Homomorphic Encryption (HE) is a form of encryption that permits specific types of computation to be carried out on ciphertexts, generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext. This allows a third party to process sensitive data without ever accessing the unencrypted values, preserving confidentiality during computation.
Glossary
Homomorphic Encryption (HE)

What is Homomorphic Encryption (HE)?
Homomorphic Encryption is a cryptographic primitive that enables computation directly on encrypted data, producing an encrypted result that, when decrypted, matches the output as if operations were performed on the plaintext.
HE schemes are categorized by the operations they support: Partially Homomorphic Encryption (PHE) allows only one operation type (addition or multiplication), Somewhat Homomorphic Encryption (SHE) supports limited operations, and Fully Homomorphic Encryption (FHE) enables arbitrary computation on ciphertexts. The primary trade-off is computational overhead, with FHE remaining significantly slower than plaintext computation.
Core Properties of Homomorphic Encryption
Homomorphic Encryption (HE) enables computation on ciphertexts, generating an encrypted result which, when decrypted, matches the output of operations performed on the plaintext. This allows sensitive patient data to remain encrypted during processing by untrusted third parties.
Partially Homomorphic Encryption (PHE)
Supports unlimited operations of a single type—either addition or multiplication, but not both. This limitation makes PHE simple and efficient for specific use cases.
- Additive PHE (e.g., Paillier): Allows encrypted values to be summed. Ideal for tallying encrypted votes or aggregating financial transactions.
- Multiplicative PHE (e.g., ElGamal): Allows encrypted values to be multiplied. Useful for secure key exchange and anonymous credential systems.
- Performance: Extremely fast with low ciphertext expansion, making it practical for high-throughput production systems.
- Healthcare Application: Securely aggregating patient counts across hospitals without revealing individual records.
Somewhat Homomorphic Encryption (SHE)
Supports both addition and multiplication, but only for a limited number of operations. The circuit depth is bounded by the noise budget inherent in the ciphertext.
- Noise Growth: Each homomorphic operation, especially multiplication, increases the noise embedded in the ciphertext. Once noise exceeds a threshold, decryption fails.
- Limited Circuit Depth: Suitable for evaluating low-degree polynomials, such as computing statistical means or training simple linear models on encrypted data.
- Efficiency: More computationally expensive than PHE but significantly faster than Fully Homomorphic Encryption (FHE).
- Use Case: Computing predictive risk scores from encrypted patient vitals where the algorithm is a shallow arithmetic circuit.
Fully Homomorphic Encryption (FHE)
Supports arbitrary computation on encrypted data by enabling an unlimited number of both additions and multiplications. This is the 'holy grail' of encrypted computation.
- Bootstrapping: A revolutionary technique introduced by Craig Gentry in 2009 that 'refreshes' the ciphertext noise, allowing for unlimited circuit depth. This is the core mechanism that elevates SHE to FHE.
- Turing Complete: In theory, any computable function can be evaluated homomorphically, enabling general-purpose computation on encrypted data.
- Performance Overhead: Historically 1,000,000x slower than plaintext computation, though modern schemes (CKKS, TFHE) have reduced this to roughly 1,000x for specific workloads.
- Healthcare Application: Training a deep neural network for diagnostic imaging on encrypted patient scans aggregated from multiple hospitals.
Leveled Homomorphic Encryption
A practical variant of FHE that supports arbitrary computation up to a pre-determined multiplicative depth without bootstrapping. This avoids the extreme cost of bootstrapping for circuits of known depth.
- Pre-defined Circuit: The scheme parameters are generated to support exactly the number of multiplications required by the target algorithm, optimizing performance.
- No Bootstrapping: By eliminating the need for noise refresh, leveled schemes like BGV and BFV achieve much higher throughput than bootstrapped FHE.
- Packing and Batching: Leverages Single Instruction, Multiple Data (SIMD) techniques to pack thousands of plaintext values into a single ciphertext, enabling parallel homomorphic computation.
- Use Case: Running a fixed-architecture convolutional neural network for inference on encrypted medical images, where the network depth is known at compile time.
Homomorphic Encryption Schemes (BGV/BFV/CKKS/TFHE)
Modern FHE is implemented through distinct mathematical schemes, each optimized for different data types and computation patterns.
- BGV/BFV (Integer Arithmetic): Operate on integers modulo a plaintext modulus. Ideal for exact arithmetic, such as counting, sums, and database queries. BFV is often preferred for its simpler noise management.
- CKKS (Approximate Arithmetic): Operates on real and complex numbers with fixed-point approximation. The standard for machine learning inference, enabling encrypted floating-point operations on vectors.
- TFHE (Gate-Level Logic): Optimized for evaluating individual binary gates (AND, XOR) on encrypted bits. Provides the fastest bootstrapping (microseconds per gate), making it ideal for decision trees and lookup tables.
- Scheme Switching: Emerging research focuses on dynamically switching between schemes mid-computation to leverage the strengths of each for different parts of an algorithm.
Noise Budget and Ciphertext Maintenance
All practical HE schemes rely on learning with errors (LWE) or ring-LWE problems, embedding a small 'noise' term into the ciphertext for security. Managing this noise is the central engineering challenge.
- Noise Budget: A finite resource consumed by each homomorphic operation. Multiplication grows noise much faster than addition. Exceeding the budget corrupts the plaintext.
- Relinearization: A key-switching technique applied after multiplication to reduce the ciphertext size back to two ring elements, preventing exponential growth.
- Modulus Switching: A noise management technique that scales down the ciphertext modulus to proportionally reduce the absolute noise magnitude, effectively resetting the noise budget without bootstrapping.
- Bootstrapping: The ultimate noise reset mechanism that homomorphically evaluates the decryption circuit itself, producing a 'fresh' ciphertext with a full noise budget. This is the most computationally expensive operation in FHE.
PHE vs. SHE vs. FHE Comparison
A technical comparison of the three primary classes of homomorphic encryption schemes based on their computational capabilities, performance characteristics, and suitability for healthcare federated learning workloads.
| Feature | Partially Homomorphic (PHE) | Somewhat Homomorphic (SHE) | Fully Homomorphic (FHE) |
|---|---|---|---|
Supported Operations | Addition OR Multiplication (single type) | Addition AND Multiplication (limited depth) | Addition AND Multiplication (unlimited depth) |
Circuit Depth | Unbounded for single operation | Bounded (predefined limit) | Unbounded (arbitrary circuits) |
Bootstrapping Required | |||
Ciphertext Size Overhead | 1-2x plaintext | 10-100x plaintext | 1,000-10,000x plaintext |
Computation Latency | < 1 ms per operation | 1-100 ms per operation | 100 ms - 10 sec per operation |
Mature Schemes | RSA (multiplicative), Paillier (additive) | BGV, BFV, CKKS | BGV/BFV/CKKS + bootstrapping, TFHE, FHEW |
Healthcare FL Suitability | Secure aggregation of model updates | Encrypted inference on shallow models | Encrypted training of deep neural networks |
Standardization Status | ISO/IEC 18033-6 (Paillier) | HomomorphicEncryption.org draft standard | HomomorphicEncryption.org draft standard |
Frequently Asked Questions
Clear, technically precise answers to the most common questions about performing computation on encrypted data without ever decrypting it.
Homomorphic encryption (HE) is a cryptographic primitive that enables computation directly on ciphertexts, producing an encrypted result that, when decrypted, matches the output as if operations had been performed on the plaintext. It works by constructing encryption schemes where the encryption function is a homomorphism with respect to specific algebraic operations—meaning Enc(a) ⊗ Enc(b) = Enc(a ⊕ b) for some operations ⊗ on ciphertexts and ⊕ on plaintexts. This property preserves the mathematical structure of the plaintext space within the ciphertext space, allowing addition or multiplication (or both) to be performed on encrypted values without access to the secret key. The underlying security typically relies on hard lattice problems such as Ring Learning With Errors (RLWE).
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Homomorphic Encryption is a foundational primitive in privacy-preserving computation. These related concepts define the broader cryptographic ecosystem that enables secure, collaborative analysis of sensitive healthcare data.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us