BenchmarksStack RankingH33 FHEH33 ZKAPIsPricingPQCTokenDocsWhite PaperBlogAboutSecurity Demo
Log InGet API Key
Blog / Key Pool Architecture
Performance

Key Pool Architecture: 104x Speedup for Post-Quantum Crypto

January 30, 2026 6 min read

Post-quantum key generation is expensive. ML-KEM (Kyber) keygen takes 33.3µs. Dilithium keygen takes 36.6µs. For high-throughput applications processing millions of requests per second, these microseconds add up fast.

Our solution: pre-generated key pools. By generating keys in advance during idle time, we reduce effective keygen latency to sub-microsecond levels—a 79-104x improvement.

104x
Signature Pool Speedup
96x
Dilithium Pool Speedup
79x
ML-KEM Pool Speedup

The Problem with On-Demand Keygen

Consider a typical authentication flow:

  1. User initiates authentication
  2. Generate ephemeral Dilithium keypair (36.6µs)
  3. Sign challenge (45µs)
  4. Verify signature (36.9µs)
  5. Generate ML-KEM keypair for session (33.3µs)
  6. Establish encrypted channel (72.6µs)

Key generation alone accounts for 70µs—nearly 30% of a complete authentication. At scale, this becomes the bottleneck.

How Key Pools Work

The key insight is that cryptographic key generation doesn't need user-specific input. Keys are random—we can generate them in advance.

// Traditional approach: generate on demand
let keypair = dilithium::keygen();  // 36.6µs

// Pool approach: grab pre-generated key
let keypair = key_pool.acquire();   // 0.35µs

Our pool architecture:

  • Background generation: Dedicated threads continuously generate keys during idle periods
  • Lock-free queues: MPMC queues allow concurrent access without blocking
  • Adaptive sizing: Pool size adjusts based on request rate and key consumption
  • Secure memory: Keys are stored in mlock'd memory, never swapped to disk

Benchmark Results

January 2026 benchmarks on AWS c8g.metal-48xl (AWS Graviton4, 96 cores):

Operation Direct Pool Speedup
ML-KEM Keygen 33.3 µs 0.42 µs 79x
Dilithium Keygen 36.6 µs 0.38 µs 96x
Signature Pool Keygen 36.6 µs 0.35 µs 104x

Throughput Impact

The throughput improvements are dramatic:

Operation Single Thread With Pool 64-Core Max
ML-KEM Keygen 30,030 ops/sec 2.38M ops/sec 152M ops/sec
Dilithium Keygen 27,322 ops/sec 2.63M ops/sec 168M ops/sec

152 Million Keys Per Second

With key pooling and 64 cores, H33 can generate 152 million ML-KEM keypairs per second. That's enough to handle the authentication needs of virtually any application at any scale.

Security Considerations

Pre-generating keys doesn't compromise security:

  • Keys are ephemeral: Pool keys are used once then destroyed
  • CSPRNG seeding: Each key uses fresh randomness from the system CSPRNG
  • Memory protection: Keys are stored in secure, non-swappable memory
  • No key reuse: Each key is acquired atomically and never returned to the pool

When to Use Key Pools

Key pools are most beneficial when:

  • You need ephemeral keys for each request (authentication, key exchange)
  • Throughput requirements exceed 10,000+ ops/second
  • Latency budgets are tight (<1ms total)
  • You have available CPU cycles during idle periods

For long-term identity keys that are generated once and used repeatedly, direct generation is fine—the 33-37µs overhead happens only once.

Experience 104x Faster Key Generation

Key pooling is enabled by default on all H33 API endpoints.

Get Started

Related Articles

Post-Quantum
ML-KEM (Kyber): Key Encapsulation
Post-Quantum
Dilithium Digital Signatures
Performance
From Milliseconds to Microseconds