Faster Packed Homomorphic Operations and Efficient Circuit Bootstrapping for TFHE

  • Ilaria ChillottiEmail author
  • Nicolas Gama
  • Mariya Georgieva
  • Malika Izabachène
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10624)


In this paper, we present several methods to improve the evaluation of homomorphic functions in TFHE, both for fully and for leveled homomorphic encryption. We propose two methods to manipulate packed data, in order to decrease the ciphertext expansion and optimize the evaluation of look-up tables and arbitrary functions in \({\mathrm {RingGSW}}\) based homomorphic schemes. We also extend the automata logic, introduced in [12, 19], to the efficient leveled evaluation of weighted automata, and present a new homomorphic counter called \(\mathrm {TBSR}\), that supports all the elementary operations that occur in a multiplication. These improvements speed-up the evaluation of most arithmetic functions in a packed leveled mode, with a noise overhead that remains additive. We finally present a new circuit bootstrapping that converts \(\mathsf {LWE}\) into low-noise \({\mathrm {RingGSW}}\) ciphertexts in just 137 ms, which makes the leveled mode of TFHE composable, and which is fast enough to speed-up arithmetic functions, compared to the gate-by-gate bootstrapping given in [12]. Finally, we propose concrete parameter sets and timing comparison for all our constructions.


FHE Leveled Bootstrapping LWE GSW Packing Weighted automata Arithmetic 



This work has been supported in part by the CRYPTOCOMP project.


  1. 1.
    Alperin-Sheriff, J., Peikert, C.: Faster bootstrapping with polynomial error. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 297–314. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  2. 2.
    Benarroch, D., Brakerski, Z., Lepoint, T.: FHE over the integers: decomposed and batched in the post-quantum regime. Cryptology ePrint Archive, 2017/065Google Scholar
  3. 3.
    Benhamouda, F., Lepoint, T., Mathieu, C., Zhou, H.: Optimization of bootstrapping in circuits. In: ACM-SIAM, pp. 2423–2433 (2017)Google Scholar
  4. 4.
    Biasse, J.-F., Ruiz, L.: FHEW with efficient multibit bootstrapping. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 119–135. Springer, Cham (2015). CrossRefGoogle Scholar
  5. 5.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. In: ITCS, pp. 309–325 (2012)Google Scholar
  6. 6.
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Proceedings of 45th STOC, pp. 575–584. ACM (2013)Google Scholar
  7. 7.
    Brakerski, Z., Perlman, R.: Lattice-based fully dynamic multi-key FHE with short ciphertexts. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 190–213. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  8. 8.
    Brakerski, Z., Vaikuntanathan, V.: Lattice-based FHE as secure as PKE. In: ITCS, pp. 1–12 (2014)Google Scholar
  9. 9.
    Buchsbaum, A.L., Giancarlo, R., Westbrook, J.R.: On the determinization of weighted finite automata. SIAM J. Comput. 30(5), 1502–1531 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Cheon, J.H., Coron, J.-S., Kim, J., Lee, M.S., Lepoint, T., Tibouchi, M., Yun, A.: Batch fully homomorphic encryption over the integers. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 315–335. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  11. 11.
    Cheon, J.H., Stehlé, D.: Fully homomophic encryption over the integers revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 513–536. Springer, Heidelberg (2015). Google Scholar
  12. 12.
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 3–33. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  13. 13.
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: A homomorphic LWE based e-voting scheme. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 245–265. Springer, Cham (2016). CrossRefGoogle Scholar
  14. 14.
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption library, August 2016.
  15. 15.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Scale-invariant fully homomorphic encryption over the integers. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 311–328. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  16. 16.
    Droste, M., Gastin, P.: Weighted automata and weighted logics. In: Droste, M., Kuich, W., Vogler, H. (eds.) Handbook of Weighted Automata. Monographs in Theoretical Computer Science. An EATCS Series, pp. 175–211. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  17. 17.
    Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). Google Scholar
  18. 18.
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption (2012).
  19. 19.
    Gama, N., Izabachène, M., Nguyen, P.Q., Xie, X.: Structural lattice reduction: generalized worst-case to average-case reductions. In: EUROCRYPT 2016, ePrint Archive, 2014/283Google Scholar
  20. 20.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009)Google Scholar
  21. 21.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  22. 22.
    Halevi, S., Shoup, I.V.: HElib - an implementation of homomorphic encryption, September 2014.
  23. 23.
    Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014). CrossRefGoogle Scholar
  24. 24.
    Lepoint, T.: FV-NFLlib: library implementing the Fan-Vercauteren homomorphic encryption scheme, May 2016.
  25. 25.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  26. 26.
    Paindavoine, M., Vialla, B.: Minimizing the number of bootstrappings in fully homomorphic encryption. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 25–43. Springer, Cham (2016). CrossRefGoogle Scholar
  27. 27.
    Hiromasa, R., Abe, M., Okamoto, T.: Packing messages and optimizing bootstrapping in GSW-FHE. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 699–715. Springer, Heidelberg (2015). Google Scholar
  28. 28.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93 (2005)Google Scholar
  29. 29.
    SEAL. Simple encrypted arithmetic library.
  30. 30.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Ilaria Chillotti
    • 2
    Email author
  • Nicolas Gama
    • 1
    • 2
  • Mariya Georgieva
    • 3
  • Malika Izabachène
    • 4
  1. 1.InpherLausanneSwitzerland
  2. 2.Laboratoire de Mathématiques de VersaillesUVSQ, CNRS, Université Paris-SaclayVersaillesFrance
  3. 3.GemaltoMeudonFrance
  4. 4.CEA LISTGif-sur-Yvette CedexFrance

Personalised recommendations