Technical Deep Dive

Under the Hood —
Without Giving Away the Engine

FHEnom for AI™ is built on proprietary cryptographic research — not a wrapper around open-source FHE libraries. Here's what we can share about the technology, the validation, and the security posture.

Proprietary Cryptographic Foundation

Built on a Novel Mathematical Construction

FHEnom for AI™'s encryption is not derived from existing open-source FHE schemes (TFHE, BGV, CKKS, BFV). It is a novel, proprietary cryptographic construction whose security reduces to the Closest Vector Problem (CVP) — a well-studied lattice problem known to be resistant to both classical and quantum attack. The scheme itself is proprietary — not published, not open-source, not replicable from public research.

Where existing FHE schemes introduce computational noise that degrades output quality, or require expensive bootstrapping operations that destroy performance, FHEnom for AI™'s underlying mathematical construction avoids these limitations entirely.

Deterministic

FP32 mode produces bit-exact, word-for-word identical outputs to the plaintext model. Encryption adds security — not noise.

Quantum-Resistant

Security reduces to the CVP, which is inherently resistant to quantum attack by mathematical design. No post-quantum migration required.

Trade Secret Protected

The cryptographic scheme and mathematical construction are proprietary — protected as an industrial secret, not a patent. The scheme reduces to CVP; it is not derived from it. This is the moat.

Closing the Last Gap

Encrypted Tokenizer Pair

Most encryption approaches protect the model weights but leave the tokenizer in plaintext. This is a critical blind spot — the tokenizer converts human-readable text into token IDs and back. If the tokenizer is unencrypted, anyone with infrastructure access can read every prompt and every response.

FHEnom for AI™ replaces the standard tokenizer with a symmetric pair of encrypted tokenizers when the model is placed in service. The Encryption Tokenizer (pipeline stage 2) converts prompts into encrypted token sequences — no plaintext tokens are ever generated on the infrastructure. The Decryption Tokenizer (pipeline stage 4) performs the inverse: converting encrypted tensor outputs from inference back into encrypted token sequences for client-side decryption. There is no point in the pipeline where text exists in readable form.

This also closes the prompt injection attack surface. The Encryption Tokenizer only processes encrypted inputs with valid cryptographic signatures — unsigned or tampered inputs are rejected before they reach the model.

Independent Verification

Third-Party Validated Performance

FHEnom for AI™'s performance claims are not self-reported. Inference benchmarks have been independently conducted and verified by a leading xPU manufacturer — confirming that encrypted and plaintext inference deliver identical results with negligible overhead.

Benchmark Results
0.66ms
Total encrypt + decrypt overhead for 4K tokens
0μs
Inference latency difference vs. plaintext
100%
Output accuracy — bit-exact match in FP32

Performance independently verified by a third-party xPU manufacturer. Full benchmark results to be published shortly.

Honest Threat Modeling

Attack Surface Analysis

No security product should claim invulnerability. Here's an honest assessment of what FHEnom for AI™ defends against and where the trust boundaries are.

Defended

Side-channel attacks (SGAxe, Æpic, CIPHERLEAKS) — no plaintext exists to leak.

Data exfiltration from infrastructure — only ciphertext on servers, VRAM, bus, OS.

Model theft — encrypted model is useless without the key.

Prompt/response interception — ephemeral per-session keys.

Bus sniffing — the bus carries ciphertext, not secrets.

Insider threats — no admin ever sees plaintext.

Tokenizer attacks — encrypted tokenizer rejects unsigned inputs.

Mitigated by Design

Key compromise — model key triple-encrypted for TEE transfer; session keys ephemeral.

Denial of service — gateway architecture supports standard DDoS protection.

Client-side compromise — client endpoint security remains customer responsibility.

Model poisoning — encrypted training data prevents tampering by infra operators.

Defensible IP

Intellectual Property Posture

FHEnom for AI™'s competitive advantage is built on defensible, proprietary technology — not speed-to-market or open-source integration. The moat is mathematical, not operational.

Trade Secret Protected

The cryptographic scheme and mathematical foundation are proprietary — not published, not open-source, not replicable from public research. Protected as an industrial secret, not a patent. This is the moat.

ISO 27001:2022

DataKrypto has achieved ISO/IEC 27001:2022 certification for enterprise-grade information security management.

FIPS Validated

FIPS 140-2 validated with 140-3 in progress. Federal and defense-grade compliance readiness built in.

Developer & Documentation Portal

Technical documentation, API references, deployment guides, and integration walkthroughs.

ACCESS DOCS PORTAL
Ready to Evaluate?

Talk to Our Engineering Team.

Schedule a technical deep-dive with the team that built FHEnom for AI™. See encrypted inference running live on your architecture.

BOOK A DEMO ← BACK TO PRODUCT