Inferensys

Glossary

Additive Homomorphic Encryption (AHE)

A form of encryption that allows the direct computation of the sum of plaintexts by performing an operation on their corresponding ciphertexts, enabling a server to aggregate encrypted updates without decrypting them.
Premium data center corridor with server racks and warm architectural lighting.
CRYPTOGRAPHIC PRIMITIVE

What is Additive Homomorphic Encryption (AHE)?

Additive Homomorphic Encryption (AHE) is a form of encryption that allows the direct computation of the sum of plaintexts by performing an operation on their corresponding ciphertexts, enabling a server to aggregate encrypted updates without decrypting them.

Additive Homomorphic Encryption (AHE) is a cryptographic scheme where an operation on ciphertexts corresponds to the addition of the underlying plaintexts. Formally, given ciphertexts c1 = Enc(m1) and c2 = Enc(m2), there exists an operation such that Dec(c1 ⊕ c2) = m1 + m2. This property allows a central server to compute the sum of client-submitted model updates while the individual contributions remain encrypted and inaccessible.

In the context of secure aggregation protocols, AHE provides an alternative to pairwise masking by shifting the cryptographic burden to the client. Each client encrypts its gradient update with a public key, and the server homomorphically sums all ciphertexts before requesting a threshold decryption. The Paillier cryptosystem is the most common instantiation, offering semantic security based on the decisional composite residuosity assumption. Unlike secret-sharing approaches, AHE simplifies dropout resilience since the server only needs the aggregate ciphertext, but it introduces higher computational overhead per client.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of AHE

Additive Homomorphic Encryption (AHE) is defined by a set of mathematical properties that enable computation on ciphertexts. These properties make it a fundamental building block for privacy-preserving protocols like secure aggregation.

01

The Additive Homomorphism

The core property: Dec(Enc(m₁) ⊗ Enc(m₂)) = m₁ + m₂. There exists an operation on ciphertexts that, when applied, produces a new ciphertext decrypting to the sum of the original plaintexts. The server never sees m₁ or m₂, only their encrypted forms and the encrypted sum.

  • Example: A server holding Enc(5) and Enc(3) can compute Enc(8) without ever decrypting.
  • Mechanism: Typically based on the Decisional Diffie-Hellman assumption in groups where the discrete log is hard.
m₁ + m₂
Core Operation
02

Scalar Multiplication

AHE schemes inherently support scalar multiplication: multiplying a ciphertext by a known plaintext constant k yields an encryption of k * m. This is derived from repeated application of the additive homomorphism.

  • Formula: Dec(Enc(m)ᵏ) = k * m
  • Use Case: Computing weighted averages in federated learning, where each client's update is scaled by its dataset size before aggregation.
  • Limitation: This is multiplication by a known constant, not multiplication of two encrypted values.
k · m
Scalar Operation
03

Semantic Security (IND-CPA)

AHE schemes must be semantically secure (IND-CPA): an adversary cannot distinguish between encryptions of two chosen plaintexts. This implies probabilistic encryption—encrypting the same message twice produces different ciphertexts.

  • Mechanism: Achieved by injecting a random nonce or blinding factor during encryption.
  • Critical Implication: Prevents dictionary attacks. An eavesdropper seeing Enc(0) and Enc(1) cannot tell them apart, protecting model update values in transit.
IND-CPA
Security Notion
04

Malleability by Design

AHE is malleable—a feature, not a bug. An adversary can transform Enc(m) into Enc(m + x) without decryption. This is the intended functionality for secure aggregation.

  • Risk: In isolation, malleability enables chosen-ciphertext attacks.
  • Mitigation: Secure aggregation protocols combine AHE with zero-knowledge proofs or authenticated encryption on the communication channel to ensure ciphertexts are only manipulated by the legitimate aggregator according to protocol rules.
Feature
Malleability
05

Partial Homomorphism vs. Fully Homomorphic

AHE is a partially homomorphic encryption (PHE) scheme. It supports only one operation (addition) an unlimited number of times.

  • AHE (Additive): Unlimited additions. Examples: Paillier, Exponential ElGamal.
  • MHE (Multiplicative): Unlimited multiplications. Example: RSA (unpadded).
  • FHE (Fully Homomorphic): Supports both additions and multiplications, enabling arbitrary circuits. Examples: CKKS, TFHE. FHE is far more computationally expensive than AHE.
  • Trade-off: AHE is lightweight and practical for aggregation; FHE is heavy but enables private inference.
PHE
Scheme Class
06

Common AHE Schemes

Two primary constructions dominate practical use:

  • Paillier Cryptosystem: Based on the Composite Residuosity Class Problem. Provides additive homomorphism over integers modulo n. Ciphertext expansion is 2x the plaintext size.
  • Exponential ElGamal: A variant of standard ElGamal where encryption encodes gᵐ instead of m. Homomorphic addition computes g^(m₁+m₂). Decryption requires solving a discrete logarithm, limiting it to small message spaces (e.g., 32-bit values).

Both are quantum-vulnerable; post-quantum AHE based on Learning With Errors (LWE) is an active research area.

Paillier
Integer Scheme
ElGamal
EC Scheme
ADDITIVE HOMOMORPHIC ENCRYPTION

Frequently Asked Questions

Clear, technically precise answers to the most common questions about how additive homomorphic encryption enables private computation on encrypted data.

Additive homomorphic encryption (AHE) is a cryptographic scheme that allows the direct computation of the sum of plaintexts by performing an operation on their corresponding ciphertexts, without ever decrypting the individual values. The core mechanism relies on a mathematical property where Enc(m1) ⊗ Enc(m2) = Enc(m1 + m2), with representing a specific algebraic operation on ciphertexts. The most well-known example is the Paillier cryptosystem, where multiplying two ciphertexts modulo yields a ciphertext encrypting the sum of the plaintexts. This property enables a server to aggregate encrypted model updates from multiple clients in a federated learning setting, computing the global sum while remaining completely blind to individual contributions. Unlike fully homomorphic encryption, AHE supports only addition operations, making it computationally efficient and practical for secure aggregation protocols.

PRACTICAL USE CASES

Applications of AHE in Machine Learning

Additive Homomorphic Encryption (AHE) enables computation directly on encrypted data, unlocking privacy-preserving workflows where a server can aggregate sensitive values without ever seeing the raw inputs.

01

Federated Learning Gradient Aggregation

The primary use case for AHE in ML. Each client encrypts their local model update (gradient vector) using the server's public key. The server performs homomorphic addition on all ciphertexts to compute the encrypted global sum, then decrypts only the final aggregate. This ensures the server never inspects any individual client's contribution, defending against gradient leakage attacks that can reconstruct private training data from raw updates.

100K+
Clients per Round
< 5%
Encryption Overhead
02

Private Set Intersection Cardinality

AHE allows two organizations to compute the size of the overlap between their datasets without revealing the actual intersecting elements or any non-matching records. Each party encrypts their set elements, the other party homomorphically computes a polynomial evaluation, and the result reveals only the intersection count. This is critical for healthcare informatics and fraud detection consortia where revealing raw identifiers is prohibited by regulation.

03

Encrypted Statistical Aggregation

Beyond ML training, AHE enables privacy-safe computation of basic statistics on distributed sensitive data:

  • Encrypted Sum: Total revenue across competing business units without exposing individual unit performance.
  • Encrypted Average: Compute the mean of patient vitals across hospitals by homomorphically summing encrypted values and dividing the decrypted total by the known count.
  • Encrypted Variance: Two-pass protocols using AHE for sums of squares enable private standard deviation calculations.
04

Secure Electronic Voting

AHE forms the cryptographic backbone of privacy-preserving voting systems. Each vote is encrypted as a 0 or 1 (or a more complex preference vector) using an additively homomorphic scheme. The tallying authority sums all ciphertexts homomorphically and decrypts only the final total. This guarantees ballot secrecy while enabling public verifiability of the count. Threshold decryption ensures no single authority can decrypt individual votes.

05

Privacy-Preserving Recommendation Systems

AHE enables a recommendation server to compute user-item preference scores without learning the user's rating history. The user encrypts their rating vector, the server holds the item matrix in plaintext, and performs homomorphic dot products to generate encrypted recommendation scores. Only the user can decrypt the final result. This prevents the service provider from building shadow profiles on user behavior.

06

Confidential Cloud Inference

AHE can be combined with other techniques for private neural network inference. While fully homomorphic encryption (FHE) is often too slow for entire networks, AHE is efficient for the linear layers (fully connected and convolutional layers where operations are additions and scalar multiplications). The client encrypts their input, the cloud computes the linear transformations homomorphically, and the client decrypts the output. Non-linear activations are handled client-side or via secure multi-party computation.

SCHEME COMPARISON

AHE vs. Other Homomorphic Encryption Schemes

Comparison of additive homomorphic encryption with other homomorphic encryption schemes across key cryptographic and operational dimensions.

FeatureAdditive HE (AHE)Partially HE (PHE)Fully HE (FHE)

Supported operations

Addition only

Addition or multiplication (not both)

Addition and multiplication (unlimited)

Computational depth

Unlimited additions

Unlimited for single operation

Unlimited for both operations

Ciphertext size overhead

2-4x plaintext

2-8x plaintext

10,000-1,000,000x plaintext

Encryption time

< 1 ms

< 5 ms

100 ms - 10 sec

Homomorphic addition time

< 1 µs

< 10 µs

1-100 ms

Homomorphic multiplication time

< 10 µs

100 ms - 10 sec

Post-quantum security

Production maturity

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.