menu icon

    Fully Homomorphic Encryption

    Machine-learning models are often trained at scale in the cloud, which isn’t always secure. To safeguard data, we can train AI models with encrypted data sets without making the secret key available. Fully Homomorphic Encryption (FHE) addresses the security gap when processing data, providing security and privacy, at rest, in transit and during processing.


    The first plausible fully homomorphic scheme was introduced by Craig Gentry from IBM Research in 2009. Until then it wasn’t possible to perform an arbitrary amount of multiplication and addition operations on encrypted data due to the inherent growth of “noise” in the ciphertext after each compute operation, effectively reaching a point in which the ciphertext can no longer be decrypted. This limitation meant that FHE was predominantly applicable to toy examples. FHE is built on sound mathematical constructs, specifically lattice and learning with errors (LWE) problems. These problems are universally considered difficult to solve without any known efficient algorithms to do so. They likely would even prove too taxing for a quantum computer to solve, which is why FHE is considered quantum-safe. Although FHE has a symmetric-key function, it is mostly used as a public key cryptography scheme, where a secret private key is used to generate and share public and evaluation keys. The introduction of the “bootstrapping” mechanism by Gentry, which cleans and reduces the amount of “noise” in the ciphertext, opened the door for the potential ubiquitous use of FHE in industry. Novel and more efficient schemes have been developed since its introduction, such as the fourth-generation Cheon-Kim-Kim-Song (CKKS) scheme, which is efficient for floating point calculations, like those used in machine learning algorithms. Traditional encryption schemes such as AES and RSA provide strong cryptographical guarantees on the security of data at rest and in transit, but don’t address the critical protection of data while in processing. With FHE, data always remains encrypted at rest, in transit, and during processing. AI models can be trained using data it cannot “see” to produce a model that only the data owner could decrypt and manipulate, as the holder of the private secret key. FHE provides end-to-end data security and privacy with strong cryptographic guarantees.

    Our work