Inferensys

Glossary

Homomorphic Encryption (HE)

A cryptographic scheme that permits direct computation on encrypted data, producing an encrypted result that decrypts to the correct output without ever exposing the underlying plaintext.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
PRIVACY-PRESERVING COMPUTATION

What is Homomorphic Encryption (HE)?

A cryptographic scheme that permits direct computation on encrypted data, producing an encrypted result that decrypts to the correct output.

Homomorphic Encryption (HE) is a cryptographic primitive that enables mathematical operations to be performed directly on ciphertexts, generating an encrypted result that, when decrypted, matches the output of those same operations performed on the plaintext. This eliminates the need to decrypt sensitive data before processing, preserving confidentiality during computation.

In federated learning, HE secures model updates transmitted from clinical sites to the aggregation server, ensuring the central coordinator can perform secure aggregation without ever inspecting individual patient-level gradients. Variants range from Partially Homomorphic Encryption (PHE), supporting a single operation type, to Fully Homomorphic Encryption (FHE), which supports arbitrary computation but incurs significant computational overhead.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of Homomorphic Encryption

Homomorphic Encryption (HE) is defined by a set of mathematical properties that enable direct computation on ciphertexts. Understanding these properties is critical for selecting the right scheme for privacy-preserving federated learning.

01

Partially Homomorphic Encryption (PHE)

Supports unlimited operations of a single type—either addition or multiplication, but not both. This limitation makes PHE schemes extremely fast and practical for specific, narrow use cases.

  • Additive PHE (e.g., Paillier): Allows encrypted values to be summed. Ideal for federated Secure Aggregation where only the sum of model updates is needed.
  • Multiplicative PHE (e.g., ElGamal): Allows encrypted values to be multiplied. Useful for private information retrieval.
  • Performance: Operations are computationally lightweight compared to fully homomorphic schemes, often completing in milliseconds.
02

Somewhat Homomorphic Encryption (SHE)

Supports both addition and multiplication, but only for a limited number of operations. The depth of the arithmetic circuit is bounded by the scheme's parameters.

  • Noise Growth: Each operation, especially multiplication, increases the inherent noise within the ciphertext. Once noise exceeds a threshold, decryption fails.
  • Bootstrap-Free: SHE schemes are used when the computational circuit's multiplicative depth is known in advance, avoiding the extreme cost of bootstrapping.
  • Example: The BGN scheme, which allows one multiplication followed by unlimited additions.
03

Fully Homomorphic Encryption (FHE)

Enables arbitrary computation on encrypted data by supporting an unlimited number of both additions and multiplications. This is the holy grail of encrypted computation.

  • Bootstrapping: A revolutionary technique introduced by Gentry that refreshes the ciphertext noise homomorphically. It evaluates the decryption circuit itself under encryption, resetting the noise level to enable infinite computation.
  • Lattice-Based Security: Modern FHE schemes (CKKS, BGV, TFHE) rely on the hardness of the Ring Learning With Errors (RLWE) problem, providing post-quantum security guarantees.
  • Computational Overhead: FHE operations are typically 1,000x to 1,000,000x slower than plaintext computation, making hardware acceleration critical.
04

Leveled Fully Homomorphic Encryption

A practical variant of FHE that supports arbitrary, pre-determined circuits without bootstrapping. The scheme parameters are set to accommodate a specific multiplicative depth.

  • No Bootstrapping Overhead: By eliminating bootstrapping, leveled FHE is significantly faster than pure FHE for circuits of known depth.
  • Parameter Selection: Larger circuit depths require larger encryption parameters, increasing ciphertext size and computational cost linearly.
  • Federated Learning Fit: Ideal for neural network inference where the model architecture and layer count are fixed, allowing precise parameterization.
05

Ciphertext Packing & SIMD

A critical optimization that encodes multiple plaintext values into a single ciphertext, enabling Single Instruction, Multiple Data (SIMD) parallelism on encrypted data.

  • Batching: In schemes like CKKS and BGV, a vector of up to 2^15 values can be packed into one ciphertext. Operations are performed element-wise on the entire vector simultaneously.
  • Throughput Amplification: Packing can amortize the computational cost, making FHE thousands of times more efficient for vectorized operations like matrix multiplications in neural networks.
  • Rotation Operations: Requires homomorphic rotation operations to cyclically shift packed values for cross-slot interaction.
06

Noise Management & Modulus Switching

The fundamental engineering challenge in HE is controlling the inherent noise that grows with each operation, particularly multiplication.

  • Modulus Switching: A noise-reduction technique that scales down the ciphertext modulus after a multiplication, reducing the absolute noise magnitude without bootstrapping.
  • Scale Invariance: Used in the CKKS scheme to maintain a consistent scale factor for approximate fixed-point arithmetic, crucial for machine learning workloads.
  • Noise Budget: A finite resource consumed by each operation. Monitoring the remaining budget is essential to prevent decryption failure.
CRYPTOGRAPHIC COMPARISON

HE vs. Other Privacy-Preserving Techniques

A technical comparison of homomorphic encryption against other primary privacy-preserving computation techniques used in federated learning security.

FeatureHomomorphic EncryptionSecure Multi-Party ComputationDifferential PrivacyTrusted Execution Environment

Core Mechanism

Computation on encrypted data

Secret sharing and circuit evaluation

Calibrated noise injection

Hardware-enforced isolation

Data Protection State

Encrypted during computation

Secret-shared during computation

Raw data exposed locally

Decrypted inside secure enclave

Computational Overhead

100-1000x slowdown

10-100x communication overhead

Minimal (< 1%)

5-15% overhead

Collusion Tolerance

None required (single-party)

Honest majority required

Not applicable

Hardware root of trust

Output Accuracy

Exact (no precision loss)

Exact (no precision loss)

Degraded (noise trade-off)

Exact (no precision loss)

Protects Against Inference Attacks

Suitable for Training

Requires Trusted Third Party

HOMOMORPHIC ENCRYPTION

Frequently Asked Questions

Clear, technical answers to the most common questions about performing computation on encrypted data in healthcare federated learning pipelines.

Homomorphic encryption (HE) is a cryptographic scheme that permits direct computation on ciphertexts, producing an encrypted result that, when decrypted, matches the output of the same operations performed on the plaintext. It works by mapping data into a mathematical space where operations on encrypted values correspond to operations on the original values. Partially Homomorphic Encryption (PHE) supports only addition or multiplication, Somewhat Homomorphic Encryption (SHE) supports both but with limited circuit depth, and Fully Homomorphic Encryption (FHE) supports arbitrary computations on encrypted data. FHE schemes, such as CKKS for approximate arithmetic and BFV/BGV for exact integer arithmetic, rely on lattice-based cryptography and introduce noise that grows with each operation. Bootstrapping is the technique that resets this noise to enable unlimited computation depth, though it remains computationally expensive.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.