AIR
Proof Lab
StartEcosystem
Explore (579)Live Systems (52)Pricing
Log InGet API Key✓ Verify It Yourself
Category-defining

How to Sign Encrypted Computation Without Decrypting It

FHE computes on encrypted data. But signature systems need plaintext. This forces decryption — exposing the data you encrypted to protect. H33-74 solves this permanently. 74 bytes. Fixed size. Three PQ signature families. Bitcoin-anchorable.

Verifying an encrypted computation is a supporting expression of Verification, the discipline that renders the independent verdict. Verification is the act of a third party re-checking an artifact offline — trusting no one — and returning valid or invalid. Here, a verifier re-checks the 74-byte attestation against the ciphertext it commits to and returns that verdict — without ever decrypting the data.

Why this exists: an encrypted result is opaque, so trust must travel with it in a form anyone can re-check without access to the plaintext. Note the division of labor: H33-74 produces the attestation (the evidence); Verification renders the verdict on it. Verification does not record or monitor the result (HATS), does not govern the decision (Agent-008), and does not score maturity (HICS). SHA3-256, ML-DSA, FALCON and SLH-DSA are external NIST-track standards H33 uses, not primitives it owns.

The gap

The Fundamental Problem With Encrypted Computation

Fully Homomorphic Encryption is the most important cryptographic advance of the last decade. It lets you compute on encrypted data without decrypting it. The server never sees your plaintext.

But there is a gap that every FHE system ignores.

When the computation finishes, you have an encrypted result. That result is correct — FHE guarantees it mathematically. But how do you prove to a third party that the result was computed correctly? How do you sign it?

The problem: Every digital signature algorithm — RSA, ECDSA, Dilithium, FALCON, SPHINCS+ — operates on plaintext (or a hash of plaintext). To sign an FHE result, you must first decrypt it. The moment you decrypt, you create a plaintext window. The data you encrypted to protect is now exposed in memory, on disk, or in transit to the signing service.

This is not a theoretical concern. It is the reason FHE adoption has stalled in regulated industries. Banks, healthcare providers, and government agencies cannot adopt a system that claims "zero plaintext exposure" if the attestation step requires decryption.

H33-74 eliminates this gap. It commits to the encrypted result directly — hashes the ciphertext, not the plaintext — and signs that hash under three independent post-quantum signature families. Trust moves with the encrypted result. The data never leaves encryption.

How it works
Commit, Hash, Sign — on Ciphertext
H33-74 operates on the encrypted result. No decryption at any step.
Step 1
Commit
Bind the encrypted result to computation metadata: type, domain, timestamp. This creates a unique commitment to this specific computation.
Step 2
Hash
SHA3-256 hash of the commitment + encrypted result. The hash is a 32-byte fingerprint of the entire computation, computed on ciphertext.
Step 3
Sign
Sign the hash under ML-DSA-65, FALCON-512, and SLH-DSA. Three PQ families. The signatures are compressed into a 32-byte commitment.
Result
74 Bytes
Fixed-size substrate. 32 bytes on Bitcoin mainnet (OP_RETURN). 42 bytes in Cachee. Verifiable forever. Patent pending (Claims 124-125).
Anatomy
The H33-74 Byte Layout
Every attestation is exactly 74 bytes. Fixed size regardless of what was computed, how many users were in the batch, or how large the ciphertext was.
74 Bytes Total
type
1B
domain
1B
timestamp
8B
data_hash (SHA3-256)
32B
sig_commitment
32B
32 bytes on Bitcoin
42 bytes in Cachee
On-chain (32 bytes)
Anchored to Bitcoin mainnet via OP_RETURN. No soft fork required. Immutable. Publicly verifiable by any Bitcoin full node.
Off-chain (42 bytes)
Stored in Cachee with the full PQ signature bundle (ML-DSA-65, FALCON-512, SLH-DSA). Retrievable via substrate ID for full verification.
Why it matters
Trust Moves With the Result
H33-74 decouples trust from decryption. The attestation travels with the encrypted result, verifiable by any party, without exposing the data.
Without H33-74
Encrypted result is opaque. To verify it, someone must decrypt it. Decryption exposes plaintext. Trust requires access to the data.
With H33-74
Encrypted result carries a 74-byte attestation. Anyone can verify the attestation. Nobody needs to decrypt. Trust is embedded in the result.
377 μs full verification latency
Use cases
Where Encrypted Attestation Matters

Encrypted Biometrics

Biometric templates are matched under FHE. The match result is attested under H33-74 without decrypting either template. The attestation proves the match occurred and is PQ-signed — the biometric data never leaves encryption.

FHE Credit Scoring

Financial data is scored under FHE. The score is attested without exposing the underlying income, debt, or transaction data. Lenders verify the attestation, not the data. Compliant by construction.

AI Model Output Attestation

An AI model runs inference on encrypted input. The output is attested under H33-74, proving the model produced this specific result from this specific input — without revealing the input, the weights, or the output.

Court-Admissible Audit Trails

Every computation is PQ-signed and Bitcoin-anchored. The attestation chain is independently verifiable years later, even if H33 no longer exists. The timestamp is Bitcoin-provable. The signatures are quantum-resistant.

Go deeper
Explore the Stack
FAQ
Verification · What the verdict means
What does Verification render for an encrypted computation?

An independent verdict: a verifier re-checks the 74-byte attestation against the ciphertext it commits to and against the three PQ signature families, then returns valid or invalid. It renders this without decrypting the data and without trusting H33 — the attestation travels with the encrypted result.

What does a valid verdict mean — and not mean?

A valid verdict means the attestation reproduces and validates: the signatures verify and the commitment matches the ciphertext presented. It does not mean the computation's inputs were correct, that the system is secure, or that any regulation is satisfied — those are separate properties. Verification confirms the attestation checks out, not that the world it describes is good.

How is Verification different from H33-74?

H33-74 produces the attestation — it commits, hashes, and signs the ciphertext. Verification renders the verdict on that attestation by re-checking it. Producing evidence and rendering a verdict on it are distinct roles; this page is where they meet.

When should I use it?

Use it wherever a third party must confirm an encrypted result was computed as claimed without seeing the plaintext — encrypted biometrics, FHE credit scoring, AI output attestation, court-admissible audit trails. Verification does not record or monitor those results (HATS) or govern the decision behind them (Agent-008).

Start Attesting Without Decrypting

74 bytes. Three PQ signatures. Bitcoin-anchorable. Get an API key and attest your first encrypted computation in minutes.