Benchmarks Docs Pricing Blog About
Log In Get API Key

Zero-Knowledge Authentication API

Prove identity without revealing data. H33 generates ZK-STARK proofs in 2.0 microseconds and verifies them in 0.2 microseconds — no trusted setup, SHA3-256 post-quantum secure, integrated with FHE biometrics and Dilithium signatures.

Get Free API Key See Benchmarks
2.0µs
Proof Generation
0.2µs
Proof Verification
SHA3-256
Hash Function
None
Trusted Setup
How It Works

Authentication Without Data Exposure

Traditional authentication sends credentials to a server for comparison. ZK authentication proves credential validity without transmitting the credentials themselves.

Prover

Client-Side Proof Generation

The user’s device generates a ZK-STARK proof that it possesses valid credentials matching the enrolled template. The proof is a compact cryptographic object — it proves knowledge of the secret without containing the secret. Generated in 2.0µs on commodity hardware.

Verifier

Server-Side Proof Verification

H33’s server receives only the proof — never the credentials. It verifies the proof in 0.2µs using SHA3-256 hash commitments. If the proof is valid, the user is authenticated. The server learns nothing about the underlying data except that it is valid.

FHE Layer

Encrypted Biometric Binding

For biometric authentication, H33 combines ZK proofs with FHE. The biometric template is matched entirely in encrypted space (BFV lattice FHE), and the ZK proof attests to the match result. The server never sees the biometric — it only verifies the cryptographic proof of match.

PQ Attest

Dilithium Attestation

After ZK verification, H33 signs the attestation with ML-DSA (Dilithium) — a NIST FIPS 204 post-quantum digital signature. The attestation is unforgeable even by quantum computers. It chains ZK proof + FHE result + Dilithium signature into a single verifiable token.

Technology Comparison

STARKs vs SNARKs — Why H33 Chose STARKs

Both are zero-knowledge proof systems. The security properties differ significantly.

Property SNARKs H33 STARKs
Trusted Setup Required — ceremony compromise breaks all proofs Not required — transparent, hash-derived parameters
Post-Quantum Security No — relies on elliptic curve pairings Yes — SHA3-256 hash-based, lattice-hard
Proof Size ~200 bytes (smaller) ~4 KB (larger, but PQ-secure)
Verification Speed ~1–3ms (pairing operations) 0.2µs (hash-only verification)
Proving Speed 10–100ms (elliptic curve scalar mul) 2.0µs (optimized hash pipeline)
Quantum Attack Surface Shor’s algorithm breaks discrete-log assumption No known quantum speedup for hash preimage
Audit Complexity Requires trusting ceremony participants Fully auditable — public parameters only
Full Pipeline

H33 ZK Authentication Pipeline — ~38.5µs Per Auth

Four stages, one API call. Every stage is post-quantum secure.

Stage 1
939µs

FHE Biometric Match

BFV inner product on 32 encrypted templates per ciphertext

Stage 2
2.0µs

ZK-STARK Prove

Generate proof of valid match from encrypted result

Stage 3
0.2µs

ZK-STARK Verify

DashMap cached lookup for repeat proofs, hash verify for new

Stage 4
291µs

Dilithium Attest

ML-DSA sign + verify for post-quantum attestation token

Developer Experience

ZK Authentication in One Call

Prove identity, verify the proof, and receive a post-quantum attestation — all in one API call.

H33 — Zero-Knowledge Authentication 
// ZK auth: prove identity without exposing any data
const result = await h33.authenticate({
  biometric: capturedTemplate,         // Encrypted client-side
  proofType: 'zk-stark',               // SHA3-256 based
  securityLevel: 'h33-128',
  mode: 'standard'
});

// result.verified      → true / false
// result.zkProof       → ZK-STARK proof (SHA3-256)
// result.attestation   → Dilithium-signed attestation
// result.proofTime     → 2.0µs (prove) + 0.2µs (verify)
//
// Server NEVER sees biometric data
// Server NEVER sees credential plaintext
// Verifier receives only: valid / invalid + PQ attestation

// Verify the attestation independently
const valid = await h33.verifyAttestation({
  attestation: result.attestation,
  publicKey: h33PublicKey               // Dilithium public key
});
// valid → true (ML-DSA signature verified)
FAQ

Frequently Asked Questions

What is zero-knowledge authentication?
Zero-knowledge authentication allows a user to prove their identity without revealing any underlying data to the verifier. Instead of sending a password or biometric to a server for comparison, the user generates a cryptographic proof that they possess valid credentials. The server verifies the proof without ever seeing the credentials themselves. H33 uses ZK-STARK proofs for this purpose, achieving proof generation in 2.0 microseconds and verification in 0.2 microseconds.
What is the difference between STARKs and SNARKs?
SNARKs (Succinct Non-interactive Arguments of Knowledge) require a trusted setup ceremony — if the ceremony is compromised, the entire proof system is broken. They also typically rely on elliptic curve pairings vulnerable to quantum computers. STARKs (Scalable Transparent Arguments of Knowledge) require no trusted setup and are based on hash functions (SHA3-256 in H33’s case), making them post-quantum secure. H33 uses STARKs exclusively for these security advantages.
How fast is H33 ZK authentication?
H33 generates ZK-STARK proofs in approximately 2.0 microseconds and verifies them in approximately 0.2 microseconds. When combined with FHE biometric matching (939µs per 32-user batch) and Dilithium attestation (291µs), the full authentication pipeline completes in approximately 38.5 microseconds per user. These benchmarks were measured on AWS Graviton4 (c8g.metal-48xl) with 96 workers.
Why does no trusted setup matter?
A trusted setup requires a group of participants to generate shared cryptographic parameters and then destroy their secret inputs. If any participant retains their secret, they can forge proofs. This is a systemic risk — especially for authentication systems protecting millions of users. H33’s ZK-STARKs are transparent: the proof system parameters are derived entirely from public randomness (SHA3-256 hashes), so there is no secret to compromise.
How does ZK authentication compare to traditional MFA?
Traditional MFA sends additional factors (OTP codes, push notifications, biometrics) to a server for verification. The server sees these factors in plaintext. ZK authentication proves possession of valid factors without transmitting them. H33 combines ZK proofs with FHE biometric matching — the server verifies that you are who you claim to be without ever seeing your biometric data, password, or any credential material. It is fundamentally more private than any traditional MFA approach.
Can ZK authentication integrate with existing identity providers?
Yes. H33’s ZK authentication API operates as the cryptographic verification layer. You can place it behind any identity provider (Auth0, Okta, Azure AD, custom) to add zero-knowledge proof verification to existing authentication flows. The identity provider handles user management, session management, and social login. H33 handles the cryptographic proof that the user’s credentials are valid — without exposing them.

Authenticate Without Exposing Data

ZK-STARK proofs. FHE biometrics. Dilithium attestation. One API call.
Get Free API Key Read Documentation
1,000 free authentications per month. No credit card required.