. All while maintaining 128-bit IND-CPAD security with 2−128 failure probability. This is serious cryptographic engineering.
So, genuinely: congratulations to the entire Zama team. You've pushed the state of the art forward, and the FHE community is better for it.
Now Let's Talk Numbers
Zama's breakthrough is a single cryptographic primitive — one TFHE bootstrap, one ciphertext, one operation. That's the correct unit of measurement for what they're benchmarking. But when you step back and ask the question that matters to anyone building a production system — "How fast can I actually authenticate a user with full encryption, full proofs, and full post-quantum security?" — the answer looks very different.
H33's production pipeline processes a complete biometric authentication in 38.5 microseconds. That's not just FHE. That's the entire security stack executing in a single API call:
Stage 1: BFV Fully Homomorphic Encryption — 939µs per 32-user batch. Inner product on encrypted 128-dimensional biometric templates. Montgomery NTT with Harvey lazy reduction. N=4096, 56-bit modulus. Lattice-based, inherently post-quantum.
Stage 2: Dilithium Lattice Signatures — 291µs per batch. ML-DSA sign + verify for batch attestation. One signature covers all 32 users. NIST FIPS 204 compliant.
Stage 3: STARK Zero-Knowledge Proofs — 0.059µs per lookup. 7-column AIR with SHA3-256 hashing. Proofs generated at enrollment, verified from in-process DashMap cache at production time.
Stage 4: ML Threat Agents — ~2.35µs total. Three native Rust AI classifiers running inline: harvest-now-decrypt-later detection (0.69µs), side-channel analysis (1.14µs), and cryptographic health monitoring (0.52µs).
Total batch latency: 1,232 microseconds for 32 users. That's 38.5 microseconds per authentication. Zama's single bootstrap takes 945 microseconds to process one ciphertext performing one operation. H33 processes 32 users through four layers of post-quantum security in 1,232 microseconds. Per user, H33 is 24.5 times faster — while doing categorically more work.
Side-by-Side: What the Numbers Actually Mean
| Metric | H33 v10.0 | Zama TFHE (2025) |
|---|---|---|
| Core operation latency | 38.5 µs / auth | 945 µs / bootstrap |
| Scope of operation | FHE + STARK ZKP + Dilithium + 3 ML agents | Single TFHE bootstrap (noise refresh) |
| Sustained throughput | 2,172,518 auth/sec | 189,000 PBS/sec (8×GPU) |
| Hardware | 1× ARM CPU (Graviton4, 192 vCPU) | 8× NVIDIA H100 SXM5 80GB |
| Estimated hardware cost | ~$2/hr (spot) | ~$25/hr (on-demand) |
| FHE scheme | BFV (N=4096, exact arithmetic) | TFHE (gate-by-gate, bootstrappable) |
| Post-quantum signatures | Dilithium (ML-DSA) per batch | Not included |
| Zero-knowledge proofs | STARK with 7-column AIR | Not included |
| ML threat detection | 3 inline Rust agents | Not included |
| Security level | 128-bit (NIST L1), full PQ stack | 128-bit IND-CPAD |
| Variance (sustained) | ±0.71% | Not reported |
Different Schemes, Different Philosophies
It's important to understand why such a dramatic gap exists, because it's not just about implementation quality. Zama and H33 are solving fundamentally different problems with fundamentally different FHE schemes.
TFHE (Torus Fully Homomorphic Encryption) is a gate-by-gate scheme. It evaluates arbitrary boolean circuits on encrypted data, one gate at a time, and bootstraps after each gate to reset noise. This makes it extraordinarily flexible — you can compute anything — but it also means that every single logical operation requires a full bootstrap. For complex computations like encrypted 64-bit addition (8.7ms on Zama's setup) or multiplication (32ms), the bootstraps stack up. The tradeoff is generality: TFHE can evaluate any function, which is why it's the backbone of Zama's fhEVM for confidential smart contracts.
BFV (Brakerski/Fan-Vercauteren), the scheme H33 uses, takes a different approach. It batches thousands of integer operations into a single ciphertext using SIMD (Single Instruction, Multiple Data) slots. H33 packs 32 biometric templates — each with 128 dimensions — into one ciphertext with 4,096 polynomial slots. The inner product (encrypted dot product for biometric matching) happens across all 32 users simultaneously, in NTT domain, with a single inverse NTT at the end. No bootstrapping required for the operations we need, because BFV's noise budget is sufficient for the multiplication depth of biometric matching.
This is a deliberate architectural choice. We don't need arbitrary circuit evaluation. We need fast, batched, exact-arithmetic inner products on encrypted biometric vectors. BFV gives us that with zero bootstrapping overhead. Then we layer Dilithium signatures, STARK proofs, and ML threat agents on top — the full post-quantum authentication stack — and still come in at 38.5 microseconds per user.
The Hardware Story: GPUs vs. ARM CPUs
There's another dimension to this comparison that matters enormously for production deployments: hardware. Zama's sub-millisecond result requires NVIDIA H100 GPUs — the most powerful (and expensive) accelerators on the market. An 8×H100 DGX node costs north of $200,000 to purchase or roughly $25/hour to rent. These are extraordinary machines, and they're the right tool for Zama's workload. GPU parallelism maps naturally to the massively parallel structure of NTT computations and TFHE bootstrapping.
H33 runs on a single AWS Graviton4 ARM CPU instance — a c8g.metal-48xl with 192 vCPUs and 377 GiB of RAM. Spot price: roughly $1.80–$2.30 per hour. No GPUs. No specialized accelerators. Just 96 Rayon worker threads running native Rust on ARM Neoverse V2 cores, with Montgomery-form NTT, Harvey lazy reduction, and NEON SIMD intrinsics for Galois key-switching.
The throughput numbers reflect this: H33 sustains 2,172,518 authentications per second on that single CPU node. That's 187.5 billion authentications per day. Per-auth cost: less than $0.000001. Zama achieves 189,000 programmable bootstraps per second on 8×H100s — impressive for TFHE, but roughly 11.5x fewer operations per second on hardware that costs 12x more.
To be clear: this isn't a knock on GPUs or on Zama's approach. TFHE's generality requires the parallel muscle that GPUs provide. But for anyone evaluating FHE solutions for production authentication, identity verification, or biometric matching at scale, the economics of BFV on ARM are difficult to argue with.
What This Means for the Industry
Zama's result matters because it moves the Overton window for FHE. Five years ago, "homomorphic encryption" was an academic curiosity — too slow for anything real, too complex for anyone but PhD researchers. Today, Zama is bootstrapping TFHE ciphertexts in under a millisecond and H33 is running full post-quantum authentication pipelines in 38 microseconds. The field has gone from "theoretically possible" to "production-grade" in half a decade.
The convergence is happening from two directions. Zama is pushing general-purpose FHE toward practical speeds — their fhEVM lets developers write Solidity smart contracts that operate on encrypted data, which is a paradigm shift for blockchain privacy. H33 is pushing domain-specific FHE toward absolute speed limits — purpose-built BFV pipelines that fuse every operation into a single, batched, zero-copy hot path.
Both approaches are needed. Not every problem is a biometric inner product, and not every deployment needs arbitrary circuit evaluation. The market is big enough — and the quantum threat urgent enough — for both philosophies to thrive.
NIST finalized its post-quantum standards in 2024. Federal agencies have a 2035 migration deadline. Every authentication that happens today without post-quantum protection is a harvest-now-decrypt-later liability. Zama and H33 are both building the infrastructure that makes encrypted, quantum-safe computation possible at production speeds. The difference is scope: Zama encrypts computation. H33 encrypts identity. Both are essential.
The Bottom Line
Zama broke the 1-millisecond TFHE bootstrap barrier. That's a landmark result and they should be proud. It demonstrates that general-purpose FHE is approaching practical speeds for blockchain and confidential computing.
H33 processes full post-quantum biometric authentication — FHE inner products, STARK zero-knowledge proofs, Dilithium lattice signatures, and three ML threat agents — at 38.5 microseconds per user on a single ARM CPU. That's 24.5 times faster than a single TFHE bootstrap, while executing four distinct cryptographic layers instead of one.
Two different schemes. Two different missions. One shared conviction: that encrypted computation isn't the future — it's now.
See the full benchmark report: H33 Pipeline Benchmark v10.0