The server computes the match. The server never sees the biometric. BFV fully homomorphic encryption ensures zero plaintext exposure at every stage of the authentication pipeline.
Every biometric authentication system in production today works the same way: the client captures a biometric, sends it to a server, and the server compares it against a stored template. The server sees the biometric. The server stores the template. If the server is breached, every biometric in its database is exposed permanently.
Biometrics are not passwords. You cannot rotate them. You cannot revoke them. You cannot issue a new fingerprint. A biometric database breach is an irreversible identity compromise for every person in that database.
H33 eliminates this exposure entirely. The biometric is encrypted on the client before it leaves the device. The server performs the match computation on encrypted data. The server never sees, stores, or processes a plaintext biometric at any point in the pipeline.
The critical step is step 6. The server does not decrypt the similarity score. It does not learn whether the biometric matched or how closely it matched. It produces a signed assertion that the encrypted computation resulted in a value above the configured threshold. The assertion itself is signed with three independent post-quantum signature schemes based on three independent hardness assumptions.
The SignedMatchAssertion is the proof. It proves that a match occurred without revealing the biometric, the template, or the score. It is verifiable by any party with the public key. It is anchored to the attestation hash chain and, through that chain, to Bitcoin mainnet.
The security of this architecture depends on a clean separation between what the client knows and what the server knows. Neither party has enough information to compromise the system alone.
| Component | Client | Server |
|---|---|---|
| Raw biometric | Yes | Never |
| Feature vector (plaintext) | Yes | Never |
| BFV secret key | Yes | Never |
| Encrypted feature vector | Yes | Yes |
| Encrypted stored template | No | Yes (ciphertext only) |
| Encrypted similarity score | No | Yes (ciphertext only) |
| Match threshold | Yes | Yes (public parameter) |
| SignedMatchAssertion | Yes | Yes |
A server breach exposes nothing usable. An attacker who compromises the server obtains encrypted templates and encrypted scores. Without the client's BFV secret key, these are computationally indistinguishable from random noise. The security guarantee is based on the Learning With Errors (LWE) lattice hardness assumption — the same assumption that underpins NIST post-quantum standards.
H33 uses the BFV (Brakerski/Fan-Vercauteren) fully homomorphic encryption scheme for biometric matching. BFV operates on integer polynomial rings and supports both addition and multiplication on encrypted data without decryption.
The biometric matching operation is an inner product: the dot product of the encrypted feature vector with the encrypted template. BFV computes this inner product entirely on ciphertext. The result is an encrypted scalar value representing the similarity score.
The H33-128 parameter set uses a polynomial ring degree of N=4096 with a single 56-bit ciphertext modulus and a plaintext modulus of t=65537. This configuration is optimized for the biometric inner product workload: it provides sufficient multiplicative depth for the computation while keeping ciphertext sizes small enough for high-throughput batch processing.
Each ciphertext packs 32 biometric feature vectors using SIMD batching. This means 32 users are authenticated in a single FHE operation, amortizing the cost of polynomial multiplication across the batch.
All numbers measured on AWS Graviton4 c8g.metal-48xl (192 vCPUs, ARM), sustained.
| Stage | Latency | % of Pipeline |
|---|---|---|
| FHE batch (32 users) | 943 microseconds | 70% |
| Batch attestation (SHA3 + Dilithium sign + verify) | 391 microseconds | 29% |
| ZKP cached lookup | 0.358 microseconds | <1% |
| Total (32-user batch) | 1,345 microseconds | 100% |
| Per authentication | 42 microseconds |
At 42 microseconds per authentication, the full pipeline — FHE biometric match, post-quantum signature, and zero-knowledge proof verification — processes 2,293,766 authentications per second on a single machine. No GPU. No specialized hardware. Standard ARM CPUs.
The FHE batch dominates at 70% of pipeline latency. The attestation stage (Dilithium signing and verification) accounts for 29%. The ZKP cached lookup is negligible at less than 1%.
The attacker obtains encrypted templates and encrypted scores. These are BFV ciphertexts — indistinguishable from random noise without the secret key. The secret key never leaves the client. The templates are useless.
The attacker captures encrypted feature vectors in transit. These are the same BFV ciphertexts. Without the secret key, the attacker cannot determine the biometric, the identity, or even whether two captures are from the same person.
The attacker replays a captured ciphertext. The SignedMatchAssertion includes a timestamp and sequence number bound to the attestation hash chain. Replayed assertions fail chain verification. The server detects the replay.
BFV is based on the Learning With Errors (LWE) lattice hardness assumption. No known quantum algorithm efficiently solves LWE. The biometric data is protected against both classical and quantum adversaries.
The SignedMatchAssertion is the output of the biometric verification pipeline. It is a cryptographically signed statement that says: "An encrypted biometric comparison was performed, and the encrypted similarity score exceeded the configured threshold." It does not contain the biometric. It does not contain the score. It contains the proof that a match occurred.
The assertion is signed using three independent post-quantum signature schemes based on three independent hardness assumptions: MLWE lattices, NTRU lattices, and hash-based signatures. Breaking the assertion requires simultaneously breaking all three. The assertion is then chained into the tenant's SHA3-256 attestation hash chain and anchored to Bitcoin mainnet.
7 patents pending. 300+ patent claims. The encrypted biometric pipeline, the SignedMatchAssertion mechanism, and the FHE-to-attestation chain are protected by pending patent applications covering the full verification architecture.