Your Data Is Never Decrypted.
Not During Auth. Not During Matching. Not Ever.
Fully Homomorphic Encryption lets H33 verify your identity by computing directly on encrypted data. The server never sees your plaintext — because it never needs to.
Every Other Auth System Has a Fatal Flaw
Traditional biometric authentication has a fundamental design flaw: to compare your biometric against a stored template, the system must decrypt both.
That moment of decryption — even if it lasts only milliseconds — is when your biometric data can be intercepted, copied, or stolen. Unlike a password, you cannot change your fingerprint or face.
Every major biometric breach exploits this same window.
H33 eliminates the decryption window entirely. Matching happens on ciphertext. Your biometric template is never reconstituted as plaintext on the server.
One Problem, Three Solutions
H33 built three purpose-built FHE libraries from scratch — 23,296 lines of Rust, zero external dependencies. Each optimized for a different workload.
- Biometric authentication (face, fingerprint, iris)
- Identity verification and document matching
- Encrypted database comparisons
Under the Hood
t=65537, N=4096. NTT-form enrolled templates skip the forward transform in multiply_plain_accumulate. Pre-NTT public key eliminates clone+NTT per encrypt.
- ML inference on encrypted patient data
- Encrypted credit scoring and risk analysis
- Privacy-preserving analytics and aggregation
Under the Hood
ckks_bridge.rs, 613 lines) auto-switches between Turbo (N=4096, fast) and Precision (N=16384, deep) contexts with ~1.7ms one-time context switch cost. Rescaling for noise management across levels.
- On-device biometric auth (iPhone, Android)
- Edge computing and IoT authentication
- Low-power / battery-constrained environments
Under the Hood
vmull_u32 for 4-lane ARM NEON SIMD on Apple Silicon (M1–M4). Polynomial<u32> → Ntt32 → BfvContext32 pipeline. Serialization normalizes to shared ciphertext wire format so the server can use 64-bit BfvContext with AVX-512.
Authentication Without Decryption
A single API call. Four cryptographic operations. Your plaintext never touches the server.
The server processes your auth request without ever reconstructing your biometric as plaintext.
23,296 Lines of Proprietary Cryptographic Infrastructure
Every H33 FHE library runs on a shared engine of optimized primitives — all written from scratch in Rust with zero external FHE dependencies.
The Fastest FHE — Verified on AWS Graviton4
c8g.metal-48xl · 192 vCPUs · 377 GiB · ARM NEON · February 2026
How H33 Compares
For teams evaluating FHE implementations, here is how H33 stacks up against the two most common alternatives.
vs. Microsoft SEAL — Operation Benchmarks
| Operation | Microsoft SEAL | H33-FHE | H33 Advantage |
|---|---|---|---|
| BFV Multiply (n=16k) | 180ms | 45ms | 4× faster |
| Relinearize | 90ms | 25ms | 3.6× faster |
| Key Switch | 90ms | 25ms | 3.6× faster |
| NTT (n=64k) | 3.5ms | <1ms | 3.5× faster |
| CKKS Multiply (n=16k) | 50ms | 20ms | 2.5× faster |
| FHE Schemes | BFV + CKKS | BFV + CKKS + BFV32 | 3 integrated |
| Bootstrapping | Not supported | Full CKKS bootstrap | Unlimited depth |
| GPU Acceleration | CPU only | CUDA + Metal | Multi-platform |
vs. Zama — The Commercial Alternative
- SpeedBaseline
- License$100K–$500K+
- Token$ZAMA required
- StackFHE only
- Speed~100× faster
- License$0. Ever.
- TokenNone
- StackFHE + ZK + PQ + Bio
10M Operations / Year
The Engineering Behind the Speed
For engineers and cryptographers who want to understand why H33 is architecturally faster — not just benchmarked faster.
Eliminates expensive RNS ↔ BigInt conversions using Bajard et al.'s scaling technique. All operations stay in residue number system representation. bajard_rns.rs (766 lines).
Result: 4× faster multiply
Radix-4 butterfly with twiddles in Montgomery form. Values stay in [0,2q) between stages — single final reduction. Pre-NTT pk0 at keygen. INTT post-processing fusion: precomputed fused_inv_mont (3 REDC → 2). ntt.rs (1,549 lines) + montgomery.rs (654 lines).
Result: 3.5× faster transforms
Full bootstrapping via Chebyshev polynomial approximation for unlimited computation depth. Hybrid bridge (ckks_bridge.rs, 613 lines) auto-switches between Turbo (N=4096) and Precision (N=16384) contexts. ckks.rs (2,786 lines).
Result: Unlimited multiplicative depth
4096 slots ÷ 128 biometric dimensions = 32 users per ciphertext. CRT condition: t=65537, N=4096 (ψ=6561). Template storage: 32MB/user → 256KB/user (128× reduction). Batch verify is constant time: ~1.04ms for 1–32 users.
Result: Amortized cost of ~50µs per auth
Shamir secret sharing over BFV secret keys. k-of-n threshold — each party computes a partial decryption (noisy share). Lagrange interpolation mod q. SHA3-256 attestation hash per partial decryption. threshold.rs (1,006 lines).
Result: No single party ever sees the plaintext
ARM NEON: branchless Galois permutation, vectorized key-switch (galois_neon.rs, 384 lines). x86_64 AVX-512: 8 coefficients per instruction. CUDA: GPU NTT offload for batch workloads (1,610 lines). Metal: Apple Silicon compute shaders (542 lines). BFV32: native vmull_u32 4-lane SIMD for mobile.
Result: Platform-optimal performance everywhere
Arena allocators for zero allocation in hot path. Speculative execution engine for parallel parameter evaluation. Batch attestation: 1 Dilithium sign+verify per 32-user batch (31× savings). Batch CBD sampling: 1 RNG call per 10 coefficients (5× faster). Montgomery domain persistence across the full pipeline.
Result: Production-grade from day one
Deploy Encrypted Authentication Today
One API call. Full post-quantum security. Your data never decrypted.
View Per-Auth Pricing →