Inferensys

Glossary

Homomorphic Encryption

A cryptographic scheme enabling computation directly on ciphertext, producing an encrypted result that, when decrypted, matches the output of operations performed on the plaintext.
Operations room with a large monitor wall for system visibility and control.
PRIVACY-PRESERVING COMPUTATION

What is Homomorphic Encryption?

A cryptographic paradigm enabling computation on encrypted data without decryption, producing results that remain encrypted and match the outcome of operations performed on the original plaintext.

Homomorphic encryption is a cryptographic scheme that allows computation directly on ciphertext, generating an encrypted result that, when decrypted, matches the output of operations performed on the plaintext. This enables third parties to process sensitive data without ever accessing the raw information, preserving confidentiality throughout the computation lifecycle.

The technology exists in three forms: partially homomorphic encryption (PHE) supporting only addition or multiplication, somewhat homomorphic encryption (SHE) allowing limited operations, and fully homomorphic encryption (FHE) enabling arbitrary computation on encrypted data. FHE remains computationally intensive but is critical for privacy-preserving machine learning, enabling model training and inference on encrypted datasets without exposing individual records.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of Homomorphic Encryption

Homomorphic Encryption (HE) enables computation on ciphertext, producing an encrypted result that decrypts to the correct plaintext output. The following properties define its security model and operational constraints.

01

Homomorphic Correctness

The fundamental property guaranteeing that decryption of the evaluated ciphertext yields the exact result of applying the intended function to the original plaintext.

  • Additive Homomorphism: Dec(Enc(a) ⊕ Enc(b)) = a + b
  • Multiplicative Homomorphism: Dec(Enc(a) ⊗ Enc(b)) = a × b
  • Fully Homomorphic Encryption (FHE) supports both operations arbitrarily, enabling arbitrary circuit evaluation on encrypted data.
  • The scheme must preserve correctness across unbounded circuit depth for FHE, or a limited depth for Somewhat Homomorphic Encryption (SHE).
02

Semantic Security (IND-CPA)

The standard security notion requiring that a computationally bounded adversary cannot distinguish between encryptions of two chosen plaintexts, even with access to an encryption oracle.

  • Guarantees that ciphertexts reveal no partial information about the plaintext.
  • HE schemes achieve this through probabilistic encryption: the same plaintext encrypts to different ciphertexts each time due to random noise or nonces.
  • This is why HE ciphertexts are inherently non-deterministic and orders of magnitude larger than plaintexts.
03

Noise Growth and Bootstrapping

All practical HE schemes rely on Learning With Errors (LWE) or Ring-LWE hardness assumptions, embedding a small noise term during encryption that grows with each homomorphic operation.

  • Noise Budget: A finite capacity consumed by each multiplication; exceeding it renders decryption incorrect.
  • Bootstrapping (Gentry 2009): The breakthrough technique that evaluates the decryption circuit homomorphically, resetting the noise to a baseline level.
  • This converts a leveled SHE scheme into an unbounded FHE scheme, at significant computational cost.
04

Circuit Privacy

A stronger security property ensuring that the evaluated ciphertext reveals no information about the function that was computed, only the final encrypted result.

  • Without circuit privacy, an adversary could infer the model architecture or query logic from the evaluated ciphertext structure.
  • Achieved through noise flooding or rerandomization techniques that sanitize the output ciphertext distribution.
  • Critical for private inference-as-a-service where the model is proprietary intellectual property.
05

Compactness

The requirement that the size of the evaluated ciphertext and the decryption time are independent of the complexity of the evaluated function.

  • Decrypting the result of a deep neural network inference must be as fast as decrypting a single addition.
  • Prevents a trivial "encrypted computation" where the server simply appends the function description to the ciphertext.
  • Compactness, combined with correctness and semantic security, formally defines a Fully Homomorphic Encryption scheme.
06

Multi-Key and Threshold Variants

Extensions enabling computation on ciphertexts encrypted under different public keys, with decryption requiring collaboration among key holders.

  • Multi-Key FHE: Allows joint computation across data from multiple parties without a shared key setup.
  • Threshold FHE: Distributes the secret key among n parties; decryption requires a threshold t of them to collaborate.
  • Essential for secure multi-party training where no single entity holds the decryption capability for the aggregated model.
HOMOMORPHIC ENCRYPTION

Frequently Asked Questions

Explore the foundational concepts of homomorphic encryption, a privacy-enhancing technology that allows computation on encrypted data without ever decrypting it.

Homomorphic encryption is a cryptographic scheme that enables computation directly on ciphertext, generating an encrypted result that, when decrypted, matches the output of operations performed on the plaintext. It works by constructing mathematical operations—typically based on lattice-based cryptography or the Ring Learning With Errors (RLWE) problem—that are homomorphic to addition and multiplication. In a Partially Homomorphic Encryption (PHE) scheme, only one type of operation is supported (e.g., RSA for multiplication, Paillier for addition). Somewhat Homomorphic Encryption (SHE) supports both but with limited circuit depth. Fully Homomorphic Encryption (FHE) supports arbitrary computation on ciphertexts through a technique called bootstrapping, which refreshes the ciphertext noise to enable unlimited operations. The process involves three core algorithms: KeyGen (generates public/secret keys), Encrypt (converts plaintext to ciphertext), and Eval (performs operations on ciphertexts). The result remains encrypted and can only be decrypted by the holder of the secret key, ensuring that the data processor never sees the underlying sensitive information.

CRYPTOGRAPHIC COMPARISON

Homomorphic Encryption vs. Other Privacy-Preserving Techniques

A technical comparison of homomorphic encryption against other privacy-enhancing computation paradigms used to protect data during AI training and inference.

FeatureHomomorphic EncryptionSecure Multi-Party ComputationTrusted Execution Environment

Data Protection Phase

Data in use (computation on ciphertext)

Data in use (distributed shares)

Data in use (hardware isolation)

Cryptographic Basis

Lattice-based cryptography (RLWE)

Secret sharing and garbled circuits

Hardware root of trust (SGX/TDX)

Computation Overhead

10,000x - 1,000,000x slowdown

10x - 100x network-bound slowdown

1.05x - 1.2x slowdown

Collusion Tolerance

No trust assumptions required

Threshold-based (t of n honest parties)

Trust in hardware manufacturer

Multi-Party Support

Output Reveals

Only the encrypted result; decryptor sees plaintext

All parties see the agreed output

Plaintext result within enclave

Side-Channel Risk

Mathematically immune to memory snooping

Network traffic pattern leakage

Vulnerable to cache-timing and power analysis

Maturity for AI Training

Experimental; limited to linear/logistic regression

Production for tree-based models and simple NNs

Production for full deep learning workloads

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.