Inferensys

Glossary

Homomorphic Encryption (HE)

A cryptographic primitive enabling computations directly on ciphertexts, generating an encrypted result that, when decrypted, matches the output of operations performed on the original plaintext.
Operations room with a large monitor wall for system visibility and control.
CRYPTOGRAPHIC PRIMITIVE

What is Homomorphic Encryption (HE)?

Homomorphic Encryption is a cryptographic primitive that enables computation directly on encrypted data, producing an encrypted result that, when decrypted, matches the output as if operations were performed on the plaintext.

Homomorphic Encryption (HE) is a form of encryption that permits specific types of computation to be carried out on ciphertexts, generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext. This allows a third party to process sensitive data without ever accessing the unencrypted values, preserving confidentiality during computation.

HE schemes are categorized by the operations they support: Partially Homomorphic Encryption (PHE) allows only one operation type (addition or multiplication), Somewhat Homomorphic Encryption (SHE) supports limited operations, and Fully Homomorphic Encryption (FHE) enables arbitrary computation on ciphertexts. The primary trade-off is computational overhead, with FHE remaining significantly slower than plaintext computation.

CRYPTOGRAPHIC PRIMITIVES

Core Properties of Homomorphic Encryption

Homomorphic Encryption (HE) enables computation on ciphertexts, generating an encrypted result which, when decrypted, matches the output of operations performed on the plaintext. This allows sensitive patient data to remain encrypted during processing by untrusted third parties.

01

Partially Homomorphic Encryption (PHE)

Supports unlimited operations of a single type—either addition or multiplication, but not both. This limitation makes PHE simple and efficient for specific use cases.

  • Additive PHE (e.g., Paillier): Allows encrypted values to be summed. Ideal for tallying encrypted votes or aggregating financial transactions.
  • Multiplicative PHE (e.g., ElGamal): Allows encrypted values to be multiplied. Useful for secure key exchange and anonymous credential systems.
  • Performance: Extremely fast with low ciphertext expansion, making it practical for high-throughput production systems.
  • Healthcare Application: Securely aggregating patient counts across hospitals without revealing individual records.
< 1 ms
Typical operation latency
02

Somewhat Homomorphic Encryption (SHE)

Supports both addition and multiplication, but only for a limited number of operations. The circuit depth is bounded by the noise budget inherent in the ciphertext.

  • Noise Growth: Each homomorphic operation, especially multiplication, increases the noise embedded in the ciphertext. Once noise exceeds a threshold, decryption fails.
  • Limited Circuit Depth: Suitable for evaluating low-degree polynomials, such as computing statistical means or training simple linear models on encrypted data.
  • Efficiency: More computationally expensive than PHE but significantly faster than Fully Homomorphic Encryption (FHE).
  • Use Case: Computing predictive risk scores from encrypted patient vitals where the algorithm is a shallow arithmetic circuit.
10-100x
Ciphertext expansion factor
03

Fully Homomorphic Encryption (FHE)

Supports arbitrary computation on encrypted data by enabling an unlimited number of both additions and multiplications. This is the 'holy grail' of encrypted computation.

  • Bootstrapping: A revolutionary technique introduced by Craig Gentry in 2009 that 'refreshes' the ciphertext noise, allowing for unlimited circuit depth. This is the core mechanism that elevates SHE to FHE.
  • Turing Complete: In theory, any computable function can be evaluated homomorphically, enabling general-purpose computation on encrypted data.
  • Performance Overhead: Historically 1,000,000x slower than plaintext computation, though modern schemes (CKKS, TFHE) have reduced this to roughly 1,000x for specific workloads.
  • Healthcare Application: Training a deep neural network for diagnostic imaging on encrypted patient scans aggregated from multiple hospitals.
~1,000x
Computational overhead vs plaintext
04

Leveled Homomorphic Encryption

A practical variant of FHE that supports arbitrary computation up to a pre-determined multiplicative depth without bootstrapping. This avoids the extreme cost of bootstrapping for circuits of known depth.

  • Pre-defined Circuit: The scheme parameters are generated to support exactly the number of multiplications required by the target algorithm, optimizing performance.
  • No Bootstrapping: By eliminating the need for noise refresh, leveled schemes like BGV and BFV achieve much higher throughput than bootstrapped FHE.
  • Packing and Batching: Leverages Single Instruction, Multiple Data (SIMD) techniques to pack thousands of plaintext values into a single ciphertext, enabling parallel homomorphic computation.
  • Use Case: Running a fixed-architecture convolutional neural network for inference on encrypted medical images, where the network depth is known at compile time.
10,000+
Values packed per ciphertext (SIMD)
05

Homomorphic Encryption Schemes (BGV/BFV/CKKS/TFHE)

Modern FHE is implemented through distinct mathematical schemes, each optimized for different data types and computation patterns.

  • BGV/BFV (Integer Arithmetic): Operate on integers modulo a plaintext modulus. Ideal for exact arithmetic, such as counting, sums, and database queries. BFV is often preferred for its simpler noise management.
  • CKKS (Approximate Arithmetic): Operates on real and complex numbers with fixed-point approximation. The standard for machine learning inference, enabling encrypted floating-point operations on vectors.
  • TFHE (Gate-Level Logic): Optimized for evaluating individual binary gates (AND, XOR) on encrypted bits. Provides the fastest bootstrapping (microseconds per gate), making it ideal for decision trees and lookup tables.
  • Scheme Switching: Emerging research focuses on dynamically switching between schemes mid-computation to leverage the strengths of each for different parts of an algorithm.
13 µs
TFHE gate bootstrapping time
06

Noise Budget and Ciphertext Maintenance

All practical HE schemes rely on learning with errors (LWE) or ring-LWE problems, embedding a small 'noise' term into the ciphertext for security. Managing this noise is the central engineering challenge.

  • Noise Budget: A finite resource consumed by each homomorphic operation. Multiplication grows noise much faster than addition. Exceeding the budget corrupts the plaintext.
  • Relinearization: A key-switching technique applied after multiplication to reduce the ciphertext size back to two ring elements, preventing exponential growth.
  • Modulus Switching: A noise management technique that scales down the ciphertext modulus to proportionally reduce the absolute noise magnitude, effectively resetting the noise budget without bootstrapping.
  • Bootstrapping: The ultimate noise reset mechanism that homomorphically evaluates the decryption circuit itself, producing a 'fresh' ciphertext with a full noise budget. This is the most computationally expensive operation in FHE.
O(log q)
Noise growth per multiplication
HOMOMORPHIC ENCRYPTION TAXONOMY

PHE vs. SHE vs. FHE Comparison

A technical comparison of the three primary classes of homomorphic encryption schemes based on their computational capabilities, performance characteristics, and suitability for healthcare federated learning workloads.

FeaturePartially Homomorphic (PHE)Somewhat Homomorphic (SHE)Fully Homomorphic (FHE)

Supported Operations

Addition OR Multiplication (single type)

Addition AND Multiplication (limited depth)

Addition AND Multiplication (unlimited depth)

Circuit Depth

Unbounded for single operation

Bounded (predefined limit)

Unbounded (arbitrary circuits)

Bootstrapping Required

Ciphertext Size Overhead

1-2x plaintext

10-100x plaintext

1,000-10,000x plaintext

Computation Latency

< 1 ms per operation

1-100 ms per operation

100 ms - 10 sec per operation

Mature Schemes

RSA (multiplicative), Paillier (additive)

BGV, BFV, CKKS

BGV/BFV/CKKS + bootstrapping, TFHE, FHEW

Healthcare FL Suitability

Secure aggregation of model updates

Encrypted inference on shallow models

Encrypted training of deep neural networks

Standardization Status

ISO/IEC 18033-6 (Paillier)

HomomorphicEncryption.org draft standard

HomomorphicEncryption.org draft standard

HOMOMORPHIC ENCRYPTION

Frequently Asked Questions

Clear, technically precise answers to the most common questions about performing computation on encrypted data without ever decrypting it.

Homomorphic encryption (HE) is a cryptographic primitive that enables computation directly on ciphertexts, producing an encrypted result that, when decrypted, matches the output as if operations had been performed on the plaintext. It works by constructing encryption schemes where the encryption function is a homomorphism with respect to specific algebraic operations—meaning Enc(a) ⊗ Enc(b) = Enc(a ⊕ b) for some operations on ciphertexts and on plaintexts. This property preserves the mathematical structure of the plaintext space within the ciphertext space, allowing addition or multiplication (or both) to be performed on encrypted values without access to the secret key. The underlying security typically relies on hard lattice problems such as Ring Learning With Errors (RLWE).

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.