BenchmarksStack Ranking
H33-VaultH33-ShareH33-ShieldH33-HealthH33-KeyH33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCZK-TrustlessZK-PhishZK-VerifyPQC ArchitecturePQ Video
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key
MAXIMUM SECURITY • NIST LEVEL 5

256-Bit Post-Quantum Security.
NIST Level 5.

BFV with N=32768 polynomial degree. Exceeds AES-256 equivalent difficulty under quantum attack. For government, defense, SCIF environments, and data that must remain secure for decades.

32,768
Polynomial Degree
256
Users / Ciphertext
256-bit
Security Level
Level 5
NIST Classification
Get API Key → View Docs
Comparison

H33-128 vs H33-256

The same API. The same pipeline. Dramatically higher security margin.

ParameterH33-128H33-256
Polynomial degree (N)4,09632,768
Ciphertext modulus (Q)56-bit237-bit
Plaintext modulus (t)65,53765,537
SIMD slots32256
Security level128-bit (NIST L1)256-bit (NIST L5)
Auth latency (single)1.36ms5.98ms
Dilithium variantML-DSA-65ML-DSA-87
Quantum resistanceAES-128 equivAES-256 equiv
Quantum Timeline

Future-Proof by Design

The quantum threat is not hypothetical. It is a matter of when, not if.

2030+
Quantum Threshold Approaches
Large fault-tolerant quantum computers could begin threatening 128-bit lattice security. Shor's algorithm derivatives and quantum lattice-sieving advances put NIST Level 1 parameters on a tighter timeline than originally projected.
2040+
256-Bit Remains Unbreakable
Grover's algorithm on AES-256 still requires 2128 operations — effectively unbreakable even with mature quantum hardware. H33-256's lattice parameters maintain equivalent hardness under the strongest known quantum attacks.
Long-Lived Data
Decades of Protection
Credentials, identity documents, medical records, classified intelligence — anything that must remain secure for 20+ years demands 256-bit encryption today. Harvest-now-decrypt-later attacks make this urgent, not optional.
The cost of upgrading later is orders of magnitude higher than starting with 256-bit today.
API

Three Tiers — All with ML-DSA-87

H33-256 uses ML-DSA-87 (Dilithium5) for Tier 2 and Tier 3 — matching the 256-bit FHE security level end-to-end.

FHE Endpoints

POST/v1/fhe/h33-256/keygen
POST/v1/fhe/h33-256/encrypt
POST/v1/fhe/h33-256/decrypt
POST/v1/fhe/h33-256/add
POST/v1/fhe/h33-256/multiply
POST/v1/fhe/h33-256/inner-product
POST/v1/fhe/h33-256/biometric-match
GET/v1/fhe/h33-256/health
Example — Generate Keys
curl -X POST https://api.h33.ai/v1/fhe/h33-256/keygen \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"security_level": 256}'

FHE + ML-DSA-87 Endpoints

POST/v1/fhe/h33-256/dilithium/keygen
POST/v1/fhe/h33-256/dilithium/encrypt
POST/v1/fhe/h33-256/dilithium/decrypt
POST/v1/fhe/h33-256/dilithium/add
POST/v1/fhe/h33-256/dilithium/multiply
POST/v1/fhe/h33-256/dilithium/inner-product
POST/v1/fhe/h33-256/dilithium/biometric-match
POST/v1/fhe/h33-256/dilithium/sign
POST/v1/fhe/h33-256/dilithium/verify
GET/v1/fhe/h33-256/dilithium/health
Example — Encrypt with ML-DSA-87 Attestation
curl -X POST https://api.h33.ai/v1/fhe/h33-256/dilithium/encrypt \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"plaintext": [1,0,1,...], "public_key": "..."}'

FHE + H33-3-Key (ML-DSA-87 Middle Key) Endpoints

POST/v1/fhe/h33-256/3key/keygen
POST/v1/fhe/h33-256/3key/encrypt
POST/v1/fhe/h33-256/3key/decrypt
POST/v1/fhe/h33-256/3key/add
POST/v1/fhe/h33-256/3key/multiply
POST/v1/fhe/h33-256/3key/inner-product
POST/v1/fhe/h33-256/3key/biometric-match
POST/v1/fhe/h33-256/3key/sign
POST/v1/fhe/h33-256/3key/verify
GET/v1/fhe/h33-256/3key/health
Example — 3-Key Biometric Match
curl -X POST https://api.h33.ai/v1/fhe/h33-256/3key/biometric-match \
  -H "Authorization: Bearer $H33_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"ciphertext_a": "...", "ciphertext_b": "...", "threshold": 0.85}'
Included with every API call
H33 Noise Pilot

Maximum Security. Maximum Headroom.

H33-256's N=32,768 ring dimension provides 4× more computational headroom than H33-128. Noise Pilot leverages this margin to deliver deeper circuits and longer-lived ciphertexts.

Extended Noise Margin
N=32,768 with 880-bit modulus chain delivers ~180 bits of noise budget — enough for 16+ multiplicative depth without bootstrapping.
NIST L5 Parameter Optimization
Noise Pilot auto-selects the modulus chain length to hit your target circuit depth while maintaining 256-bit post-quantum security.
Quantum-Safe Noise Floor
Noise margins account for future lattice algorithm improvements. Your encrypted data stays safe for decades, not years.
AI Health at 256-bit
Same 0.52µs AI Crypto Health monitoring, tuned for the deeper parameter space of H33-256. Catches anomalies before they matter.
Compliance

Built for Regulated Environments

H33-256 meets the highest bar for cryptographic compliance in government and enterprise deployments.

🛡
NIST Level 5
Highest NIST post-quantum security level. 256-bit classical + quantum security. Exceeds AES-256 equivalent under known quantum attacks.
📜
HE Standard v1.1
Full compliance with the Homomorphic Encryption Standard (v1.1). Parameter sets validated against HElib, SEAL, and PALISADE reference implementations.
🔐
FIPS 140-3 Ready
Cryptographic module architecture designed for FIPS 140-3 Level 2+ validation. DRBG, key management, and self-test subsystems aligned to CMVP requirements.
FedRAMP Pathway
Infrastructure and controls mapped to FedRAMP High baseline. Authorization boundary documentation in progress for federal cloud deployment.
Use Cases

Where H33-256 Deploys

Maximum security for the environments where compromise is not an option.

🏛
Government & SCIF
🛡
Defense & Intelligence
🏦
Financial Settlement
💳
Long-Lived Credentials
Critical Infrastructure
FAQ

Frequently Asked Questions

What makes H33-256 "Level 5" security?
H33-256 uses BFV homomorphic encryption with a polynomial degree of N=32768, which exceeds the AES-256 equivalent difficulty under quantum attack. NIST Level 5 means an attacker needs at least 2256 operations to break the encryption, even with a large-scale quantum computer.
How does H33-256 differ from H33-128?
H33-128 uses N=4096 (128-bit security), optimized for throughput at ~967µs per batch. H33-256 uses N=32768 (256-bit security), optimized for maximum protection at ~5.98ms per batch. Both share the same API, the same pipeline, and the same response format.
What is the performance overhead vs H33-128?
H33-256 is approximately 6× slower per batch (5.98ms vs 967µs) due to 8× larger polynomials. Use H33-128 for high-throughput workloads and H33-256 for classified or defense environments where security margin is the priority.
Which attestation algorithm does H33-256 use?
ML-DSA-87 (Dilithium Level 5) — the highest NIST post-quantum digital signature level. H33-128 uses ML-DSA-65 (Level 3). Every batch is signed and verified with the corresponding attestation tier.
What use cases require H33-256?
Government and defense (SCIF environments), classified data processing, financial records with 30+ year retention requirements, and healthcare data under HIPAA where long-term confidentiality is legally mandated.
Can I switch between H33-128 and H33-256 without code changes?
Yes. Set security_level: "h33-256" in the API call. The pipeline, endpoints, and response format are identical. No SDK changes, no key rotation, no migration.
What is the "harvest now, decrypt later" threat?
Adversaries capture encrypted data today with the intent to decrypt it using future quantum computers. H33-256's 256-bit security margin provides decades of protection against this attack vector, even under optimistic quantum scaling assumptions.
How does noise management differ at N=32768?
Larger polynomials support deeper computation circuits but generate more noise per operation. H33-256 uses aggressive mod-switching and larger ciphertext modulus chains to manage noise growth while preserving correctness across the full pipeline.
Is H33-256 FIPS 140-3 compliant?
H33-256 uses NIST-standardized ML-KEM-1024 for key encapsulation and ML-DSA-87 for digital signatures. Full FIPS 140-3 certification is in progress. All cryptographic primitives align with the NIST PQC final standards published in 2024.
What is the ciphertext size for H33-256?
Each ciphertext is approximately 2MB (vs ~256KB for H33-128) due to the 8× larger polynomial degree. Batch processing amortizes this across 32 users, and the API handles serialization and transport automatically.
TECHNICAL DEEP DIVES

Go Deeper

🔐 NIST LEVEL 5
128-bit vs 256-bit Encryption: When You Need Maximum Security
Why governments and defense require 256-bit — the math behind NIST Level 5 and when 128-bit isn't enough.
Read Full Article →
🛡️ THREAT
Harvest Now, Decrypt Later: Why 256-bit Matters
Adversaries capturing traffic today need exponentially more qubits to attack 256-bit. Future-proof your archives.
Read Full Article →
🏥 HEALTHCARE
Quantum-Resistant Healthcare Encryption
Long-retention medical records need long-term protection. H33-256 delivers NIST Level 5 for multi-decade data.
Read Full Article →

Start Building With H33-256

256-bit post-quantum security. One API call. The same interface as H33-128.

Get API Key →
Verify It Yourself