BenchmarksStack Ranking
H33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCZKP-AIRZK-TrustlessZK-PhishZK-VerifyZK-ProcurePQ VideoPQC ArchitectureStorage EncryptionAI DetectionEncrypted Search
APIsPricingDocsWhite PaperTokenBlogAbout
Log InGet API Key
STARK Proving System · Post-Quantum Safe
Built on H33-74

H33-ZKP-AIR
A STARK Proving System for Long Evaluation Traces

Goldilocks field. SHA3-256 commitments. FRI polynomial proofs. No trusted setup. Post-quantum secure. Purpose-built for computations that need cryptographic attestation.

Goldilocks
Field (264−232+1)
3ns
Multiply (per op)
<500µs
Verify (all sizes)
None
Trusted Setup
Get API Key Read the Docs
Why ZKP-AIR

A second engine for a different class of proof.

H33's production auth STARK handles short, fixed traces at 2.21M auth/sec. ZKP-AIR handles long, variable-width traces for a fundamentally different workload.

VARIABLE WIDTH
Long evaluation traces
The auth STARK is tuned for 32-row, 7-column traces. ZKP-AIR handles 256 to 65,536+ rows with 3 to 32+ columns. Different geometry, different AIR constraint system, different proving engine. No shared code path means no shared risk.
ISOLATION
No production auth risk
The auth STARK processes billions of verifications per month. Modifying it to support variable-width traces introduces regression risk. ZKP-AIR ships on its own timeline with its own benchmarks, its own security review, and its own release cycle. Zero coupling.
SECOND ENGINE
Powers ZK-Procure and future attestation products
ZKP-AIR is the proving engine behind H33-ZK-Procure — cryptographic procurement intelligence that proves vendor code quality scores without exposing proprietary analysis. It will also power future audit trail attestation, compliance proofs, and supply chain provenance products. One engine, many applications.
Architecture

Two engines. Two purposes.

Auth STARK and ZKP-AIR serve fundamentally different proof geometries. Here is how they compare.

Property Auth STARK (Production) ZKP-AIR (New)
Field BLS12-381 scalar Goldilocks (264−232+1)
Trace Width Fixed (7 columns) Variable (3–32+ columns)
Trace Length 32 rows 256–65,536+ rows
Hash Poseidon + SHA3-256 SHA3-256 (domain-separated)
Commitment FRI (custom) FRI (Winterfell 0.13)
Trusted Setup None None
Post-Quantum Yes (hash-based) Yes (hash-based)
Performance

Sub-millisecond verification at every trace size.

Line-Count AIR (3 columns, 2 transition constraints) — the scoring circuit geometry for H33-ZK-Procure. This is a different circuit from the 7-column biometric auth AIR used in the production authentication pipeline. Benchmarked on AWS Graviton4 (c8g.16xlarge, 64 vCPU, Neoverse V2) and Apple M4 Max. Single-core, release mode, 10 iterations.

Trace Rows Graviton4 Prove M4 Max Prove Graviton4 Verify M4 Max Verify Proof Size
256 2.73 ms 1.98 ms 234 µs 154 µs 18 KB
1,024 12.8 ms 6.65 ms 379 µs 201 µs 31 KB
4,096 58 ms 31 ms 559 µs 306 µs 43 KB
16,384 259 ms 139 ms 616 µs 338 µs 53 KB
65,536 1.13 s 609 ms 785 µs 424 µs 68 KB

Graviton4: c8g.16xlarge (64 vCPU, Neoverse V2). M4 Max: Apple Silicon. Both single-core, release mode. Verification sub-millisecond on both platforms at every trace size. Full methodology & reproducibility details →

Goldilocks Field Operations

Native u64 arithmetic. No big-integer libraries. Modular reduction via shifts and adds.

Multiply
3ns
Per field multiplication
Inverse
271ns
Per field inversion
NTT (65K)
2.2ms
65,536-element transform
Security

Audited. Transparent. Not affected.

ZKP-AIR was audited against the OtterSec Fiat-Shamir vulnerability pattern that impacted six independent zkVM implementations in March 2026.

Not affected by OtterSec pattern
Both H33 STARK engines were audited against the six-criteria Fiat-Shamir vulnerability checklist. ZKP-AIR's transcript implementation follows strict absorb-then-squeeze discipline. Zero pattern matches.
Complete transcript binding
Every commitment — trace, constraint, FRI layer — is absorbed into the SHA3-256 sponge before the dependent challenge is derived. No gaps. No mutable state injection between commit and challenge.
Domain-separated SHA3-256 sponge
Each proof type and protocol step uses a unique prefix. Length-prefixed and labeled hash inputs prevent concatenation collisions and cross-context replay. SHA3-256 provides native length-extension resistance.
DEEP-FRI composition cross-check
FRI verifier independently regenerates query positions from the Fiat-Shamir transcript. Prover-supplied positions are matched against derived positions. Any mismatch causes immediate rejection.
Full audit published
We published the complete Fiat-Shamir audit covering both STARK engines, including two issues found and fixed in the auth STARK. Transparency is the only real security. Read the full audit report →
Advanced STARK Engineering

Three primitives built on the AIR engine.

Production infrastructure for privacy-preserving audit trails, unlinkable proof IDs, and constant-time verification at scale.

Epoch-Evolved Nullifiers
Unlinkable Proof IDs

PRF-based identifiers that rotate per time window. Same proof, different epoch, completely different ID. Prevents correlation of proof submissions across sessions without changing the underlying key.

Proof Re-Randomization
Client-Side Blinding

Client blinds the STARK proof with an ephemeral random factor after receiving it. AES-256-GCM commitment wrapper. The generating server cannot fingerprint the submitted bytes.

Recursive Accumulation
One Proof, Thousands of Events

IVC folding compresses N event proofs into a single constant-size accumulator. O(1) verification regardless of trail length. Merkle inclusion proofs for individual events.

Technical deep dive →
Use Cases

What ZKP-AIR proves.

Long evaluation traces enable a new class of cryptographic attestation — proving complex computations without revealing the inputs.

Procurement
H33-ZK-Procure
Cryptographic procurement intelligence. Prove vendor code quality scores, security posture assessments, and evaluation results without exposing proprietary analysis methodology or the vendor's source code.
Audit Trails
Computation Logs
Prove that computation logs are authentic and unmodified. Generate a STARK proof over the execution trace, then hand the proof to any third party. They verify the log's integrity without re-executing the computation.
Compliance
Regulatory Attestation
Attest to regulatory checks — KYC, AML, sanctions screening, data residency rules — without revealing the underlying personal data. The proof says "compliant" without saying why.
Supply Chain
Provenance Proofs
Prove the provenance of goods, materials, or software components without exposing trade secrets, supplier relationships, or proprietary manufacturing processes. Verifiable, private, post-quantum.
Pricing

Same credits. Same dashboard. Same API.

H33-ZKP-AIR runs on the standardized H33 credit system. Same packs, same dashboard, same API key. No separate billing. No additional accounts. If you already have H33 credits, you can use ZKP-AIR today.

View credit packs and pricing →

Prove computations. Reveal nothing.

Post-quantum STARK proofs for long evaluation traces. Sub-millisecond verification. No trusted setup.

Get Free API Key Explore ZK-Procure Read the Audit
FIPS 203/204 Compliant
128-bit Security
AWS Infrastructure
Verify our benchmarks →
Verify It Yourself