Inferensys

Glossary

Relinearization

A key-switching technique that reduces the size of a ciphertext after a homomorphic multiplication, preventing quadratic growth in ciphertext dimensions and maintaining computational efficiency.
Developer demonstrating multi-agent tool use, agent tool selection interface on laptop, casual tech demo moment.
CIPHERTEXT SIZE MANAGEMENT

What is Relinearization?

Relinearization is a key-switching technique in homomorphic encryption that reduces a ciphertext's size after multiplication, preventing quadratic growth in dimensions and maintaining computational efficiency.

Relinearization is a cryptographic operation that reduces a ciphertext from three ring elements back to two after a homomorphic multiplication. In schemes like BFV and CKKS, multiplying two ciphertexts produces a result with a quadratic polynomial structure, increasing its size and the cost of subsequent operations. Relinearization applies a key-switching procedure using a public evaluation key to compress this expanded product back into a standard, linear-sized ciphertext without decrypting the data.

Without relinearization, each successive multiplication would cause the ciphertext dimension to grow exponentially, rendering deep circuits computationally infeasible. The process consumes a portion of the noise budget but is essential for bounding ciphertext growth. The evaluation key used for relinearization is generated from the secret key and can be shared publicly without compromising security, preserving the IND-CPA guarantee of the underlying scheme.

CIPHERTEXT SIZE MANAGEMENT

Key Characteristics of Relinearization

Relinearization is a critical key-switching technique that prevents the quadratic explosion of ciphertext dimensions following homomorphic multiplications, ensuring computational efficiency in lattice-based schemes.

01

The Quadratic Growth Problem

In schemes like BFV and CKKS, a ciphertext is typically a pair of polynomials. A homomorphic multiplication of two ciphertexts produces a result with three polynomial components instead of two. Without intervention, subsequent multiplications cause the size to grow exponentially, making storage and further computation impractical. Relinearization reduces this triple back to a canonical two-component ciphertext.

02

Key-Switching Mechanics

Relinearization is a specific application of key-switching. It requires the public key holder to provide a special evaluation key (often called a relinearization key). This key is essentially an encryption of specific powers of the secret key under the secret key itself. The operation homomorphically evaluates a decryption-like circuit to transform the extended (degree-2) ciphertext back into a linear (degree-1) ciphertext without decrypting the data.

03

Noise Budget Consumption

While essential for size control, relinearization is not computationally free. It consumes a portion of the noise budget because it involves multiplying the ciphertext components by the relinearization key and adding them together. The operation adds a fixed amount of noise, which must be accounted for in the total budget alongside the noise introduced by the multiplication itself.

04

Decomposition and Gadgets

To manage noise growth during the key-switching step, the ciphertext is often decomposed into a smaller base (a gadget decomposition). Instead of multiplying by a large integer directly, the operation breaks the integer into digits of a smaller radix. This trades off a slight increase in computational cost for a significant reduction in the noise added during relinearization, keeping the overall noise budget viable for deeper circuits.

05

Relinearization in CKKS

In the CKKS scheme, which operates on approximate numbers, relinearization is tightly coupled with rescaling. After a multiplication, the ciphertext modulus is too large. The operation first reduces the three-component ciphertext to two components via key-switching, and then applies rescaling to truncate the least significant bits and manage the scale factor. This combined step ensures the ciphertext maintains a constant size and stable precision.

06

Performance and Security

The size of the relinearization key is substantial, often dominating the public key material. The security of the operation relies on the Ring Learning With Errors (RLWE) assumption, ensuring the evaluation key hides the secret key. Optimized implementations often use Number Theoretic Transform (NTT) to accelerate the polynomial multiplications involved in the key-switching procedure.

RELINEARIZATION EXPLAINED

Frequently Asked Questions

Clear answers to the most common questions about relinearization, the critical key-switching technique that prevents ciphertext size explosion during homomorphic multiplications.

Relinearization is a key-switching technique that reduces the size of a ciphertext back to its original dimension after a homomorphic multiplication. In schemes like BFV and CKKS, multiplying two ciphertexts of size n produces a result of size n+1 (typically growing from 2 to 3 ring elements). Without relinearization, each subsequent multiplication would increase the ciphertext dimension quadratically, making storage and further computation prohibitively expensive. Relinearization applies a special evaluation key—derived from the secret key—to transform the expanded three-element ciphertext back into a standard two-element ciphertext, maintaining a constant size regardless of the number of multiplications performed. This operation is essential for building deep homomorphic circuits where dozens or hundreds of multiplications are required.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.