Inferensys

Glossary

Noise Growth

The accumulation of error inherent in lattice-based ciphertexts with each homomorphic operation, primarily driven by multiplication, which must be managed to prevent decryption failure.
Knowledge engineer constructing knowledge base on laptop, document hierarchy visible, casual office setup.
CRYPTOGRAPHIC ERROR ACCUMULATION

What is Noise Growth?

The progressive accumulation of error inherent in lattice-based ciphertexts during homomorphic computation, which must be strictly managed to prevent decryption failure.

Noise growth is the accumulation of a random error component within a lattice-based ciphertext with each successive homomorphic operation. This error, intentionally injected during encryption to ensure security under the Ring Learning With Errors (RLWE) assumption, expands additively during addition but multiplies during multiplication, rapidly consuming the ciphertext's finite noise budget.

If noise exceeds a critical threshold relative to the ciphertext modulus, the original message becomes irrecoverable upon decryption. Management techniques such as bootstrapping, modulus switching, and rescaling in the CKKS scheme are employed to reset or reduce this error, enabling deeper circuits without compromising the integrity of the encrypted computation.

Ciphertext Integrity

Key Characteristics of Noise Growth

Noise growth is the central engineering constraint in lattice-based homomorphic encryption, dictating the depth and complexity of computable circuits. Understanding its mechanics is essential for designing viable encrypted inference pipelines.

01

Additive vs. Multiplicative Noise

Homomorphic operations impact the noise budget asymmetrically. Addition introduces a small, linear increase in noise, typically negligible for circuit depth planning. Multiplication, however, causes the internal noise terms to multiply together, resulting in quadratic noise growth. This disparity means that the multiplicative depth of a circuit—the longest chain of sequential multiplications—is the primary determinant of whether a ciphertext will decrypt correctly. Managing this requires careful circuit design, minimizing multiplication depth where possible.

02

The Noise Budget Ceiling

Every ciphertext is initialized with a finite noise budget, determined by the encryption parameters (modulus size and error distribution). This budget represents the maximum error the ciphertext can accumulate before the plaintext message is corrupted beyond recovery. Key aspects include:

  • Initial Budget: Set during encryption; larger moduli provide deeper computation capacity but increase ciphertext size.
  • Budget Consumption: Each multiplication consumes a significant fraction of the remaining budget.
  • Decryption Failure: Occurs when the accumulated noise exceeds the threshold, causing the plaintext to be lost in the statistical error.
03

Noise Management Techniques

To prevent decryption failure, modern FHE schemes employ active noise management:

  • Bootstrapping: Homomorphically evaluates the decryption circuit on a noisy ciphertext, producing a new ciphertext encrypting the same message with a refreshed noise budget. This enables unlimited computation depth but is computationally expensive.
  • Modulus Switching: Scales down the ciphertext modulus, which proportionally reduces the absolute noise magnitude without decryption. This is a lightweight, leveled technique used in schemes like BGV and BFV.
  • Rescaling (CKKS): After a multiplication, the ciphertext is divided by a scale factor to maintain a stable scale and truncate noise, analogous to managing floating-point precision.
04

Impact on Encrypted Inference

Noise growth directly constrains the architecture of models used for encrypted inference. Deep neural networks with many sequential layers (high multiplicative depth) are challenging to evaluate directly. Mitigation strategies include:

  • Polynomial Approximation: Replacing non-linear activation functions (ReLU, sigmoid) with low-degree polynomial approximations to reduce multiplicative depth.
  • Circuit Bootstrapping: Using programmable bootstrapping in TFHE to evaluate non-linear functions as lookup tables while simultaneously refreshing noise.
  • Hybrid Protocols: Offloading non-linear operations to a Multi-Party Computation (MPC) protocol, which does not suffer from noise growth, while using HE for linear layers.
05

Ciphertext Dimension Expansion

Beyond noise magnitude, multiplication causes the ciphertext dimension to grow. In RLWE-based schemes, multiplying two ciphertexts of dimension 2 produces a ciphertext of dimension 3. Without correction, subsequent multiplications would cause exponential dimension growth, making storage and computation impractical. Relinearization is a key-switching operation that reduces the product ciphertext back to dimension 2, enabling a chain of multiplications without dimensional explosion. This requires specific evaluation keys (relinearization keys) to be generated by the secret key holder.

06

Parameter Selection Trade-offs

Selecting encryption parameters is a direct negotiation with noise growth. Larger parameters increase the initial noise budget and computational capacity but degrade performance:

  • Polynomial Modulus Degree (N): Higher N increases security and budget but slows operations.
  • Coefficient Modulus (Q): A larger Q provides a deeper budget but must be carefully chosen to avoid security vulnerabilities.
  • Error Distribution: A smaller standard deviation reduces initial noise but can weaken security if too aggressive. The goal is to select the minimal parameters that satisfy both the security level (e.g., 128-bit) and the circuit's multiplicative depth requirement.
CIPHERTEXT INTEGRITY

Noise Management Techniques Compared

A comparison of the primary cryptographic techniques used to control noise growth in lattice-based homomorphic encryption schemes, preventing decryption failure.

FeatureModulus SwitchingRelinearizationBootstrapping

Primary Function

Reduces absolute noise magnitude by scaling down the ciphertext modulus.

Reduces ciphertext size after multiplication to prevent quadratic dimension growth.

Homomorphically evaluates the decryption circuit to reset the noise budget to a fixed level.

Operates On

Ciphertext modulus and noise

Ciphertext dimension (ring elements)

Entire ciphertext (noise budget)

Requires Secret Key

Computational Cost

Low (simple scaling operation)

Medium (key-switching operation)

Extremely High (evaluates AES-like circuit)

Impact on Noise Budget

Proportionally reduces absolute noise, maintaining budget ratio.

No direct noise reduction; prevents noise from growing faster due to size.

Resets noise budget to a fixed, low level, enabling unlimited depth.

Typical Usage Frequency

After every multiplication

After every multiplication

Periodically, when the noise budget is nearly exhausted

Scheme Compatibility

BGV, BFV, CKKS (as Rescaling)

BGV, BFV, CKKS

FHEW, TFHE, CKKS (with approximation)

Enables Unlimited Computation

NOISE GROWTH

Frequently Asked Questions

Core questions about the accumulation of error in lattice-based ciphertexts during homomorphic computation, and the techniques used to manage it before decryption failure occurs.

Noise growth is the progressive accumulation of error inherent in lattice-based ciphertexts with each successive homomorphic operation. In schemes built on the Ring Learning With Errors (RLWE) hardness assumption, a small random error is deliberately injected into ciphertexts during encryption to ensure security. Each homomorphic addition adds the errors of the two input ciphertexts linearly, while each homomorphic multiplication causes the errors to multiply together, resulting in exponential growth relative to the multiplicative depth of the circuit. If the total accumulated noise exceeds the modulus of the ciphertext space, the signal becomes indistinguishable from the error, and decryption returns a corrupted plaintext. Managing this noise budget is the central engineering constraint in designing practical Fully Homomorphic Encryption (FHE) applications.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.