FL Explainer

Fully Homomorphic Encryption 

PLAY PAUSE
0:00
/
PLAY PAUSE

"The Holy Grail" of Cryptography

Fully Homomorphic Encryption (FHE) is a class of cryptographic schemes that lets you compute on encrypted data without decrypting it — the decrypted result equals what you would have gotten by computing on the plaintext.

Standard encryption (AES, RSA confidentiality mode) protects data at rest and in transit but requires decryption before processing. FHE eliminates that last weakness. The trade-off is speed: FHE operations are 10³–10⁶ times slower than plaintext, which is why production systems combine FHE with faster techniques like federated learning.

The rapid advancement of technology over recent decades has led to a growing popularity of cryptography. Terms that were once known only to mathematician-cryptographers have become widely recognized, including "Homomorphic Encryption".

Let us try to understand what problems standard encryption algorithms solve, what their limitations are, and why homomorphic encryption was needed.

Classical cryptographic schemes perform some parametric (key-dependent) mapping of the public data space into the encrypted data space. At the same time, it is possible to invert this transformation only by having this very parameter (key)

A characteristic feature of encryption algorithms is the scattering and mixing of information representing the plaintext. As a consequence, the metrics defined in the plaintext space are not preserved.

For example, the results of encrypting two input plaintexts on the same key, which differ only in one bit, are not close to each other in the ciphertext space. In turn, any change in the data representing the ciphertext leads to the fact that, decrypting it, we will get just random uninterpreted data.

Thus, classical encryption algorithms guarantee the security of storage, transmission, authentication, etc., but not secure data processing, i.e. any operations with data require their decryption.

How much of a need is there to process encrypted data?

It can be stated that the era of 'big data' has already arrived. The development of machine learning has changed many areas of life, including the emergence of cloud computing platforms that provide users with significant computing power and various services for data processing.

Customers can protect their data while transferring it to the cloud, but to perform data processing and analysis, the data must be decrypted

Thus, the client provides his data, possibly entrusted to him by third parties, to a resource beyond his control, which multiplies the probability of leakage or unauthorized access.

There are various approaches to solve this problem, for example, physical isolation of servers, limiting the interaction of third parties with it. However, in any of these cases, the client is forced to believe, in fact, on bare word and entrust his data to the protection implemented on the server side.

Naturally, there is a desire to provide its data with its own protection, as in the case of transmission, when it is not necessary to rely only on the implementation of transport protocol protection, you can send already encrypted data.

The concept of an encryption scheme allowing operations on encrypted data in such a way that the decryption of the result is a correct transformation of the public data corresponding to the operated ciphertexts, has been floating in the cryptographic environment for about 30 years and is often called the “Holy Grail” of cryptography.

However, this idea was rather difficult to achieve.

The initial efforts towards developing encryption schemes that allow certain operations on encrypted data coincide with the work on public-key encryption schemes, which were originally designed for different purposes.

Let’s briefly consider the most well-known of these schemes: RSA

Large prime numbers p and q are chosen, and N = pq – is computed as the system's modulus, φ(N) = (p-1)(q-1) – the Euler's totient function, eЄZ*N is selected and the corresponding d is determined such that ⅇ ⋅d ≡ 1(mod ϕ(N)). The public key of the system is formed as (e, N), and the private key is (φ(N),d).

The encryption algorithm for a message m is given by Enc(x)=me (mod N), with the result denoted as с. The decryption algorithm is Dec(c) = сd(mod N).

The correctness is ensured by the fact that cd (mod N) = (ce)d (mod N) = m(mod N), because ⅇ⋅d ≡ 1(mod⁡ φ(N)).

In the given scheme, the space of plaintexts coincides with the space of ciphertexts and is represented by ZN. Suppose we have two ciphertexts с1 and с2, corresponding to messages m1 and m2 respectively. Consider the product с1 ⋅ с2(mod N) and let's attempt to decrypt it.

Dec(с1 ⋅ с2) = (с1 ⋅ с2)d (mod N) = (m1e ⋅ m2e)d(mod N) = (m1 ⋅ m2)ed (mod N) = m1 ⋅ m2(mod N).

From this, we can see that the product of two ciphertexts is a valid ciphertext for the product of the corresponding plaintexts. Such mappings are called homomorphic with respect to the operations for which these properties hold. Specifically, the functions Enc() and Dec() are multiplicatively homomorphic.

Multiplicative homomorphism is not sufficient for most data processing tasks. Because of this, the search for cryptographically robust algorithms with encryption/decryption functions that are homomorphic with respect to a larger number of operations is the main challenge for the development of this area.

Why is there a need for basic operations on encrypted data?

Classical machine learning and deep learning can be decomposed into a set of fundamental operations on data or approximated by a series of basic operations. Thus, using secure ML algorithms on encrypted data is equivalent to applying the original versions of these algorithms to unencrypted data. In this scenario, data can be analyzed while remaining encrypted.

For example, consider a messaging system where messages need to be encrypted end-to-end, from sender to receiver. At the same time, it is necessary to check these messages for spam without compromising their confidentiality.

This is a typical case where machine learning is combined with homomorphic encryption.

In this way, homomorphic encryption restores control over data to its owners.

However, it is important to understand that it is not a cryptographic panacea and cannot replace more high-performance schemes. Nevertheless, similar to public-key cryptosystems, it can carve out its own niche.

FAQ

What is homomorphic encryption?
Homomorphic encryption is a class of encryption schemes where mathematical operations performed on ciphertexts produce, after decryption, the same result as if the operations had been performed on the plaintext. The simplest examples are partially homomorphic schemes: RSA (multiplicatively homomorphic) and Paillier (additively homomorphic). Fully homomorphic schemes support both addition and multiplication on encrypted data — enabling arbitrary computation on encrypted inputs. This property is the cryptographic foundation for confidential computing, private machine learning, and encrypted database queries.
What is fully homomorphic encryption (FHE) and how is it different from partial homomorphism?
Partial homomorphism supports only one operation type — RSA only multiplication, Paillier only addition. This is useful but cannot express most computations. Fully Homomorphic Encryption (FHE) supports both addition and multiplication an unlimited number of times, which makes it computationally universal: any function expressible as an arithmetic or Boolean circuit can be computed on encrypted data. The first FHE scheme was published by Craig Gentry in 2009; modern practical schemes (BGV, BFV, CKKS, TFHE) followed over the next decade.
How does homomorphic encryption work? (RSA example)
RSA gives a clean intuition. Choose primes p, q; let N = pq and compute φ(N) = (p-1)(q-1). Pick e coprime to φ(N), compute d such that e·d ≡ 1 mod φ(N). Public key: (e, N); private key: (φ(N), d). Encryption: c = m^e mod N. Decryption: m = c^d mod N. The multiplicative homomorphism: c1·c2 = m1^e · m2^e = (m1·m2)^e mod N. So multiplying ciphertexts and decrypting gives the product of the original messages. RSA is therefore multiplicatively homomorphic — useful but not full FHE.
What FHE schemes are used in practice?
Four modern schemes dominate production FHE.
BGV (Brakerski-Gentry-Vaikuntanathan, 2011) — integer arithmetic, batched operations.
BFV (Brakerski-Fan-Vercauteren, 2012) — exact integer arithmetic, often used for ML inference.
CKKS (Cheon-Kim-Kim-Song, 2017) — approximate arithmetic on real/complex numbers, optimal for ML where small errors are acceptable.
TFHE (Chillotti-Gama-Georgieva-Izabachène, 2016) — fast bootstrapping on Boolean circuits. Mature open-source libraries implement these: Microsoft SEAL, OpenFHE (formerly PALISADE), IBM HElib, Zama Concrete.
Is homomorphic encryption practical for production machine learning?
Yes, with significant caveats. FHE arithmetic is 10³–10⁶ times slower than plaintext arithmetic, so naive FHE-on-everything is impractical. Real production systems combine FHE with faster privacy techniques: federated learning so most computation runs locally on plaintext, with FHE applied only to gradient aggregation; secure multi-party computation for protocol-level joint operations; trusted execution environments for hardware-level isolation. CKKS-based inference of small neural networks on encrypted inputs is now production-viable for low-throughput, high-sensitivity use cases (medical diagnosis, financial scoring).
What can you actually compute on FHE-encrypted data?
In theory, anything expressible as an arithmetic or Boolean circuit. In practice, the most common production workloads are: encrypted database queries (private information retrieval); ML inference on encrypted inputs (classification, regression, scoring); encrypted aggregation in federated learning; private set intersection; encrypted statistics on health/financial data. The bottleneck is circuit depth — operations cost more as the depth increases, and "bootstrapping" (refreshing the noise budget) is expensive. Algorithm design for FHE focuses heavily on minimizing multiplicative depth.
What's the difference between FHE and other privacy techniques?
FHE is one of several Privacy-Enhancing Technologies (PETs). Others include federated learning (data stays local, only model updates exchanged); differential privacy (statistical noise added to outputs); secure multi-party computation (data split across parties via secret sharing); trusted execution environments (hardware enclaves like Intel SGX, AMD SEV); functional encryption (compute specific function on ciphertext). FHE is the most mathematically airtight but also the slowest. Most production systems combine 2–3 PETs depending on threat model and performance requirements.
How does Guardora use homomorphic encryption?
Guardora uses additively homomorphic encryption (Paillier, 1024-bit) as the maximum-protection mode in Guardora VFL — gradients exchanged between active party (label holder, e.g., a bank) and passive party (feature holder, e.g., an analytics vendor) are encrypted before transmission, so neither side sees the other's gradient information in cleartext. For credit scoring on tabular data with GBDT, this mode adds compute cost (training 50K records takes ~1.4 hours vs <9 minutes unencrypted on 300K records) without changing model quality. Paillier was chosen because additive homomorphism matches the gradient-summation operation in federated GBDT.