For the entirety of modern computing, encryption has demanded a trade-off: you can protect your data, or you can compute on it. Not both. To run a query against a database, the database sees your query. To process an image through an AI model, the model sees your image. To analyze a genome, the lab sees your DNA sequence. Encryption protects data in transit and at rest, but the moment computation begins, the data must be decrypted – exposed, naked, in RAM.
Homomorphic encryption breaks this constraint. It allows computation directly on ciphertext, producing encrypted results that, when decrypted, match the results of the same computation on the plaintext. The server never sees the data. The server never sees the result. The server performs meaningful work on information it cannot read.
Craig Gentry’s 2009 PhD thesis at Stanford demonstrated the first plausible fully homomorphic encryption (FHE) scheme. It was approximately one trillion times slower than computing on plaintext. Fifteen years later, production FHE systems operate at overheads of 10,000x-100,000x – still massive, but shrinking by roughly 10x every two years. Apple shipped FHE-based features in iOS 18. Google uses it in Chrome for privacy-preserving ad measurement. The $380 million invested in FHE startups between 2020 and 2025 signals that the market has stopped asking “if” and started asking “when.”
The Taxonomy of Homomorphic Encryption
Not all homomorphic encryption is equal. The field is divided into three categories based on the range of computations supported:
Partially Homomorphic Encryption (PHE)
PHE schemes support one type of operation – either addition or multiplication – applied an unlimited number of times.
RSA is multiplicatively homomorphic: E(m1) * E(m2) = E(m1 * m2). You can multiply ciphertexts and get the encryption of the product. This property has been known since RSA’s invention in 1977, though it was considered a curiosity rather than a feature.
Paillier (1999) is additively homomorphic: E(m1) * E(m2) = E(m1 + m2). You can add ciphertexts and get the encryption of the sum. Paillier encryption is used in production systems for privacy-preserving voting, aggregation, and statistical computation where only addition is needed.
PHE is practical and fast, but its limitation to a single operation type restricts it to narrow use cases.
Somewhat Homomorphic Encryption (SHE)
SHE schemes support both addition and multiplication, but only for a limited number of operations. Each operation introduces a small amount of “noise” into the ciphertext. After enough operations, the noise overwhelms the signal, and decryption fails.
The depth of computation a SHE scheme supports – measured in multiplicative levels – is fixed at encryption time by choosing appropriate parameters. A scheme configured for 10 levels of multiplication can evaluate polynomials up to degree 2^10, but not beyond.
This noise accumulation is the central technical challenge of homomorphic encryption.
Fully Homomorphic Encryption (FHE)
FHE supports both addition and multiplication for an arbitrary number of operations. The breakthrough that makes this possible is bootstrapping – a technique that “refreshes” a noisy ciphertext by homomorphically decrypting it, resetting the noise level so computation can continue indefinitely.
Gentry’s original bootstrapping procedure was the key theoretical insight: if you can homomorphically evaluate the decryption circuit of your own scheme, you can refresh ciphertexts without ever decrypting them. The server, holding only the encrypted data and an encrypted copy of the secret key, performs the decryption homomorphically – reducing noise without learning anything about the plaintext.
This is conceptually recursive and computationally expensive. But it transforms a bounded SHE scheme into an unbounded FHE scheme.
The Mathematical Foundation: Lattice Problems
All modern FHE schemes are built on lattice-based cryptography – the same mathematical foundation underlying the post-quantum cryptography standards selected by NIST. This is not a coincidence. Lattice problems are believed to be hard for both classical and quantum computers, making FHE inherently resistant to quantum attacks.
Learning With Errors (LWE)
The core hardness assumption is the Learning With Errors (LWE) problem, introduced by Oded Regev in 2005:
Given a secret vector s and a set of noisy linear equations of the form:
a_i . s + e_i = b_i (mod q)
where a_i is a known random vector, e_i is a small random error term, and b_i is the observed result – find s.
Without the error terms, this is a system of linear equations solvable by Gaussian elimination. The small errors make the system computationally intractable. The best known algorithms for LWE run in exponential time in the dimension of the lattice.
FHE exploits this by encoding the message in the error term. Homomorphic operations (addition and multiplication of ciphertexts) correspond to addition and multiplication of the underlying errors. As long as the accumulated error stays below a threshold, decryption recovers the correct plaintext.
The Ring Variant: RLWE
Practical FHE schemes use the Ring-LWE variant, which operates over polynomial rings rather than arbitrary vectors. This provides two advantages: ciphertexts are smaller (compact polynomial representations vs. large matrices), and operations are faster (polynomial multiplication via Number Theoretic Transform, analogous to FFT).
Ring-LWE is the foundation of CKKS, BFV/BGV, and TFHE – the three dominant FHE scheme families.
The Three FHE Scheme Families
BFV/BGV (Integer Arithmetic)
The Brakerski-Fan-Vercauteren (BFV) and Brakerski-Gentry-Vaikuntanathan (BGV) schemes operate on encrypted integers. They support exact computation – no approximation error – making them suitable for applications requiring bitwise precision: database queries, encrypted search, exact statistics.
BFV/BGV parameters determine the maximum multiplicative depth at encryption time. A typical configuration for a 128-bit security level with 10 multiplicative levels requires ciphertexts of approximately 256 KB.
CKKS (Approximate Arithmetic)
The Cheon-Kim-Kim-Song (CKKS) scheme, introduced in 2017, supports encrypted approximate arithmetic – addition and multiplication on encrypted floating-point numbers. The approximation error is controlled and bounded, making CKKS ideal for machine learning, statistical analysis, and signal processing.
CKKS encodes complex numbers into polynomial coefficients, with the approximation error absorbed into the existing noise budget. This is a profound insight: by relaxing the requirement for exact computation, CKKS achieves dramatically better performance on the workloads that matter most for AI and data science.
Apple’s Private Cloud Compute uses CKKS-family techniques for on-device machine learning features that process encrypted data. The homomorphic operations compute predictions without the model seeing the input data.
TFHE (Boolean/Bit-Level Operations)
The Torus FHE (TFHE) scheme by Chillotti, Gama, Georgieva, and Izabachene operates at the bit level, supporting fast homomorphic evaluation of Boolean gates (AND, OR, XOR, NOT). TFHE’s key innovation is programmable bootstrapping – a bootstrapping operation that simultaneously refreshes the ciphertext and evaluates an arbitrary lookup table.
TFHE bootstrapping runs in approximately 10 milliseconds per gate on modern hardware. This makes it the fastest scheme for general-purpose computation on encrypted data, at the cost of operating bit-by-bit rather than on packed vectors.
Zama, a French FHE startup that raised $73 million in Series A funding in 2024, built its entire product line (Concrete ML, fhEVM) on TFHE.
Performance Reality Check
FHE is not fast. The overhead compared to plaintext computation remains the primary barrier to adoption. Here are representative benchmarks from 2025-2026:
| Operation | Plaintext | BFV (128-bit security) | CKKS (128-bit security) | TFHE |
|---|---|---|---|---|
| Addition | ~1 ns | ~1 μs | ~1 μs | ~10 ms (per bit) |
| Multiplication | ~1 ns | ~10 ms | ~10 ms | ~10 ms (per bit) |
| Logistic Regression (1000 features) | <1 ms | ~10 s | ~5 s | N/A |
| Neural Network Inference (small) | ~1 ms | ~minutes | ~30 s | ~minutes |
| Ciphertext Size (per element) | 8 bytes | ~256 KB | ~256 KB | ~2 KB |
The ciphertext expansion is severe: an 8-byte plaintext value becomes a 256 KB ciphertext in BFV/CKKS. For bulk data processing, this creates bandwidth and storage challenges that compound with dataset size.
Hardware acceleration is narrowing the gap. Intel’s HEXL library uses AVX-512 instructions for polynomial arithmetic. DARPA’s DPRIVE program (Data Protection in Virtual Environments) funded development of custom FHE ASICs, with initial hardware demonstrators delivered in 2025. Cornami, Duality Technologies, and Niobium Microsystems are all developing dedicated FHE processors targeting 10,000x acceleration over software implementations.
Real-World Deployments
Apple: Private Cloud Compute
Apple’s Private Cloud Compute, announced at WWDC 2024 and expanded in iOS 18, uses homomorphic encryption techniques to process Siri queries and on-device intelligence features. When computation exceeds what the device can handle locally, encrypted data is sent to Apple’s custom silicon servers running in trusted execution environments. The server computes on the encrypted payload and returns encrypted results. Apple’s implementation uses a hybrid approach – combining FHE with TEEs for performance-critical paths.
Google: Privacy Sandbox and Chrome
Google’s Privacy Sandbox initiative uses homomorphic encryption for aggregate measurement of ad conversions without tracking individual users. The Attribution Reporting API uses a form of encrypted aggregation where individual conversion reports are encrypted and only aggregate statistics can be computed. Google published research in 2024 demonstrating that FHE-based ad measurement achieves 95% of the utility of user-level tracking while providing differential privacy guarantees.
Financial Services: Encrypted Analytics
Swiss bank Julius Baer partnered with Inpher to run encrypted analytics on cross-border client data, enabling compliance analysis without exposing client portfolios across jurisdictional boundaries. BNP Paribas has deployed FHE for anti-money laundering screening where transaction data from multiple banks is analyzed without any bank seeing another’s data.
Healthcare: Encrypted Genomics
The iDASH competition (Integrating Data for Analysis, Anonymization, and Sharing) has benchmarked FHE performance on genomic data since 2014. The 2024 competition demonstrated encrypted genome-wide association studies (GWAS) on datasets of 10,000+ individuals, completing in under one hour – a task that would have taken years in 2014.
FHE and AI: The Convergence
The most consequential application of homomorphic encryption is its intersection with AI inference. The fundamental tension of cloud AI – you must send your data to the model, and the model operator sees your data – is precisely the problem FHE addresses.
Zama’s Concrete ML framework compiles standard scikit-learn and PyTorch models into FHE-compatible circuits. A trained logistic regression model can classify encrypted patient data without the healthcare provider seeing the data or the model owner seeing the classification. The patient sends encrypted symptoms, receives an encrypted diagnosis, and decrypts locally.
The limitation today is model complexity. FHE can handle logistic regression, decision trees, small neural networks, and statistical models. Large language models with billions of parameters remain out of reach – the multiplicative depth required to evaluate transformer attention layers exceeds practical FHE budgets by orders of magnitude.
This is why hybrid approaches are gaining traction. A Stealth Cloud architecture can combine FHE for preprocessing (PII detection, feature extraction) with zero-knowledge proofs for verification and TEEs for the computationally intensive LLM inference. No single PET solves every problem. The complete privacy-enhancing technology stack works in composition.
The Bootstrapping Frontier
The single most important metric in FHE research is bootstrapping speed. Bootstrapping is the operation that refreshes a noisy ciphertext, enabling unlimited computation. Faster bootstrapping means deeper circuits, larger models, and more practical applications.
Gentry’s original bootstrapping (2009): ~30 minutes per operation. HElib (2015): ~4 minutes. TFHE (2016): ~13 milliseconds. Zama’s Concrete (2024): ~8 milliseconds. Projected ASIC performance (2027): ~100 microseconds.
If ASIC-accelerated bootstrapping reaches the microsecond range, FHE becomes viable for real-time applications: encrypted database queries, encrypted web search, and encrypted AI inference at sub-second latency. This is not guaranteed, but the trajectory over 15 years of consistent improvement suggests it is achievable within this decade.
Security Considerations
FHE schemes based on RLWE are considered secure against both classical and quantum attacks at standard parameter settings (128-bit security). NIST’s post-quantum standards (CRYSTALS-Kyber, CRYSTALS-Dilithium) are built on the same lattice assumptions, providing a strong validation signal.
However, FHE implementations face unique security challenges:
Parameter selection. Choosing insufficient parameters (too small a polynomial degree, too small a modulus) can reduce security below intended levels. The Homomorphic Encryption Standard, published by an industry consortium including Microsoft, IBM, and Intel, provides parameter recommendations for 128-bit security.
Side channels. FHE computations are long-running and produce distinctive memory access patterns. Side-channel attacks against FHE implementations are an active research area.
Circuit privacy. Standard FHE guarantees input privacy (the server cannot see the data) but not necessarily circuit privacy (the client may learn something about the function being evaluated). Achieving both simultaneously requires additional cryptographic techniques.
The Stealth Cloud Perspective
Homomorphic encryption represents the ultimate expression of the zero-knowledge principle: computation without revelation. While FHE’s performance overhead currently limits it to specific workloads, its trajectory – 10x improvement every two years, hardware accelerators on the horizon, production deployments by the world’s largest technology companies – points toward a future where encrypted computation is the default, not the exception. Stealth Cloud’s architecture is designed to incorporate FHE as the technology matures, starting with encrypted aggregation and PII processing and expanding to encrypted AI inference as hardware catches up to the mathematics.