H33 Crypto API Reference | Post-Quantum, FHE, ZKP, MPC

Dilithium (ML-DSA) NIST PQC

NIST FIPS 204 standardized post-quantum digital signatures. Lattice-based security resistant to quantum attacks. Three security levels: ML-DSA-44 (NIST Level 2), ML-DSA-65 (Level 3), ML-DSA-87 (Level 5).

POST /crypto/dilithium/keygen FIPS 204

Generate a new Dilithium keypair for post-quantum digital signatures.

~1ms

Latency

2.5KB

Public Key

4KB

Secret Key

Request

JSON

{
  "security_level": "ML-DSA-65"  // ML-DSA-44 | ML-DSA-65 | ML-DSA-87
}

Response

JSON

{
  "public_key": "base64...",
  "secret_key": "base64...",
  "algorithm": "ML-DSA-65"
}

POST /crypto/dilithium/sign

Sign a message using Dilithium secret key.

~2ms

Latency

3.3KB

Signature Size

Request

JSON

{
  "message": "base64_encoded_message",
  "secret_key": "base64_encoded_secret_key"
}

Response

JSON

{
  "signature": "base64..."
}

POST /crypto/dilithium/verify

Verify a Dilithium signature against a message and public key.

~1ms

Latency

Request

JSON

{
  "message": "base64_encoded_message",
  "signature": "base64_encoded_signature",
  "public_key": "base64_encoded_public_key"
}

Response

JSON

{
  "valid": true
}

Kyber (ML-KEM) NIST PQC

NIST FIPS 203 standardized post-quantum key encapsulation mechanism. Provides quantum-resistant key exchange. Three security levels: ML-KEM-512, ML-KEM-768, ML-KEM-1024.

POST /crypto/kyber/keygen FIPS 203

Generate a new Kyber keypair for quantum-resistant key encapsulation.

~0.5ms

Latency

1.2KB

Public Key

Request

JSON

{
  "security_level": "ML-KEM-768"  // ML-KEM-512 | ML-KEM-768 | ML-KEM-1024
}

Response

JSON

{
  "public_key": "base64...",
  "secret_key": "base64...",
  "algorithm": "ML-KEM-768"
}

POST /crypto/kyber/encapsulate

Encapsulate a shared secret using the recipient's public key.

Request

JSON

{
  "public_key": "base64_encoded_public_key"
}

Response

JSON

{
  "ciphertext": "base64...",
  "shared_secret": "base64..."  // 32 bytes
}

POST /crypto/kyber/decapsulate

Decapsulate the shared secret using your secret key.

Request

JSON

{
  "ciphertext": "base64_encoded_ciphertext",
  "secret_key": "base64_encoded_secret_key"
}

Response

JSON

{
  "shared_secret": "base64..."  // Same 32 bytes as sender
}

Falcon NIST PQC

NIST selected post-quantum signature scheme based on NTRU lattices. Compact signatures with fast verification. Two variants: Falcon-512 (NIST Level 1) and Falcon-1024 (NIST Level 5).

POST /crypto/falcon/keygen

Generate a new Falcon keypair.

~50ms

Latency

897B

Public Key

666B

Signature

Request

JSON

{
  "variant": "Falcon-512"  // Falcon-512 | Falcon-1024
}

POST /crypto/falcon/sign

Sign a message with Falcon. Compact signatures ideal for bandwidth-constrained applications.

POST /crypto/falcon/verify

Verify a Falcon signature. Very fast verification.

FHE - BFV Scheme FHE

Brakerski/Fan-Vercauteren scheme for fully homomorphic encryption over integers. Ideal for exact integer arithmetic on encrypted data. Supports addition and multiplication.

i

Pure Rust Implementation

H33's BFV implementation is written from scratch in pure Rust with zero external crypto dependencies. No SEAL, no Lattigo, no HElib.

POST /fhe/bfv/keygen

Generate BFV encryption keys including public key, secret key, and relinearization key.

<10ms

Pre-pooled

128-bit

Security

Request

JSON

{
  "security_level": "128"  // 128 | 192 | 256
}

Response

JSON

{
  "public_key": "base64...",
  "secret_key": "base64...",
  "relin_key": "base64...",
  "session_id": "uuid..."
}

POST /fhe/bfv/encrypt

Encrypt an integer vector. Supports batching for SIMD-style operations.

<5ms

Latency

8192

Slots

Request

JSON

{
  "plaintext": [1, 2, 3, 4, 5],  // i64 array
  "public_key": "base64..."
}

Response

JSON

{
  "ciphertext": "base64..."
}

POST /fhe/bfv/decrypt

Decrypt a BFV ciphertext back to plaintext integers.

Request

JSON

{
  "ciphertext": "base64...",
  "secret_key": "base64..."
}

Response

JSON

{
  "plaintext": [1, 2, 3, 4, 5]
}

POST /fhe/bfv/add

Homomorphically add two ciphertexts. Result decrypts to sum of plaintexts.

Request

JSON

{
  "ciphertext_a": "base64...",
  "ciphertext_b": "base64..."
}

POST /fhe/bfv/multiply

Homomorphically multiply two ciphertexts. Requires relinearization key to maintain ciphertext size.

<20ms

Latency

5

Max Depth

Request

JSON

{
  "ciphertext_a": "base64...",
  "ciphertext_b": "base64...",
  "relin_key": "base64..."
}

FHE - CKKS Scheme FHE

Cheon-Kim-Kim-Song scheme for fully homomorphic encryption over approximate numbers. Ideal for machine learning and floating-point computations on encrypted data. Supports bootstrapping for unlimited computation depth.

*

Bootstrapping Enabled

Unlike Microsoft SEAL, H33's CKKS implementation supports bootstrapping for unlimited computation depth.

POST /fhe/ckks/keygen

Generate CKKS encryption keys with configurable precision and computation depth.

Request

JSON

{
  "security_level": "128",
  "scale_bits": 40  // Precision: 2^40
}

POST /fhe/ckks/encrypt

Encrypt real numbers (floats) into a CKKS ciphertext.

Request

JSON

{
  "plaintext": [1.5, 2.7, 3.14159, -0.5],  // f64 array
  "public_key": "base64..."
}

POST /fhe/ckks/decrypt

Decrypt a CKKS ciphertext back to approximate real numbers.

POST /fhe/ckks/add

Homomorphically add two CKKS ciphertexts.

POST /fhe/ckks/similarity NEW

Compute encrypted cosine similarity for ML matching. Perfect for biometric feature comparison without decryption.

<50ms

Latency

128-dim

Vector Size

Request

JSON

{
  "encrypted_vector_a": "base64...",
  "encrypted_vector_b": "base64...",
  "relin_key": "base64..."
}

Response

JSON

{
  "encrypted_similarity": "base64..."  // Decrypt to get 0.0-1.0
}

FHE - TFHE Scheme FHE

Torus FHE for fast boolean operations and programmable bootstrapping. Ideal for encrypted comparisons and conditional logic without decryption.

POST /fhe/tfhe/keygen

Generate TFHE encryption keys with bootstrapping keys.

~50ms

Generation

POST /fhe/tfhe/encrypt-bool

Encrypt boolean values for gate operations.

Request

JSON

{
  "value": true,
  "public_key": "base64..."
}

POST /fhe/tfhe/compare

Homomorphically compare two encrypted values. Returns encrypted comparison result.

<10ms

Latency

Request

JSON

{
  "encrypted_a": "base64...",
  "encrypted_b": "base64...",
  "operation": "gt"  // gt | lt | eq | gte | lte
}

POST /fhe/tfhe/threshold

Check if encrypted value exceeds a threshold. Perfect for encrypted access control.

Request

JSON

{
  "encrypted_value": "base64...",
  "threshold": 0.85  // Plaintext threshold
}

ZKP - Groth16 ZKP

Groth16 is the most efficient pairing-based zkSNARK. Constant-size proofs (192 bytes) with fast verification. Requires trusted setup per circuit.

POST /zkp/groth16/prove/identity

Generate a zero-knowledge proof of identity without revealing the identity itself.

<500ms

Proving

192B

Proof Size

<10ms

Verification

Request

JSON

{
  "identity_secret": "base64...",
  "salt": "base64..."
}

Response

JSON

{
  "proof": "base64...",
  "commitment": "base64..."  // Public commitment to identity
}

POST /zkp/groth16/prove/hash-preimage

Prove knowledge of a hash preimage without revealing it.

Request

JSON

{
  "preimage": "base64..."
}

Response

JSON

{
  "proof": "base64...",
  "hash": "base64..."  // Public hash output
}

POST /zkp/groth16/verify

Verify a Groth16 proof against public inputs.

Request

JSON

{
  "proof": "base64...",
  "circuit_type": "identity",  // identity | hash-preimage
  "public_inputs": {
    "commitment": "base64..."
  }
}

Response

JSON

{
  "valid": true
}

GET /zkp/groth16/verifying-key/:circuit_type

Get the verifying key for a circuit. Use for client-side verification.

Response

JSON

{
  "vk": "base64...",
  "circuit_type": "identity"
}

ZKP - PLONK ZKP

PLONK is a universal zkSNARK with a single trusted setup for all circuits. Larger proofs than Groth16 but more flexible. Used for biometric matching proofs.

POST /zkp/plonk/biometric/prove PATENT PENDING

Generate a zero-knowledge proof that biometric features match a reference without revealing the features themselves. H33's patent-pending biometric ZKP.

<2s

Proving

128-dim

Feature Vector

!

Async Operation

This is a heavy operation. Use the optional ws_session_id for real-time progress updates via WebSocket.

Request

JSON

{
  "biometric_features": [0.123, 0.456, ...],  // 128 floats
  "reference_features": [0.124, 0.455, ...],  // 128 floats
  "salt": "base64...",
  "threshold": 0.85,
  "identity_commitment": "base64...",
  "ws_session_id": "optional_websocket_id"
}

Response

JSON

{
  "job_id": "uuid...",
  "ws_url": "wss://api.h33.ai/ws/crypto"
}

// Final result (via WebSocket or polling):
{
  "proof": "base64...",
  "public_inputs": {
    "identity_commitment": "base64...",
    "threshold": 0.85
  },
  "match_result": true  // Whether match exceeds threshold
}

POST /zkp/plonk/biometric/verify

Verify a PLONK biometric proof.

Request

JSON

{
  "proof": "base64...",
  "public_inputs": {
    "identity_commitment": "base64...",
    "threshold": 0.85
  }
}

Response

JSON

{
  "valid": true
}

MPC - Secure Multi-Party Computation MPC

Secure multi-party computation allows multiple parties to jointly compute a function over their inputs while keeping those inputs private.

POST /mpc/session/init

Initialize a new MPC session with specified participants and computation type.

Request

JSON

{
  "participants": 3,
  "threshold": 2,  // t-of-n threshold
  "computation": "sum"  // sum | average | max | min | custom
}

Response

JSON

{
  "session_id": "uuid...",
  "participant_ids": ["p1", "p2", "p3"],
  "public_params": "base64..."
}

POST /mpc/session/:session_id/contribute

Submit an encrypted share to the MPC session.

Request

JSON

{
  "participant_id": "p1",
  "encrypted_share": "base64..."
}

POST /mpc/session/:session_id/compute

Trigger computation once threshold shares are collected. Returns result to all participants.

Response

JSON

{
  "result": 42,  // The computed result
  "proof": "base64..."  // Proof of correct computation
}