H33 Crypto API Reference

Dilithium (ML-DSA) NIST PQC

NIST FIPS 204 standardized post-quantum digital signatures. Lattice-based security resistant to quantum attacks. Three security levels: ML-DSA-44 (NIST Level 2), ML-DSA-65 (Level 3), ML-DSA-87 (Level 5).

POST /crypto/dilithium/keygen FIPS 204

Generate a new Dilithium keypair for post-quantum digital signatures.

~1ms

Latency

2.5KB

Public Key

4KB

Secret Key

Request

JSON

{
  "security_level": "ML-DSA-65"  // ML-DSA-44 | ML-DSA-65 | ML-DSA-87
}

Response

JSON

{
  "public_key": "base64...",
  "secret_key": "base64...",
  "algorithm": "ML-DSA-65"
}

POST /crypto/dilithium/sign

Sign a message using Dilithium secret key.

~2ms

Latency

3.3KB

Signature Size

Request

JSON

{
  "message": "base64_encoded_message",
  "secret_key": "base64_encoded_secret_key"
}

Response

JSON

{
  "signature": "base64..."
}

POST /crypto/dilithium/verify

Verify a Dilithium signature against a message and public key.

~1ms

Latency

Request

JSON

{
  "message": "base64_encoded_message",
  "signature": "base64_encoded_signature",
  "public_key": "base64_encoded_public_key"
}

Response

JSON

{
  "valid": true
}

Kyber (ML-KEM) NIST PQC

NIST FIPS 203 standardized post-quantum key encapsulation mechanism. Provides quantum-resistant key exchange. Three security levels: ML-KEM-512, ML-KEM-768, ML-KEM-1024.

POST /crypto/kyber/keygen FIPS 203

Generate a new Kyber keypair for quantum-resistant key encapsulation.

~0.5ms

Latency

1.2KB

Public Key

Request

JSON

{
  "security_level": "ML-KEM-768"  // ML-KEM-512 | ML-KEM-768 | ML-KEM-1024
}

Response

JSON

{
  "public_key": "base64...",
  "secret_key": "base64...",
  "algorithm": "ML-KEM-768"
}

POST /crypto/kyber/encapsulate

Encapsulate a shared secret using the recipient's public key.

Request

JSON

{
  "public_key": "base64_encoded_public_key"
}

Response

JSON

{
  "ciphertext": "base64...",
  "shared_secret": "base64..."  // 32 bytes
}

POST /crypto/kyber/decapsulate

Decapsulate the shared secret using your secret key.

Request

JSON

{
  "ciphertext": "base64_encoded_ciphertext",
  "secret_key": "base64_encoded_secret_key"
}

Response

JSON

{
  "shared_secret": "base64..."  // Same 32 bytes as sender
}

Falcon NIST PQC

NIST selected post-quantum signature scheme based on NTRU lattices. Compact signatures with fast verification. Two variants: Falcon-512 (NIST Level 1) and Falcon-1024 (NIST Level 5).

POST /crypto/falcon/keygen

Generate a new Falcon keypair.

~50ms

Latency

897B

Public Key

666B

Signature

Request

JSON

{
  "variant": "Falcon-512"  // Falcon-512 | Falcon-1024
}

POST /crypto/falcon/sign

Sign a message with Falcon. Compact signatures ideal for bandwidth-constrained applications.

POST /crypto/falcon/verify

Verify a Falcon signature. Very fast verification.

FHE - BFV Scheme FHE

Brakerski/Fan-Vercauteren scheme for fully homomorphic encryption over integers. Ideal for exact integer arithmetic on encrypted data. Supports addition and multiplication.

i

Pure Rust Implementation

H33's BFV implementation is written from scratch in pure Rust with zero external crypto dependencies. No SEAL, no Lattigo, no HElib.

POST /fhe/bfv/keygen

Generate BFV encryption keys including public key, secret key, and relinearization key.

<10ms

Pre-pooled

128-bit

Security

Request

JSON

{
  "security_level": "128"  // 128 | 192 | 256
}

Response

JSON

{
  "public_key": "base64...",
  "secret_key": "base64...",
  "relin_key": "base64...",
  "session_id": "uuid..."
}

POST /fhe/bfv/encrypt

Encrypt an integer vector. Supports batching for SIMD-style operations.

<5ms

Latency

8192

Slots

Request

JSON

{
  "plaintext": [1, 2, 3, 4, 5],  // i64 array
  "public_key": "base64..."
}

Response

JSON

{
  "ciphertext": "base64..."
}

POST /fhe/bfv/decrypt

Decrypt a BFV ciphertext back to plaintext integers.

Request

JSON

{
  "ciphertext": "base64...",
  "secret_key": "base64..."
}

Response

JSON

{
  "plaintext": [1, 2, 3, 4, 5]
}

POST /fhe/bfv/add

Homomorphically add two ciphertexts. Result decrypts to sum of plaintexts.

Request

JSON

{
  "ciphertext_a": "base64...",
  "ciphertext_b": "base64..."
}

POST /fhe/bfv/multiply

Homomorphically multiply two ciphertexts. Requires relinearization key to maintain ciphertext size.

<20ms

Latency

5

Max Depth

Request

JSON

{
  "ciphertext_a": "base64...",
  "ciphertext_b": "base64...",
  "relin_key": "base64..."
}

FHE - CKKS Scheme FHE

Cheon-Kim-Kim-Song scheme for fully homomorphic encryption over approximate numbers. Ideal for machine learning and floating-point computations on encrypted data. Supports bootstrapping for unlimited computation depth.

*

Bootstrapping Enabled

Unlike Microsoft SEAL, H33's CKKS implementation supports bootstrapping for unlimited computation depth.

POST /api/v1/fhe/ckks/init NEW

Create a new CKKS session with encryption keys and context. Returns session_id for subsequent operations.

Request

JSON

{
  "security_level": "q-128",  // q-dev, q-128, q-256
  "scale_bits": 40,            // Precision: 2^40
  "poly_modulus_degree": 8192  // Ring dimension
}

Response

JSON

{
  "session_id": "ckks_abc123...",
  "public_key": "base64...",
  "relin_key": "base64...",
  "galois_keys": "base64...",
  "max_slots": 4096
}

POST /api/v1/fhe/ckks/encrypt

Encrypt float vectors into a CKKS ciphertext. Supports batching up to max_slots values.

Request

JSON

{
  "session_id": "ckks_abc123...",
  "plaintext": [1.5, 2.7, 3.14159, -0.5]  // f64 array
}

Response

JSON

{
  "ciphertext": "base64...",
  "scale": 1099511627776  // 2^40
}

POST /api/v1/fhe/ckks/decrypt

Decrypt a CKKS ciphertext to float values. Returns approximate real numbers.

Request

JSON

{
  "session_id": "ckks_abc123...",
  "ciphertext": "base64..."
}

Response

JSON

{
  "plaintext": [1.4999998, 2.7000001, 3.1415899, -0.5000001]
}

POST /api/v1/fhe/ckks/compute NEW

Perform homomorphic operations on encrypted data. Supports add, sub, multiply, multiply_lazy, rescale, relinearize, and dot_product.

7

Operations

<1ms

Per Op

Request

JSON

{
  "session_id": "ckks_abc123...",
  "operation": "multiply",  // add, sub, multiply, multiply_lazy, rescale, relinearize, dot_product
  "ciphertext_a": "base64...",
  "ciphertext_b": "base64..."  // Optional for unary ops
}

Response

JSON

{
  "result": "base64...",
  "scale": 1208925819614629174706176,  // After multiply: 2^80
  "needs_rescale": true
}

Operations

Op	Description	Notes
`add`	Element-wise addition	Scales must match
`sub`	Element-wise subtraction	Scales must match
`multiply`	Element-wise multiplication	Auto-relinearizes
`multiply_lazy`	Multiply without relin	Faster, defer relin
`rescale`	Reduce scale after multiply	Required after mult
`relinearize`	Reduce ciphertext size	After multiply_lazy
`dot_product`	Vector dot product	Uses rotations

POST /api/v1/fhe/ckks/dot-product NEW

Fused dot product with automatic rescaling. Optimized for ML inference — computes inner product of encrypted vectors in a single call.

<5ms

128-dim

Auto

Rescale

Request

JSON

{
  "session_id": "ckks_abc123...",
  "ciphertext_a": "base64...",  // Encrypted vector A
  "ciphertext_b": "base64..."   // Encrypted vector B
}

Response

JSON

{
  "result": "base64...",  // Encrypted scalar (dot product)
  "scale": 1099511627776
}

*

Optimized for Biometrics

Perfect for encrypted face embedding comparison. Compute similarity scores without ever decrypting the biometric data.

POST /fhe/ckks/similarity NEW

Compute encrypted cosine similarity for ML matching. Perfect for biometric feature comparison without decryption.

<50ms

Latency

128-dim

Vector Size

Request

JSON

{
  "encrypted_vector_a": "base64...",
  "encrypted_vector_b": "base64...",
  "relin_key": "base64..."
}

Response

JSON

{
  "encrypted_similarity": "base64..."  // Decrypt to get 0.0-1.0
}

ZKP - ZK-STARK ZKP

ZK-STARK is H33's production ZK proof system. Circle STARK over M31 field with Poseidon2 hash, optimized for authentication: <20ms (async) prove, 2.09ns (cached) verify, ~180KB proofs. Post-quantum safe. No trusted setup.

POST /zkp/stark/prove PRODUCTION

Generate a ZK-STARK zero-knowledge proof. Prove statements about data without revealing it. Circle STARK over M31 field with Poseidon2 hash, optimized for authentication workloads. Post-quantum safe, no trusted setup.

<20ms

Prove Time (async)

~180KB

Proof Size

2.09ns

Verify Time (cached)

Request

JSON

{
  "statement": "identity",  // identity | age | credential | hash-preimage
  "private_inputs": {
    "secret": "base64...",
    "salt": "base64..."
  },
  "public_inputs": {
    "commitment": "base64..."
  }
}

Response

JSON

{
  "proof": "base64...",  // ~180KB
  "public_inputs": {
    "commitment": "base64..."
  },
  "prove_time_ms": 18.2
}

POST /zkp/stark/verify

Verify a ZK-STARK proof against public inputs. 2.09ns cached verification.

Request

JSON

{
  "proof": "base64...",
  "statement": "identity",
  "public_inputs": {
    "commitment": "base64..."
  }
}

Response

JSON

{
  "valid": true,
  "verify_time_ns": 2.09
}

MPC - Secure Multi-Party Computation MPC

Secure multi-party computation allows multiple parties to jointly compute a function over their inputs while keeping those inputs private.

POST /mpc/session/init

Initialize a new MPC session with specified participants and computation type.

Request

JSON

{
  "participants": 3,
  "threshold": 2,  // t-of-n threshold
  "computation": "sum"  // sum | average | max | min | custom
}

Response

JSON

{
  "session_id": "uuid...",
  "participant_ids": ["p1", "p2", "p3"],
  "public_params": "base64..."
}

POST /mpc/session/:session_id/contribute

Submit an encrypted share to the MPC session.

Request

JSON

{
  "participant_id": "p1",
  "encrypted_share": "base64..."
}

POST /mpc/session/:session_id/compute

Trigger computation once threshold shares are collected. Returns result to all participants.

Response

JSON

{
  "result": 42,  // The computed result
  "proof": "base64..."  // Proof of correct computation
}