Somewhat/Fully Homomorphic Encryption: Implementation Progresses and Challenges

  • Guillaume Bonnoron
  • Caroline FontaineEmail author
  • Guy Gogniat
  • Vincent Herbert
  • Vianney Lapôtre
  • Vincent Migliore
  • Adeline Roux-Langlois
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10194)


The proposed article aims, for readers, to learn about the existing efforts to secure and implement Somewhat/Fully Homomorphic Encryption ((S/F)HE) schemes and the problems to be tackled in order to progress toward their adoption. For that purpose, the article provides, at first, a brief introduction regarding (S/F)HE. Then, it focuses on some practical issues related to the adoption of (S/F)HE schemes, i.e. the security parameters, the existing implementations and their limitations, and the management of the huge complexity caused by homomorphic calculation. These issues are analyzed with the help of recent related work published in the literature, and with the experience gained by the authors through their experiments.


Homomorphic Encryption Data privacy Confidentiality Security Real world 



This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 643964.


  1. [ABD16]
    Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched ntru assumptions: cryptanalysis of some fhe and graded encoding schemes. Cryptology ePrint Archive, Report 2016/127 (2016)Google Scholar
  2. [AMFF+13]
    Aguilar-Melchor, C., Fau, S., Fontaine, C., Gogniat, G., Sirdey, R.: Recent advances in homomorphic encryption: a possible future for signal processing in the encrypted domain. IEEE Sig. Process. Mag. 30(2), 108–117 (2013)CrossRefGoogle Scholar
  3. [AMGH10]
    Melchor, C.A., Gaborit, P., Herranz, J.: Additively homomorphic encryption with d-operand multiplications. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 138–154. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_8 CrossRefGoogle Scholar
  4. [APS15]
    Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptology 9(3), 169–203 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  5. [ARS+15]
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_17 Google Scholar
  6. [BEHZ16]
    Bajard, J.-C., Eynard, J., Hasan, A., Zucca, V.: A full RNS variant of FV like somewhat homomorphic encryption schemes. Cryptology ePrint Archive, Report 2016/510 (2016).
  7. [BGN05]
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30576-7_18 CrossRefGoogle Scholar
  8. [BGV12]
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference - ITCS 2012, pp. 309–325. ACM (2012)Google Scholar
  9. [BLLN13]
    Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 45–64. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-45239-0_4 CrossRefGoogle Scholar
  10. [BN05]
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). doi: 10.1007/11693383_22 CrossRefGoogle Scholar
  11. [Bon98]
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). doi: 10.1007/BFb0054851 CrossRefGoogle Scholar
  12. [BPB09]
    Bianchi, T., Piva, A., Barni, M.: On the implementation of the discrete Fourier transform in the encrypted domain. IEEE Trans. Inf. Forensics Secur. 4(1), 86–97 (2009)CrossRefGoogle Scholar
  13. [Bra12]
    Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868–886. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_50 CrossRefGoogle Scholar
  14. [Bre]
    Brenner, M.: Hcrypt project.
  15. [BV11]
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (Standard) LWE. In: Proceedings of FOCS, pp. 97–106 (2011)Google Scholar
  16. [BV14]
    Brakerski, Z., Vaikuntanathan, V.: Lattice-based fhe as secure as pke. In: Proceedings of the 5th Conference on Innovations in Theoretical Computer Science - ITCS 2014, pp. 1–12. ACM (2014)Google Scholar
  17. [CCF+16]
    Canteaut, A., Carpov, S., Fontaine, C., Lepoint, T., Naya-Plasencia, M., Paillier, P., Sirdey, R.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 313–333. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-52993-5_16 CrossRefGoogle Scholar
  18. [CCK+13]
    Cheon, J.H., Coron, J.-S., Kim, J., Lee, M.S., Lepoint, T., Tibouchi, M., Yun, A.: Batch fully homomorphic encryption over the integers. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 315–335. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_20 CrossRefGoogle Scholar
  19. [CDS15]
    Carpov, S., Dubrulle, P., Sirdey, R.: Armadillo: a compilation chain for privacy preserving applications. In: Proceedings of the 3rd International Workshop on Security in Cloud Computing, pp. 13–19. ACM (2015)Google Scholar
  20. [CF15]
    Catalano, D., Fiore, D.: Using linearly-homomorphic encryption to evaluate degree-2 functions on encrypted data. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October, pp. 1518–1529. ACM (2015)Google Scholar
  21. [CGGI16a]
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 3–33. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53887-6_1 CrossRefGoogle Scholar
  22. [CGGI16b]
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: A homomorphic LWE based e-voting scheme. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 245–265. Springer, Cham (2016). doi: 10.1007/978-3-319-29360-8_16 CrossRefGoogle Scholar
  23. [CMO+]
    Cao, X., Moore, C., O’Neill, M., Hanley, N., O’Sullivan, E.: High-speed fully homomorphic encryption over the integers. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44774-1_14 Google Scholar
  24. [CNT12]
    Coron, J.-S., Naccache, D., Tibouchi, M.: Public key compression and modulus switching for fully homomorphic encryption over the integers. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 446–464. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_27 CrossRefGoogle Scholar
  25. [Cor]
    Coron, J.-S.: An implementation of the DGHV fully homomorphic scheme.
  26. [Cry16]
    CryptoExperts: FV-NFLlib (2016).
  27. [DGBL+15]
    Dowlin, N., Gilad-Bachrach, R., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: Manual for using homomorphic encryption for bioinformatics. Technical report MSR-TR-2015-87, November 2015Google Scholar
  28. [DHS14]
    Doröz, Y., Yin, H., Sunar, B.: Homomorphic AES evaluation using NTRU. IACR Cryptology ePrint Archive 2014:39 (2014)Google Scholar
  29. [DLMW15]
    Dinur, I., Liu, Y., Meier, W., Wang, Q.: Optimized interpolation attacks on LowMC. IACR Cryptology ePrint Archive 2015:418 (2015)Google Scholar
  30. [DLR16]
    Duval, S., Lallemand, V., Rotella, Y.: Cryptanalysis of the FLIP family of stream ciphers. IACR Cryptology ePrint Archive (271) (2016)Google Scholar
  31. [DOS13]
    Doroz, Y., Ozturk, E., Sunar, B.: Evaluating the hardware performance of a million-bit multiplier. In: Proceedings of Euromicro Conference on Digital System Design – DSD 2013 (2013)Google Scholar
  32. [DS16]
    Doröz, Y., Sunar, B.: Flattening ntru for evaluation key free homomorphic encryption. Cryptology ePrint Archive, Report 2016/315 (2016)Google Scholar
  33. [DSES14]
    Doröz, Y., Shahverdi, A., Eisenbarth, T., Sunar, B.: Toward practical homomorphic evaluation of block ciphers using prince. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 208–220. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44774-1_17 Google Scholar
  34. [ElG85]
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor. 31(4), 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  35. [FG07]
    Fontaine, C., Galand, F.: A survey of homomorphic encryption for nonspecialists. EURASIP J. Inf. Secur. 2007(1), 1–15 (2007)CrossRefGoogle Scholar
  36. [FHK16]
    Fouque, P.-A., Hadjibeyli, B., Kirchner, P.: Homomorphic evaluation of lattice-based symmetric encryption schemes. In: Dinh, T.N., Thai, M.T. (eds.) COCOON 2016. LNCS, vol. 9797, pp. 269–280. Springer, Cham (2016). doi: 10.1007/978-3-319-42634-1_22 CrossRefGoogle Scholar
  37. [Fre10]
    Freeman, D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 44–61. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_3 CrossRefGoogle Scholar
  38. [FSF+13]
    Fau, S., Sirdey, R., Fontaine, C., Aguilar-Melchor, C., Gogniat, G.: Towards practical program execution over fully homomorphic encryption schemes. In: Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 284–290. IEEE (2013)Google Scholar
  39. [FV12]
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive 2012:144 (2012)Google Scholar
  40. [Gen09a]
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)Google Scholar
  41. [Gen09b]
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, vol. 9, pp. 169–178 (2009)Google Scholar
  42. [GH11]
    Gentry, C., Halevi, S.: Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In: IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS 2011), pp. 107–109. IEEE (2011)Google Scholar
  43. [GHS12a]
    Gentry, C., Halevi, S., Smart, N.P.: Fully homomorphic encryption with polylog overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_28 CrossRefGoogle Scholar
  44. [GHS12b]
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_49 CrossRefGoogle Scholar
  45. [GLN12]
    Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37682-5_1 CrossRefGoogle Scholar
  46. [GSW13]
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_5 CrossRefGoogle Scholar
  47. [Hal]
    Halevi, S.: HElib.
  48. [HF17]
    Herbert, V., Fontaine, C.: Software Implementation of 2-Depth Pairing-based Homomorphic Encryption Scheme, Cryptology ePrint Archive, Report 2017/091 (2017).
  49. [KF16]
    Kirchner, P., Fouque, P.-A.: Comparison between subfield and straightforward attacks on NTRU. Cryptology ePrint Archive, 2016/717 (2016)Google Scholar
  50. [KGV15]
    Khedr, A., Gulak, G., Vaikuntanathan, V.: SHIELD: scalable homomorphic implementation of encrypted data-classifiers. IEEE Trans. Comput. PP(99), 1 (2015)Google Scholar
  51. [LCP16]
    Laine, K., Chen, H., Player, R.: Simple encrypted arithmetic library - seal (v2.1). Technical report, September 2016Google Scholar
  52. [Lep]
    Lepoint, T.: A proof-of-concept implementation of the homomorphic evaluation of SIMON using FV and YASHE.
  53. [LLN14]
    Lauter, K., López-Alt, A., Naehrig, M.: Private computation on encrypted genomic data. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 3–27. Springer, Cham (2015). doi: 10.1007/978-3-319-16295-9_1 Google Scholar
  54. [LN14]
    Lepoint, T., Naehrig, M.: A comparison of the homomorphic encryption schemes FV and YASHE. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 318–335. Springer, Cham (2014). doi: 10.1007/978-3-319-06734-6_20 CrossRefGoogle Scholar
  55. [MBF16]
    Migliore, V., Bonnoron, G., Fontaine, C.: Determination and exploration of practical parameters for the latest somewhat homomorphic encryption (SHE) schemes. Working paper or preprint, October 2016Google Scholar
  56. [MJSC16]
    Méaux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 311–343. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_13 CrossRefGoogle Scholar
  57. [MMRL+17]
    Migliore, V., Real, M.M., Lapotre, V., Tisserand, A., Fontaine, C., Gogniat, G.: Hardware/software co-design of an accelerator for FV homomorphic encryption scheme using Karatsuba algorithm. IEEE Trans. Comput. (2017, accepted)Google Scholar
  58. [NLV11]
    Naehrig, M., Lauter, K.E., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: ACM CCSW, pp. 113–124. ACM (2011)Google Scholar
  59. [NNS10]
    Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 109–123. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14712-8_7 CrossRefGoogle Scholar
  60. [Pai99]
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi: 10.1007/3-540-48910-X_16 Google Scholar
  61. [Pei16]
    Peikert, C.: How (not) to instantiate ring-LWE. In: Zikas, V., Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 411–430. Springer, Cham (2016). doi: 10.1007/978-3-319-44618-9_22 CrossRefGoogle Scholar
  62. [PNPM]
    Pöppelmann, T., Naehrig, M., Putnam, A., Macias, A.: Accelerating homomorphic evaluation on reconfigurable hardware. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 143–163. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_8 CrossRefGoogle Scholar
  63. [PV15]
    Paindavoine, M., Vialla, B.: Minimizing the number of bootstrappings in fully homomorphic encryption. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 25–43. Springer, Cham (2016). doi: 10.1007/978-3-319-31301-6_2 CrossRefGoogle Scholar
  64. [Rec16]
    Rechberger, C.: The FHEMPCZK-Cipher Zoo. Presented at the FSE Rump Session (2016)Google Scholar
  65. [Sol11]
    Solinas, J.A.: Generalized mersenne prime. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 509–510. Springer, New York (2011)Google Scholar
  66. [SRJV+]
    Sinha Roy, S., Järvinen, K., Vercauteren, F., Dimitrov, V., Verbauwhede, I.: Modular hardware architecture for somewhat homomorphic function evaluation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 164–184. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_9 CrossRefGoogle Scholar
  67. [SV10]
    Smart, N.P., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_25 CrossRefGoogle Scholar
  68. [SV14]
    Smart, N.P., Vercauteren, F.: Fully homomorphic simd operations. Des. Codes Crypt. 71(1), 57–81 (2014)CrossRefzbMATHGoogle Scholar
  69. [vDGHV10]
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_2 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Guillaume Bonnoron
    • 1
    • 2
  • Caroline Fontaine
    • 2
    Email author
  • Guy Gogniat
    • 3
  • Vincent Herbert
    • 2
    • 4
  • Vianney Lapôtre
    • 3
  • Vincent Migliore
    • 3
  • Adeline Roux-Langlois
    • 5
  1. 1.Chair of Naval Cyber Defense, Ecole Navale - CC600Brest Cedex 9France
  2. 2.CNRS and IMT Atlantique, UMR 6285, Lab-STICCBrest cedex 3France
  3. 3.Univ. Bretagne-Sud, UMR 6285, Lab-STICCLorientFrance
  4. 4.CEA LISTGif-sur-Yvette CedexFrance
  5. 5.CNRS - IRISARennesFrance

Personalised recommendations