BenchmarksStack Ranking
H33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCZKP-AIRPQC ArchitecturePQ VideoStorage EncryptionAI DetectionEncrypted Search
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key
ZERO EXPOSURE • ENCRYPTED BIOMETRICS

Your Biometric is Never Decrypted. Ever.

Fully homomorphic biometric matching. Templates are encrypted client-side, stored encrypted, and matched in the encrypted domain. 42µs per authentication. The server literally cannot see your face, fingerprint, or voice.

Get API Key → View Docs SDK Integration Guide
42µs
Per Auth
2.21M/sec
At Scale
Zero
Data Exposure
32
Batch Size
ARCHITECTURE

End-to-End Encrypted Biometric Pipeline

From capture to match decision, your biometric template never exists as plaintext on the server. Every step is cryptographically protected.

📱
Step 1
Client Capture
Biometric captured on device. Template extracted as a 128-dimensional feature vector. Stays on the device.
🔒
Step 2
Client Encrypt
Template encrypted with BFV FHE (N=4096). Never leaves the device as plaintext. Only ciphertext is transmitted.
Step 3
Server Match
FHE inner product computes similarity on ciphertexts. SIMD batching packs 32 users per ciphertext.
Step 4
Threshold Decision
Encrypted score compared against threshold. Match/no-match returned. Raw biometric never touched by the server.
THE PROBLEM

Traditional Biometrics Are a Liability

Every traditional biometric system has the same fundamental flaw: the server must decrypt your data to match it. That window of exposure is a window of vulnerability.

💥
Database Breach
Stolen biometrics can't be reset like passwords. Once leaked, they're compromised forever. You cannot change your fingerprint or face.
👁
Server-Side Exposure
Traditional systems decrypt biometrics for matching. Every authentication is a window of vulnerability where raw biometric data exists in server memory.
Regulatory Pressure
GDPR Article 9, CCPA, BIPA — biometric data is the highest-risk personal data category. Non-compliance penalties are severe and growing.
H33 eliminates all three.

FHE means the server provably never sees the biometric. There is no plaintext to steal, no decryption window to exploit, and no raw biometric data to regulate — because it never exists on the server.

PERFORMANCE

Production-Grade Speed

Encrypted biometric matching at speeds that make plaintext systems look slow. Measured on AWS Graviton4 with 96 workers.

42µs
Single Auth Latency
1,109µs / 32 users per batch
2.21M
Auth/sec at Scale
Graviton4, 96 workers
32
Users per Ciphertext
4096 slots ÷ 128 dims
~1.04ms
Constant-Time Batch
Identical for 1 or 32 users
Blink test: 300ms blink ÷ 42µs = 7,142 authentications per blink
API

Biometric Match API

Four endpoints. Encrypt, match, attest. All operating on ciphertexts — the server never touches plaintext biometrics.

POST /v1/fhe/h33-128/encrypt Encrypt biometric template
POST /v1/fhe/h33-128/biometric-match Match encrypted probe against template
POST /v1/fhe/h33-128/dilithium/biometric-match Match + Dilithium attestation
POST /v1/fhe/h33-128/3key/biometric-match Match + 3-Key attestation
Biometric Match Request curl 
# Match an encrypted biometric probe against stored template
curl -X POST https://api.h33.ai/v1/fhe/h33-128/biometric-match \
  -H "Authorization: Bearer h33_sk_..." \
  -H "Content-Type: application/json" \
  -d '{
    "probe_ciphertext": "<base64-encoded FHE ciphertext>",
    "template_id": "usr_8f2a...c41b",
    "threshold": 0.85
  }'

# Response
{
  "match": true,
  "confidence": "above_threshold",
  "latency_us": 48,
  "batch_id": "batch_a9f3...e712",
  "plaintext_exposed": false,
  "fhe_params": {
    "scheme": "BFV",
    "n": 4096,
    "t": 65537,
    "batch_size": 32
  }
}

Also available on H33-256 (/v1/fhe/h33-256/*) for NIST Level 5 security.

SECURITY

Cryptographic Guarantees

Not just "encrypted in transit" or "encrypted at rest." Encrypted during computation. Provably.

📐
Mathematical Proof
FHE guarantees: computing on encrypted data produces the same result as computing on plaintext, then encrypting. The server cannot learn the input. This is not a policy — it is a mathematical property of the cryptosystem.
Constant-Time
All operations are constant-time with respect to secret key material. No timing side channels. Match time is identical regardless of similarity score, preventing oracle attacks.
🌍
Post-Quantum
Lattice-based FHE is inherently quantum-resistant. Add Dilithium attestation for end-to-end post-quantum security. Your biometric data is protected against both classical and quantum adversaries.
📜
Audit Trail
Every match generates a cryptographic audit record. Dilithium-signed, append-only, tamper-evident. Compliance teams get verifiable proof of zero-exposure operations.
USE CASES

Where Encrypted Biometrics Matter

Any application handling biometric data can eliminate its highest-risk liability with a single API integration.

🏢
Access Control
Building entry, secure facilities, server rooms. Biometric access without a centralized plaintext database to breach.
🆔
Identity Verification
KYC, onboarding, re-authentication. Verify identity against enrolled templates without ever exposing the biometric.
🩺
Healthcare
Patient identification in HIPAA environments. Biometric matching that is HIPAA-compliant by construction, not by policy.
🏦
Financial Services
Transaction authorization, account recovery. High-assurance biometric auth for banking and payments.
🏛
Government & Defense
Classified facility access, border control, national ID systems. Sovereign biometric data that never leaves the encrypted domain.
INTEGRATION

Works With Any Biometric Model

Your model extracts the embedding. H33 encrypts and matches it. Pre-built adapters for popular open-source models, plus a generic adapter for any model producing float vectors.

Face · 512-D
ArcFace / InsightFace
L2-normalized float32 vectors. Adapter validates dimension, checks L2 norm in [0.9, 1.1], rejects NaN/zero.
adapter: "arcface"
Voice · 192-D
SpeechBrain ECAPA-TDNN
Speaker verification embeddings. Adapter validates dimension, checks finite, auto L2-normalizes.
adapter: "speechbrain"
Fingerprint · 256-D
SourceAFIS
Spatial-binned minutiae vectors. Client converts CBOR templates to 256-D grid. Adapter L2-normalizes.
adapter: "sourceafis"
Any Model · Any-D
Generic Adapter
NEC NeoFace, Cognitec FaceVACS, custom iris encoders, or any model producing float vectors.
GenericAdapter::new(type, dim)
SDK Integration Guide →
ANTI-SPOOFING

Built-In Liveness Detection

21 attack types detected. Liveness checks run before FHE matching — spoofs never waste compute. Challenge-response verification with configurable risk levels.

🧑
Face Detectors
6 detection layers: Texture analysis, depth estimation, blink detection, movement patterns, moiré pattern detection, micro-expression analysis. Catches printed photos, screen displays, and masks.
🎤
Voice Detectors
4 detection layers: Replay detection (duplicate hash), synthetic speech analysis, frequency spectrum validation, environmental consistency checking. Catches recordings and AI-generated voice.
🤖
Deepfake Detection
Cross-modal analysis: GAN artifact detection, temporal coherence checking, challenge-response verification that deepfakes cannot pass in real-time. Detects face swaps and neural rendering.
SPOOF BLOCKS BEFORE FHE RUNS

If liveness fails, the FHE verification is never executed. Zero compute wasted on attack attempts. Configurable risk levels (low/medium/high) control challenge difficulty.

COMPLIANCE

Regulatory Coverage by Architecture

FHE biometrics satisfy the strictest biometric privacy laws by mathematical guarantee, not by policy promise. The server provably cannot access the biometric data it processes.

BIPA · 740 ILCS 14
Illinois Biometric Information Privacy Act
FHE ciphertexts satisfy all 5 sections: retention & destruction, informed consent, no profiting from biometric data, no unauthorized disclosure, reasonable security standard.
Read BIPA Analysis →
🇪🇺 GDPR · Article 9
EU General Data Protection Regulation
Privacy by design is a mathematical guarantee, not a policy promise. BFV FHE is definitionally Article 25 compliant. Includes DPIA template for customer deployment.
Read GDPR Analysis →
🏴 CCPA / CPRA
California Consumer Privacy Act
Right to deletion via unenroll() API with Dilithium-signed deletion receipt. H33 as service provider stores only BFV ciphertexts.
Read CCPA Analysis →
COMPARISON

H33 vs. Traditional Biometric Providers

Every major biometric provider processes your data in plaintext. H33 is the only platform where biometric data is never decrypted at any stage.

Feature H33 Biometrics AWS Rekognition Azure Face Jumio iProov
Encryption FHE (never decrypted) Plaintext processing Plaintext processing Plaintext processing Plaintext processing
Template storage Encrypted (256KB) Plaintext vectors Plaintext vectors Plaintext images Plaintext
Matching method FHE inner product Cosine similarity Cosine similarity Neural network Liveness + match
Post-quantum ML-DSA-65 attestation No No No No
ZKP verification STARK proofs No No No No
Biometric data exposure Zero (never leaves CT) Full exposure to AWS Full exposure to Azure Full exposure to Jumio Full exposure
BIPA/GDPR compliant By architecture Policy-dependent Policy-dependent Policy-dependent Policy-dependent
Batch throughput 32 users/batch (~967µs) ~200ms/face ~200ms/face ~2-5s/check ~3-8s/check
On-premise option REST API (any infra) AWS only Azure only Cloud only Cloud only
ZERO PLAINTEXT EXPOSURE — BY MATH, NOT POLICY

Every competitor processes biometric data in plaintext on their servers. H33 performs matching entirely on FHE ciphertexts. The server provably cannot access the biometric data it processes.

FAQ
Frequently Asked Questions
How does biometric matching work on encrypted data?
H33 uses BFV fully homomorphic encryption to compute the inner product (cosine similarity) between two biometric vectors while both remain encrypted. The client encrypts their biometric template locally, sends the ciphertext to H33, and the server computes the encrypted distance against stored encrypted templates using FHE arithmetic. The result is an encrypted match score that only the client can decrypt. The server never sees any plaintext biometric data.
What does 42 microseconds per authentication mean in practice?
It means a single biometric verification completes in 0.042 milliseconds. For context, a human eye blink takes about 300 milliseconds, so H33 can perform over 7,000 biometric authentications in the time it takes to blink. At production scale on Graviton4 (96 cores), this translates to over 2.21 million authentications per second. Your users experience zero perceptible latency.
Which biometric types are supported: face, fingerprint, or voice?
All three. H33 accepts any biometric modality that produces a 128-dimensional normalized embedding vector. Face recognition (ArcFace, FaceNet), fingerprint minutiae encoders, and voice print embeddings all output compatible formats. The FHE matching is modality-agnostic because it operates on the embedding vectors, not the raw biometric data. Multi-modal fusion (combining face + fingerprint scores) is also supported.
What happens if the biometric database is breached?
The attacker gets ciphertexts. Every stored biometric template is encrypted with BFV FHE, and the decryption key is held client-side (or distributed via threshold decryption). Without the secret key, the ciphertexts are computationally infeasible to break, even with a quantum computer (lattice-based, NIST Level 1 security). This is fundamentally different from hashed biometrics, which can be attacked with rainbow tables. FHE ciphertexts are semantically secure.
What is the false acceptance rate (FAR) for encrypted matching?
FHE matching produces mathematically identical results to plaintext matching because BFV arithmetic is exact for integers. If your biometric model achieves a FAR of 1-in-1,000,000 on plaintext embeddings, it achieves the same FAR on encrypted embeddings. H33 does not introduce any accuracy degradation. The match threshold is configurable and the encrypted inner product preserves full numerical precision.
How does template enrollment work?
The user captures their biometric (face photo, fingerprint scan, or voice sample) on their device. The client SDK extracts a 128-dimensional embedding, encrypts it with or BFV-64, and sends the ciphertext to H33 via POST /v1/biometric/enroll. The encrypted template is stored in NTT form for fast subsequent matching. Enrollment is a one-time operation per user per biometric modality. Templates can be updated by re-enrolling.
Can FHE biometrics replace passwords entirely?
Yes, and that is the intended use case. FHE biometric authentication provides a passwordless experience where the user simply presents their biometric. Unlike passwords, biometrics cannot be forgotten, shared, or phished. And unlike traditional biometric systems, H33 biometrics cannot be stolen from the server because they are encrypted at all times. For high-security scenarios, combine with a secondary factor (hardware key or PIN) for multi-factor authentication.
Does H33 support liveness detection?
Liveness detection is a client-side responsibility that happens before the biometric embedding is extracted. H33 recommends integrating a certified liveness SDK (such as iProov, FaceTec, or Apple's TrueDepth) on the device to ensure the biometric capture is from a live person and not a photo or deepfake. Once liveness is confirmed, the embedding is encrypted and sent to H33. The liveness result can be included as metadata in the authentication request.
Does the camera or sensor see the plaintext biometric?
Yes, but only on the client device. The camera captures the face image and the on-device model extracts the embedding. The plaintext biometric exists only in device memory for the fraction of a second needed to compute the embedding. The embedding is then encrypted with BFV before leaving the device. The raw image is never transmitted. The plaintext exposure surface is limited to the user's own hardware, which they physically control.
How does H33 handle GDPR biometric data requirements?
Under GDPR, biometric data is a special category requiring explicit consent and strong protection. H33 strengthens compliance because the server processes biometric data exclusively in encrypted form. Article 32 requires "appropriate technical measures" for data protection, and FHE is the strongest possible measure since the data is never decrypted server-side. Data subject access requests can be fulfilled by returning the encrypted template. Right-to-erasure is a simple key deletion, rendering all stored ciphertexts permanently unreadable.
Can I combine biometrics with a cryptographic key for multi-factor?
Yes. H33 supports multi-factor authentication where the biometric match is combined with a Dilithium-signed challenge-response or a hardware token signature. The biometric match runs in the encrypted domain, and the cryptographic factor is verified separately. Both must pass for authentication to succeed. This gives you "something you are" (biometric) plus "something you have" (key) with full post-quantum security on both factors.
How large is an encrypted biometric template?
A single BFV ciphertext is approximately 32 KB. With SIMD batching, one ciphertext holds 32 user templates, so the amortized storage is about ~1 KB per user. Compare this to plaintext embeddings (512 bytes) and the overhead is roughly 2x per user when batched. For a million users, total encrypted storage is approximately 1 GB. Templates are stored in NTT form for instant matching without preprocessing.
Can enrolled templates be updated?
Yes. Call POST /v1/biometric/enroll again with the same user ID and a fresh encrypted template. The old template is overwritten. There is no need to decrypt the old template first. For gradual template aging (biometric drift over time), you can implement a rolling update strategy where each successful authentication also refreshes the stored template. Re-enrollment requires client-side biometric capture and encryption.
Does encrypted biometric matching work offline?
Encryption and decryption are local operations that work offline. However, the homomorphic matching (FHE inner product) runs on H33's cloud servers and requires network connectivity. For offline matching scenarios, the SDK can perform limited on-device FHE operations, but this is constrained by mobile compute resources. The recommended architecture is encrypt-offline, match-online, decrypt-offline.
Can H33 biometrics integrate with existing identity providers?
Yes. H33 biometrics can serve as an authentication factor within OIDC, SAML, or FIDO2 flows. The typical integration pattern is: your identity provider calls the H33 biometric verification API as a step in the authentication pipeline. H33 returns an encrypted match result with Dilithium attestation. Your IdP decrypts (or delegates decryption to the client) and makes the access decision. SDKs include middleware for Auth0, Okta, and Azure AD.

Start Building Encrypted Biometrics

One API call. Zero biometric exposure. Post-quantum secure. Drop-in integration with any biometric pipeline.

Get API Key SDK Integration Guide API Documentation View Pricing
Verify It Yourself