Fully Homomorphic Encryption (FHE) Libraries

May 2025

Disclaimer: The views, thoughts, and opinions presented herein are solely those of the author and do not reflect the positions of any current or previous affiliations and employers. This content is for informational purposes only and should not be construed as professional advice. It's a work-in-progress article and will be updated as I learn more.

Fully Homomorphic Encryption (FHE) represents an advanced cryptographic technique that permits the execution of computational operations directly on encrypted data, obviating the requirement for prior decryption. This capability facilitates the application of diverse functions, including arithmetic operations and sophisticated algorithms, to ciphertext. Subsequent decryption of the resultant ciphertext yields an output equivalent to that obtained through analogous computation performed on the original plaintext.

FHE enables secure computational processes within inherently untrusted environments, such as servers in cloud environments, without compromising the confidentiality of the underlying data.

While still in early stages for complex computation tasks, FHEs can be introduced strategically in privacy-preserving analytics in a hybrid pattern with other solutions to balance user trust, regulatory requirements, with realistic engineering efforts.

Key take-aways

1. Aggregate analytics: Sums, averages, dot-products, simple regressions can run today under CKKS without ever decrypting.
2. Comparisons cost: Any ORDER BY, MAX, or join multiplies runtime by one-to-two orders of magnitude.
3. Hybrid patterns: Keep heavy joins or model training in a protected enclave; reserve FHE for the high-risk columns.
4. Library maturity: OpenFHE, SEAL, PALISADE and Zama’s Concrete-ML all ship production APIs; GPU kernels close the performance gap for batched linear algebra.
5. Compliance win: Computations stay encrypted, mapping neatly to GDPR “state-of-the-art” safeguards and. aligned with GDPR expectations for data minimization and secure processing - lowering breach‐impact risk.

Where challenges remain

• Deep-learning training (dozens of layers) – feasible only with severe quantisation or hybrid MPC/FHE tricks.
• Large relational joins – comparison gates explode; hybrid trusted-compute or secure enclaves often win.
• Real-time analytics on streaming data – bootstrapping latency (0.5–2 s each) is the bottleneck.
• Experimental nature of libraries – While Zama’s Concrete-ML and OpenFHE offer production APIs, most remain experimental ( or pre-prod, academic) when it comes to major deployments.

Key categories of FHE Applications

Basic arithmetic & statistics

• Analytical functions - element-wise add/sub/mul, vector dot-product, sum, count, mean, variance
• FHE schemes - BFV, BGV, CKKS
• Performance - Sub-second on 10²–10³ values; scales linearly.

Linear algebra

• Analytical functions -matrix–vector and matrix–matrix multiplication, encrypted cosine similarity
• FHE schemes - CKKS (approximate)
• Performance - GPU-accelerated OpenFHE hits 10⁶ ops/s on 4096-slot ciphertexts (Benchmarking Fully Homomorphic Encryption Libraries in IoT Devices)

SQL-style analytics

• Analytical functions - SELECT, WHERE on ranges/keywords, grouped SUM/COUNT/AVG over encrypted columns
• FHE schemes - BFV/BGV + comparison circuits
• Performance - Comparison gates are 10-100× slower than adds; research DBs such as ArcEDB show 2–3 s for 10 k-row grouped sum ([PDF] ArcEDB: An Arbitrary-Precision Encrypted Database via (Amortized ...)

Machine Learning (inference)

• Analytical functions - Linear & logistic regression, small decision-tree ensembles, shallow CNN/MLP inference
• FHE schemes - CKKS, TFHE
• Performance - <1 s per prediction for logistic/linear regression on ~1 k features (Training and Evaluation of Logistic Regression on Encrypted Data ..., [PDF] arXiv:2504.12623v1 [cs.CR] 17 Apr 2025)

Machine Learning (training)

• Analytical functions - Gradient-descent training for linear / logistic regression; first proofs-of-concept for small neural nets
• FHE schemes - CKKS with bootstrapping
• Performance - Hours instead of seconds; still research-grade ([PDF] arXiv:2504.12623v1 [cs.CR] 17 Apr 2025)

Similarity / ranking

• Analytical functions - Private set intersection, k-NN search via batched dot-products
• FHE schemes - CKKS, BFV
• Performance - Practical for small k and ≤10 k items; latency dominated by bootstraps.

Comparisons & min/max

• Analytical functions - Encrypted >, <, max, min via polynomial or bit-level circuits
• FHE schemes - TFHE, BGV
• Performance - 10-20 ms per comparison; expensive for large joins (How can I compare and find max/min directly over the encrypted data?)

References:

General FHE Background:

• Craig Gentry, “A Fully Homomorphic Encryption Scheme”, Stanford PhD thesis (2009) https://crypto.stanford.edu/craig

Performance Benchmarks:

• Al Badawi et al., “Benchmarking Fully Homomorphic Encryption Schemes”, 2023 https://eprint.iacr.org/2023/1299.pdf
• Zama’s Concrete-ML Performance Reports https://docs.zama.ai/concrete-ml
• Microsoft SEAL GitHub repo performance discussions https://github.com/microsoft/SEAL/issues/397

Academic on FHE + ML:

• Zhao et al., “Training and Evaluation of Logistic Regression on Encrypted Data”, arXiv:2504.12623 https://arxiv.org/abs/2504.12623
• CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy https://www.microsoft.com/en-us/research/publication/cryptonets/

Privacy and Compliance:

• EDPB Guidelines 4/2019 on Article 25 (Data Protection by Design and by Default) https://edpb.europa.eu
• ENISA Report: Privacy Enhancing Technologies – Current landscape and future directions, 2023 https://www.enisa.europa.eu/publications/privacy-enhancing-technologies