STARK Proving System · Post-Quantum Safe

H33-ZKP-AIR
A STARK Proving System for Long Evaluation Traces

Related · tier-1 reading. For what a portable artifact actually is, see Portable Artifact.

Goldilocks field. SHA3-256 commitments. FRI polynomial proofs. No trusted setup. Post-quantum secure. Purpose-built for computations that need cryptographic attestation.

Goldilocks

Field (2⁶⁴−2³²+1)

3ns

Multiply (per op)

<500µs

Verify (all sizes)

None

Trusted Setup

Get API Key Read the Docs

Why ZKP-AIR

A second engine for a different class of proof.

H33's production auth STARK handles short, fixed traces at 2.21M auth/sec. ZKP-AIR handles long, variable-width traces for a fundamentally different workload.

VARIABLE WIDTH

Long evaluation traces

The auth STARK is tuned for 32-row, 7-column traces. ZKP-AIR handles 256 to 65,536+ rows with 3 to 32+ columns. Different geometry, different AIR constraint system, different proving engine. No shared code path means no shared risk.

ISOLATION

No production auth risk

The auth STARK processes billions of verifications per month. Modifying it to support variable-width traces introduces regression risk. ZKP-AIR ships on its own timeline with its own benchmarks, its own security review, and its own release cycle. Zero coupling.

SECOND ENGINE

Powers ZK-Procure and future attestation products

ZKP-AIR is the proving engine behind H33-ZK-Procure — cryptographic procurement intelligence that proves vendor code quality scores without exposing proprietary analysis. It will also power future audit trail attestation, compliance proofs, and supply chain provenance products. One engine, many applications.

Architecture

Two engines. Two purposes.

Auth STARK and ZKP-AIR serve fundamentally different proof geometries. Here is how they compare.

Property	Auth STARK (Production)	ZKP-AIR (New)
Field	BLS12-381 scalar	Goldilocks (2⁶⁴−2³²+1)
Trace Width	Fixed (7 columns)	Variable (3–32+ columns)
Trace Length	32 rows	256–65,536+ rows
Hash	Poseidon + SHA3-256	SHA3-256 (domain-separated)
Commitment	FRI (custom)	FRI (Winterfell 0.13)
Trusted Setup	None	None
Post-Quantum	Yes (hash-based)	Yes (hash-based)

Performance

Sub-millisecond verification at every trace size.

Line-Count AIR (3 columns, 2 transition constraints) — the scoring circuit geometry for H33-ZK-Procure. This is a different circuit from the 7-column biometric auth AIR used in the production authentication pipeline. Benchmarked on AWS Graviton4 (c8g.16xlarge, 64 vCPU, Neoverse V2) and Apple M4 Max. Single-core, release mode, 10 iterations.

Trace Rows	Graviton4 Prove	M4 Max Prove	Graviton4 Verify	M4 Max Verify	Proof Size
256	2.73 ms	1.98 ms	234 µs	154 µs	18 KB
1,024	12.8 ms	6.65 ms	379 µs	201 µs	31 KB
4,096	58 ms	31 ms	559 µs	306 µs	43 KB
16,384	259 ms	139 ms	616 µs	338 µs	53 KB
65,536	1.13 s	609 ms	785 µs	424 µs	68 KB

Graviton4: c8g.16xlarge (64 vCPU, Neoverse V2). M4 Max: Apple Silicon. Both single-core, release mode. Verification sub-millisecond on both platforms at every trace size. Full methodology & reproducibility details →

Goldilocks Field Operations

Native u64 arithmetic. No big-integer libraries. Modular reduction via shifts and adds.

Multiply

3ns

Per field multiplication

Inverse

271ns

Per field inversion

NTT (65K)

2.2ms

65,536-element transform

Security

Audited · Frozen · Replayable.

ZKP-AIR was audited against the OtterSec Fiat-Shamir vulnerability pattern that impacted six independent zkVM implementations in March 2026. The protocol is now frozen and independently replayable.

Canonical Transcript Binding

Every commitment is absorbed into the transcript before dependent challenges are derived.

The verifier freezes:

→ transcript byte layout
→ domain separators
→ AIR identifiers
→ challenge ordering
→ FRI configuration semantics

Serialization drift immediately breaks CI.

Deterministic Conformance Verification

The H33 reference verifier includes:

→ canonical transcript vectors
→ deterministic challenge vectors
→ malformed-proof corpora
→ replay integrity classification
→ structured rejection semantics

Independent implementations can deterministically verify compatibility against frozen vectors — without contacting H33 infrastructure.

Adversarial Hardening

The verifier deterministically rejects:

→ swapped FRI layers

→ tampered commitments

→ invalid query positions

→ malformed OOD evaluations

→ truncated proofs

→ mismatched AIR identifiers

All malformed proofs produce deterministic rejection codes and replay classifications.

Independent Verifier Consensus

        Proof
          ↓
   Verifier A —┐
   Verifier B —┼— IDENTICAL RESULT
   Verifier C —┘

Deterministic replay across independent implementations.

Full Fiat-Shamir audit published. Complete audit covering both STARK engines, including two issues found and fixed in the auth STARK. Transparency is the only real security. Read the full audit report →

Advanced STARK Engineering

Three primitives built on the AIR engine.

Production infrastructure for privacy-preserving audit trails, unlinkable proof IDs, and constant-time verification at scale.

Epoch-Evolved Nullifiers

Unlinkable Proof IDs

PRF-based identifiers that rotate per time window. Same proof, different epoch, completely different ID. Prevents correlation of proof submissions across sessions without changing the underlying key.

Proof Re-Randomization

Client-Side Blinding

Client blinds the STARK proof with an ephemeral random factor after receiving it. AES-256-GCM commitment wrapper. The generating server cannot fingerprint the submitted bytes.

Recursive Accumulation

One Proof, Thousands of Events

IVC folding compresses N event proofs into a single constant-size accumulator. O(1) verification regardless of trail length. Merkle inclusion proofs for individual events.

Technical deep dive →

Use Cases

What ZKP-AIR proves.

Long evaluation traces enable a new class of cryptographic attestation — proving complex computations without revealing the inputs.

Procurement

H33-ZK-Procure

Cryptographic procurement intelligence. Prove vendor code quality scores, security posture assessments, and evaluation results without exposing proprietary analysis methodology or the vendor's source code.

Audit Trails

Computation Logs

Prove that computation logs are authentic and unmodified. Generate a STARK proof over the execution trace, then hand the proof to any third party. They verify the log's integrity without re-executing the computation.

Compliance

Regulatory Attestation

Attest to regulatory checks — KYC, AML, sanctions screening, data residency rules — without revealing the underlying personal data. The proof says "compliant" without saying why.

Supply Chain

Provenance Proofs

Prove the provenance of goods, materials, or software components without exposing trade secrets, supplier relationships, or proprietary manufacturing processes. Verifiable, private, post-quantum.

Pricing

Same credits. Same dashboard. Same API.

H33-ZKP-AIR runs on the standardized H33 credit system. Same packs, same dashboard, same API key. No separate billing. No additional accounts. If you already have H33 credits, you can use ZKP-AIR today.

View credit packs and pricing →

Prove computations. Reveal nothing.

Post-quantum STARK proofs for long evaluation traces. Sub-millisecond verification. No trusted setup.

Get Free API Key Explore ZK-Procure Read the Audit

FIPS 203/204 Compliant

128-bit Security

AWS Infrastructure

Verify our benchmarks →

H33-ZKP-AIR A STARK Proving System for Long Evaluation Traces