A noise budget is the finite capacity for error accumulation within a lattice-based ciphertext, representing the maximum amount of noise that can be introduced by homomorphic operations before the plaintext message becomes unrecoverable. Each operation—especially ciphertext multiplication—consumes a portion of this budget, and when the total noise exceeds a critical threshold, decryption outputs corrupted or meaningless data.
Glossary
Noise Budget

What is Noise Budget?
The finite capacity for error accumulation within a ciphertext; once exhausted by successive homomorphic operations, decryption becomes unreliable or impossible.
Noise budget management is the central constraint in Fully Homomorphic Encryption (FHE) circuit design. Techniques like bootstrapping and modulus switching are employed to refresh or reduce noise, effectively resetting the budget to enable deeper computation. Understanding the noise consumption of each gate is essential for cryptographers to ensure that a circuit's multiplicative depth does not exceed the scheme
Key Characteristics of a Noise Budget
The noise budget is the finite cryptographic capacity within a ciphertext that determines how many homomorphic operations can be performed before decryption becomes unreliable. Understanding its dynamics is essential for designing correct and efficient encrypted computations.
Finite Computational Capacity
Every Ring Learning With Errors (RLWE) ciphertext contains a limited amount of inherent noise. Each homomorphic operation—especially multiplication—consumes a portion of this budget. Once the noise overwhelms the plaintext signal relative to the ciphertext modulus, the decryption algorithm can no longer recover the original message, resulting in a corrupted output. This imposes a strict upper bound on multiplicative depth.
Noise Growth Dynamics
Noise accumulation is not linear. Addition adds noise roughly additively, consuming a small, predictable amount of the budget. Multiplication, however, causes the noise to grow multiplicatively, roughly squaring the noise magnitude. This rapid growth is the primary constraint in leveled fully homomorphic encryption schemes, forcing developers to structure circuits with minimal multiplicative depth.
Budget Management Techniques
Several cryptographic techniques actively manage the noise budget:
- Modulus Switching: Scales down the ciphertext modulus to proportionally reduce absolute noise, effectively resetting the relative noise ratio without decryption.
- Rescaling (CKKS): Divides the ciphertext by a scale factor after multiplication, maintaining a stable scale and controlling noise growth.
- Bootstrapping: Homomorphically evaluates the decryption circuit to produce a fresh ciphertext with a full noise budget, enabling unbounded computation depth.
Bootstrapping as a Budget Reset
Bootstrapping is the only mechanism to achieve fully homomorphic encryption (FHE) rather than merely leveled HE. By encrypting the secret key under itself and evaluating the decryption circuit homomorphically, bootstrapping strips away accumulated noise and outputs a new ciphertext with a refreshed budget. This operation is computationally expensive but essential for programs with unknown or unbounded depth.
Circuit Depth Estimation
Before executing a computation, developers must estimate the multiplicative depth of the arithmetic circuit. In the CKKS scheme, parameters like the coefficient modulus chain are chosen based on this depth. If the estimated depth exceeds the available budget, the computation must be restructured—by minimizing multiplications, using polynomial approximations for non-linear functions, or inserting bootstrapping operations.
Trade-offs with Security and Performance
A larger ciphertext modulus provides a larger initial noise budget but weakens the underlying lattice-based security assumption. To maintain a target security level (e.g., 128-bit), parameter sizes must increase, leading to larger ciphertexts and slower operations. This creates a trilemma between computational depth, security margin, and performance, requiring careful parameter selection for each use case.
Frequently Asked Questions
Understanding the finite capacity for error accumulation in homomorphic encryption ciphertexts and how it governs the depth and reliability of encrypted computation.
A noise budget is the finite capacity for error accumulation within a homomorphic encryption ciphertext. In lattice-based schemes like CKKS and BFV, every ciphertext contains a small amount of random error (noise) that is essential for security. Each homomorphic operation—especially multiplication—consumes a portion of this budget by increasing the noise magnitude. Once the noise grows too large relative to the ciphertext modulus, the decryption function can no longer correctly recover the plaintext, resulting in corrupted output. The noise budget is typically measured in bits, representing the remaining room for error before decryption failure becomes inevitable. Managing this budget is the central engineering challenge in designing circuits for encrypted inference.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Master the core mechanisms that consume and replenish the noise budget during encrypted computation. Understanding these operations is essential for designing circuits that decrypt correctly.
Noise Growth
The accumulation of error inherent in lattice-based ciphertexts with each homomorphic operation. Noise grows additively with addition but multiplicatively with multiplication, making multiplication the primary consumer of the noise budget.
- Addition: Noise grows as E₁ + E₂ (linear, manageable)
- Multiplication: Noise grows as E₁·E₂ + E₁·m₂ + E₂·m₁ (quadratic, dominant)
- Depth tracking: Circuit designers must model noise growth to ensure decryption remains correct
Modulus Switching
A noise management technique that scales down a ciphertext to a smaller modulus, proportionally reducing the absolute noise magnitude. This operation is performed without knowledge of the secret key and is essential in leveled FHE schemes.
- Mechanism: Divides both ciphertext and modulus by a scaling factor
- Effect: Reduces noise by approximately the same factor
- Trade-off: Each switch consumes one level from the modulus chain, limiting remaining multiplicative depth
Rescaling
In the CKKS scheme, the operation that divides a ciphertext by a scale factor after multiplication to maintain a stable scale and manage noise growth. Analogous to truncating floating-point precision in the encrypted domain.
- Purpose: Prevents exponential growth of the scale factor during multiplication
- Noise benefit: Simultaneously reduces noise proportionally to the scaling factor
- Level consumption: Each rescaling reduces the available modulus chain by one level
Relinearization
A key-switching procedure that reduces ciphertext size after multiplication from three ring elements back to two. Without relinearization, each multiplication would increase ciphertext dimension quadratically, rapidly consuming the noise budget.
- Required keys: Relinearization keys (public evaluation keys)
- When to apply: Immediately after every ciphertext multiplication
- Noise impact: Introduces a small additive noise term from the key-switching operation itself
Programmable Bootstrapping
An extension of TFHE bootstrapping that simultaneously refreshes ciphertext noise and evaluates a univariate lookup table function. This enables efficient evaluation of non-linear operations like activation functions while resetting the noise budget.
- Dual purpose: Noise refresh + function evaluation in one operation
- Use case: Applying ReLU or sigmoid during encrypted neural network inference
- Efficiency: Avoids separate bootstrapping and polynomial approximation steps

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us