Fully homomorphic encryption allows computation on data that is never decrypted. Not during processing, not during transit, not at rest. Five proprietary FHE engines. Intelligent routing. Production-grade on ARM64 Graviton4.
Fully homomorphic encryption (FHE) is the ability to perform arbitrary computations on encrypted data and get an encrypted result that, when decrypted, is identical to the result of performing those same computations on the original plaintext. The server that processes your data never sees it. The network that transports the results never sees them. The only party that can read the output is the keyholder who encrypted the input.
This sounds like a theoretical curiosity, but it solves a fundamental problem in modern computing: how do you outsource computation without outsourcing trust? When you send medical records to a cloud service for analysis, that service sees the records. When you send financial data to a fraud detection model, that model sees the data. When you send biometric templates to an authentication server, that server stores your face. FHE eliminates all of this exposure.
The mathematical foundation of FHE was established by Craig Gentry in 2009. Since then, multiple FHE schemes have been developed, each optimized for different types of computation. H33 implements the three most important schemes -- BFV, CKKS, and TFHE -- as separate, purpose-built engines, and adds intelligent routing to select the right engine for each workload.
BFV operates on integers and provides exact results. When you encrypt the number 42 and perform operations on it under BFV, you get back exactly 42 (or whatever the correct result is), not 41.99997. This makes BFV the right choice for operations where precision matters absolutely: biometric template matching, access control decisions, database lookups, and threshold comparisons.
H33's BFV engines are H33-128 (N=4096, 56-bit modulus, NIST equivalent security) and H33-256 (N=8192, higher security margin for long-term confidentiality). The H33-128 engine is the production workhorse, processing 32-user biometric batches in 943 microseconds. H33-256 trades throughput for a larger security margin when the data being protected has a multi-decade confidentiality requirement.
CKKS is designed for computations where approximate results are acceptable -- machine learning inference, statistical analysis, signal processing, and financial modeling. CKKS encodes floating-point numbers into polynomial rings and maintains a controlled level of approximation through the computation. The results are not exact, but the error is bounded and predictable.
H33-CKKS achieves 61ms per encrypted multiply and 333ms per encrypted dot product on Graviton4 hardware. For AI inference workloads, CKKS allows a model to classify encrypted inputs without ever seeing the data. The model owner never learns what was classified. The data owner never reveals their inputs. The only thing that changes hands is an encrypted prediction.
H33-TFHE operates at the bit level. Instead of encrypting numbers or vectors, TFHE encrypts individual bits and performs boolean logic gates (AND, OR, XOR, NOT) on them. Programmable bootstrapping allows TFHE to evaluate arbitrary functions on encrypted bits while refreshing the noise budget, enabling unbounded circuit depth.
H33's TFHE engine achieves 768 TPS for 8-bit greater-than comparisons across 96 parallel channels. For 16-bit equality checks, throughput reaches 769 TPS. The GPU-accelerated variant (on NVIDIA A10G) reaches 1,129 TPS with 1.0% noise matching CPU exactness. TFHE is the engine of choice for fine-grained access control, encrypted boolean queries, and cryptographic function evaluation.
Most organizations do not have FHE engineers on staff. Choosing between BFV, CKKS, and TFHE requires understanding ring dimensions, noise budgets, modulus chains, bootstrapping strategies, and the interaction between circuit depth and ciphertext growth. FHE-IQ eliminates this complexity.
FHE-IQ is H33's automatic scheme selection engine. Given a computation request (the operation type, input data characteristics, precision requirements, and latency budget), FHE-IQ analyzes the workload and routes it to the optimal engine. A biometric matching request goes to H33-128 (BFV). An ML inference request goes to H33-CKKS. A boolean circuit evaluation goes to H33-TFHE. Developers interact with a single API endpoint; FHE-IQ handles the cryptographic engineering.
FHE has a reputation for being impractical. H33's benchmarks, measured on Graviton4 c8g.metal-48xl hardware under sustained load, demonstrate otherwise:
| Engine | Operation | Latency | Notes |
|---|---|---|---|
| H33-128 (BFV) | 32-user biometric batch | 943 us | Production pipeline, inner product |
| H33-256 (BFV) | Single encrypted multiply | ~2.1 ms | Higher security margin |
| H33-CKKS | Encrypted multiply | 61 ms | Graviton4, floating-point |
| H33-CKKS | Encrypted dot product | 333 ms | Graviton4, ML inference |
| H33-TFHE (CPU) | 8-bit GT, 96 channels | 768 TPS | Throughput, not latency |
| H33-TFHE (GPU) | Multi-bit bootstrapping | 1,129 TPS | A10G, 1.0% noise |
H33's biometric authentication runs entirely under FHE. The biometric template is encrypted on the client device. The encrypted template is sent to the server. The server performs matching against encrypted enrolled templates. The match/no-match decision is computed on encrypted data. The server never sees the biometric. If the server is compromised, attackers get ciphertexts that are computationally indistinguishable from random noise.
Patient records encrypted under FHE can be analyzed for clinical decision support, insurance eligibility verification, and population health analytics without any party seeing the underlying PHI. This eliminates the HIPAA exposure window that exists in every current healthcare data pipeline. The data is never decrypted for processing -- period.
Credit scoring on encrypted financial records. Fraud detection on encrypted transaction streams. Portfolio analytics on encrypted positions. Every computation happens on ciphertext. The results are encrypted. Only the authorized party decrypts the output. No data sharing agreements. No clean rooms. No trust boundaries to manage.
Run machine learning models on encrypted inputs. The model owner never sees the data. The data owner never reveals their inputs. The only thing exchanged is an encrypted prediction. This enables AI deployment in regulated industries (healthcare, finance, government) where data cannot leave the organization's encryption boundary.
| Property | FHE (H33) | TEE (SGX/Nitro) | MPC |
|---|---|---|---|
| Data exposure during compute | Never decrypted | Decrypted inside enclave | Secret-shared (partial exposure) |
| Hardware trust required | None | Intel/AMD/ARM manufacturer | None (but network model) |
| Side-channel resistance | Mathematical (no side channels) | Vulnerable (Spectre, Foreshadow, PlunderVolt) | Network-level leakage possible |
| Single-server operation | Yes | Yes | No (multi-party required) |
| Post-quantum security | Lattice-based (inherently PQ) | Depends on attestation scheme | Protocol-dependent |
| Computation flexibility | Arbitrary (with scheme selection) | Arbitrary (native code) | Limited by protocol rounds |
| Performance overhead | 10-1000x vs plaintext | 1-2x vs plaintext | 10-100x vs plaintext |
| Attestation of non-exposure | Provable (mathematical) | Not provable (trust hardware) | Provable under network model |
FHE's overhead is higher than TEEs, but the security guarantee is categorically stronger. TEEs trust hardware; FHE trusts mathematics. For regulated data where breach liability is existential, the performance cost is justified by the elimination of trust assumptions.
FHE allows computations on encrypted data without ever decrypting it. The result, when decrypted, is identical to performing the same computation on plaintext. A server can process your data without ever seeing it.
BFV operates on integers for exact computation (biometrics, access control). CKKS operates on approximate floating-point numbers (ML inference, statistics). TFHE operates at the bit level using programmable bootstrapping (boolean circuits, fine-grained gates). H33 implements all three as separate engines.
H33-128 (BFV) processes 32-user batches in 943 microseconds on Graviton4. H33-CKKS achieves 61ms multiply and 333ms dot product. H33-TFHE achieves 768 TPS for 8-bit comparisons across 96 channels, and 1,129 TPS on GPU.
FHE-IQ analyzes operation type, precision requirements, and performance constraints, then routes computation to the optimal FHE engine. Developers use a single API endpoint; FHE-IQ handles cryptographic scheme selection automatically.
TEEs protect data by isolating computation in secure hardware but require trusting the hardware manufacturer and have been subject to side-channel attacks. FHE provides mathematical guarantees: data is never decrypted during computation. No hardware trust assumption required.
Test encrypted computation through the live API. Encrypt data client-side, send ciphertexts, receive encrypted results. The server never sees your data.