Home | Resources | Meetups | Conference 2025 | Join the community
Learner Track: Developer 
This learner track assumes you are a developer wanting to learn about FHE. To see other available Learner Tracks, click here.
Table of Contents
-
Generalities
- Ideal Use Cases
- Threat Model
-
Constraints
- Object Sizes
- Speed
- Precision
- Input Precision
- Output Precision
- Noise and Bootstrapping
- Approximation vs Exact Computation
-
Schemes and Libraries
- Table of Libraries
-
Get Started Coding
- Working Examples
Generalities
Fully homomorphic encryption (FHE) allows you to run computations on encrypted data without decrypting it first. As a developer, this means you’re able to write code that doesn’t jeopardize the privacy of your users.
Benefits of using FHE in your applications as a developer can include:
- Demonstrating a commitment to data privacy and security to your users, and enhancing user trust in your application.
- Improving security by performing computations on cloud data without exposing to potential threats or unauthorized access.
- Ensuring that sensitive data remains protected even when third-party sharing is a required property of your application
- Complying with privacy regulations and standards by default
Ideal Use Cases
Homomorphic encryption is ideal for some use cases more than others.
Cloud / Distributed Computing
| FHE enables secure computations on encrypted data stored in the cloud without the need to decrypt it. This preserves the confidentiality of sensitive data even when processed by third-party cloud service providers. | |
| Working Examples |
|
| More Reading | |
Data Analysis and Actions
| FHE allows for analysis and performing actions on encrypted data without revealing the actual content analysts. For instance, healthcare providers can conduct statistical analysis on confidential patient information without decrypting it, thus maintaining patient privacy. | |
| Working Examples |
|
| More Reading |
|
Machine Learning
| FHE enables machine learning models to be trained on encrypted data. This is beneficial when data owners are hesitant to share their data for privacy reasons. With FHE, data remains encrypted during the model training process, and only the encrypted model is shared. | |
| Working Examples |
Have examples to contribute? Add them here! |
| More Reading | |
Accounting / Banking
| FHE allows financial institutions to analyze encrypted financial transactions for fraud detection while maintaining client confidentiality. | |
| Working Examples | |
| More Reading | |
Blind and Private Databases
| FHE allows encrypted search and querying of databases without exposing search criteria or database contents, thus ensuring privacy for data owners who want to allow others to search and access information. | |
| Working Examples |
Working Examples
|
| More Reading | |
Threat model
Homomorphic encryption is not a silver bullet for all use cases. As with all cryptography, how practical or safe it is to use is ultimately dependent on the use case, implementation, library, and underlying scheme.
| Encryption Strength | The security of homomorphic encryption relies on the strength of the underlying encryption scheme. If the encryption scheme is compromised or broken, the encrypted data and computations could be exposed. |
| Implementation Flaws | Like any cryptographic system, the implementation of homomorphic encryption algorithms and protocols may introduce vulnerabilities. Implementation flaws, such as programming errors or side-channel attacks, could potentially compromise the security of the encrypted data. It's important to have your code audited, use libraries that are audited, and also schemes that have been publicly tested and accepted by the community as safe. |
| Metadata Leakage | While homomorphic encryption protects the content of the data, it does not hide the metadata associated with the encrypted computations. Metadata leakage could enable attackers to infer information about the encrypted data, such as its size, access patterns, or the type of computations being performed. |
| Key Management | Homomorphic encryption schemes typically require the management of encryption keys. Adequate key management practices, including key generation, distribution, storage, and revocation, are crucial to maintaining the security of the encrypted data. |
More Reading
- FHE as a Puzzle Piece by Nigel Smart on Jan 5, 2023
| Back to top |
Constraints
There are several constraints regarding the implementation of homomorphic encryption-based solutions. Each of these constraints needs to be considered carefully when implementing an FHE-based solution.
Choosing Parameters
| The target homomorphic encryption scheme needs to be initialized with parameters which are used throughout the computation. These parameters determine everything performance related: the security level, the efficiency of homomorphic operations, the size of key material, the input (and output) precision, how noise grows throughout the computation, and when a special operation called bootstrapping needs to be performed. We consider each of these issues below, one-by-one. |
---
title: A Competing Trade-off of Constraints
---
flowchart TB
Speed <--> Precision
Speed <--> Security
Speed <--> ObjectSizes
Speed <--> Noise
Noise <--> Precision
Noise <--> Security
Noise <--> ObjectSizes
ObjectSizes <--> Security
ObjectSizes <--> Precision
Precision <--> Security
Approximate vs Exact computation
| FHE schemes can be categorised in many ways. One of the most important distinctions is whether an FHE scheme is exact or approximate. In the first case computations are typically considered over the integers and correctness of output is guaranteed. In the latter case, a small error is incurred during computation, so that the output of a homomorphic function evaluation, such as computing `f(x)`, contains a small error: `f(x) + e`. |
Input Precision
| FHE schemes typically work over restricted input domains (for example: the integers modulo `p`). This means that when implementing an algorithm in FHE, it is important to consider whether the algorithm needs to be adapted to work over this domain. As an example, consider the `max()` function on real numbers: suppose that we want to compute the max of 0.001 and 8.764. Certain FHE schemes work modulo `p` (as mentioned above), so the first step is to figure out how to map our inputs, and the respective max algorithm, into this modular domain. | |
| Further Reading |
|
Output Precision
| For approximate schemes, such as CKKS, the homomorphic encryption scheme carries an implicit error which impacts the message. The parameters can be adapted to guarantee a specific output precision, but this is important to note when considering implementing solutions in CKKS. | |
| Further Reading |
|
Speed
| The speed of FHE-based operations is constantly improving. However, there is still a large slow-down compared to plaintext operations, and it is important to consider this when getting started. There are a variety of open-source implementations of various algorithms implemented in FHE, and looking at benchmarks for these applications can give a good indication of where FHE is at. | |
| Further Reading |
|
Object Sizes
| When data is encrypted using an FHE scheme, there is an expansion factor which needs to be considered. As an example, in the TFHE scheme, to encrypt somewhere in the order of 1-8 bits, a ciphertext will be of size 5 kilobytes. Evaluation keys, which are required for the server to carry out homomorphic operations over ciphertexts, can be very large. In particular, all evaluation keys stored on the server are just collections of ciphertexts, and can be in the order of tens of megabytes (or even over a gigabyte, in certain cases). This means that there is a high bandwidth requirement on FHE-based solutions. |
Noise and Bootstrapping
| As homomorphic operations are being computed, the level of noise contained in the utilised ciphertext grows. The noise level must not be allowed to overflow a specific bound, or errors can be introduced into computations. The process used to clear this noise is called bootstrapping, and, depending on the scheme, has a varying level of efficiency. | |
| Further Reading | |
Security
| It is important that the homomorphic encryption scheme is parameterised correctly to ensure a sufficient level of security. The security is related a problem called Learning with Errors, and we need to choose cryptographic parameters such that this problem is hard to solve. Luckily, there are many FHE-based tools which take the problem of parameter selection away from the user. Moreover, most FHE libraries typically have default parameter sets for which the security level has already been determined. | |
| Further Reading |
|
| Back to top |
Schemes and Libraries
Schemes
| Schemes are the mathematical algorithms that are used for the underlying FHE operations on data. There are several major schemes implemented in modern libraries, each taking a different approach that has their own benefits and drawbacks on what types of operations can be done, the depth of calculations, and the resulting latency. | |
Libraries
| Libraries are the software developers use to perform FHE operations easily, similarly to how one might use the `libsodium` library for basic cryptographic operations. Each library is designed for working with different schemes, some with multiple schemes and the ability to switch between them as needed. | |
|
Choosing the right scheme/library
Choosing which library/scheme is right for you can be confusing at first, but here are some considerations that help in the decision making process:
- What data types will you working with? (Large integers? Small integers / Booleans? Real / Complex values?)
- How parralelizable is your workflow?
- How deep are your typical calculations?
- What performance requirements do you have?
- How easy do you need implementation to be?
- How much existing code / support will you need?
In the following section, you’ll have a chance to use existing sample code and write your own code. If at that point you’re still unsure which library is right for you or have deeper questions about it the libraries and schemes, consider joining the FHE.org community on Discord and asking the community directly. We’re here to help!
| Back to top |
Start Coding
The best way to get started in FHE is to look at Tutorials. In particular: trying to read them, understand the code, and then extend the examples with your own code.
Below is a list of all resources from Tutorials and Examples found on various libraries repositories and some diagram to let you pick one library to start with. Note that every libraries have their own capabilities that are not covered here.
Select an FHE library
By Language
stateDiagram
Prog_lang: Where to start
Prog_lang: by language
Prog_lang --> C++
Prog_lang --> Rust
Prog_lang --> Go
Prog_lang --> Python
C++ --> OpenFHE
C++ --> SEAL
C++ --> HEAAN
C++ --> HELIB
Go --> LattiGo
TFHErs: TFHE-rs
Rust --> TFHErs
Python --> pyFHEL
Python --> Concrete
By Scheme
stateDiagram
Scheme: Where to start
Scheme: by FHE scheme
Scheme --> BFV
Scheme --> BGV
Scheme --> CKKS
Scheme --> TFHE
BFV --> OpenFHE
BGV --> OpenFHE
CKKS --> OpenFHE
TFHE --> OpenFHE
BFV --> SEAL
BGV --> SEAL
CKKS --> SEAL
TFHE --> Concrete
TFHErs: TFHE-rs
TFHE --> TFHErs
Tutorials
Here is a list of examples and tutorials from each libraries, with some keywords (prefixed with a #) to highlight the language, library, scheme and category they belong to.
Concrete
- Table Lookup #Python #concrete #tfhe #tutorial view
- Rounded Table Lookup #Python #concrete #tfhe #tutorial view
- TFHE floating points #Python #concrete #tfhe #tutorial view
- Encrypted Key value database #Python #concrete #tfhe #application view
- Client Server deployment #Python #concrete #tfhe #deployment view
Lattigo
This section is pending updates to the links.
- A Privacy-Preserving yet Accountable Ride-Hailing Service #Go #lattigo #BFV #application
- CKKS Lookup Table #ckks #Go #lattigo #tutorial
- CKKS Bootstrapping #ckks #Go #lattigo #tutorial
- Euler #ckks #Go #lattigo #tutorial
- Function evaluation #ckks #Go #lattigo #tutorial
- Private Information Retrieval example #bfv #Go #lattigo #application
- Private Set intersection example #bfv #Go #lattigo #application
- TFHE Lookup Table #tfhe #Go #lattigo #tutorial
- Vectorized oblivious evaluation #Go #lattigo #application
HEAAN
- Get started #C++ #HEAAN #ckks # tutorial view
HELIB
- CKKS basics #C++ #HELIB #ckks #tutorial view
- CKKS depth #C++ #HELIB #ckks #tutorial view
- CKKS data movement #C++ #HELIB #ckks #tutorial view
- CKKS matrix multiplication #C++ #HELIB #ckks #tutorial view
- CKKS multiplication #C++ #HELIB #ckks #tutorial view
- CKKS serialization #C++ #HELIB #ckks #tutorial view
- CKKS deserialization #C++ #HELIB #ckks #tutorial view
- BGV Binary arithmetic #C++ #HELIB #bgv #tutorial view
- Privacy Preserving search against an encrypted database / Country lookup #C++ #HELIB #bgv #application view
- BGV Packed arithmetic #C++ #HELIB #bgv #tutorial view
OpenFHE
- FHE for arithmetic over integers #C++ #openfhe #bfv #tutorial view
- FHE for arithmetic over integers #C++ #openfhe #bgv #tutorial view
- FHE for arithmetic over real numbers #C++ #openfhe #ckks #tutorial view
- advanced arithmetic over real numbers #C++ #openfhe #ckks #tutorial view next
- Arbitrary Smooth Function Evaluation #C++ #openfhe #ckks #tutorial view
- Simple CKKS Bootstrapping Example #C++ #openfhe #ckks #tutorial view
- Advanced CKKS Bootstrapping Example #C++ #openfhe #ckks #tutorial view
- Double-Precision (Iterative) Bootstrapping Example #C++ #openfhe #ckks #tutorial view
- FHE for Boolean circuits and larger plaintext spaces #C++ #openfhe #tfhe #tutorial view next next
- Large-Precision Comparison #C++ #openfhe #tfhe #tutorial view
- Small-Precison Arbitrary Function Evaluation #C++ #openfhe #tfhe #tutorial view
- Threshold FHE #C++ #openfhe #threshold #bgv #bfv #ckks #tutorial view
- Threshold FHE with 5 parties #C++ #openfhe #threshold #bfv #tutorial view
PyFHEL
- Integer Demo with BFV #python #PyFHEL #bfv #tutorial view
- Fixed-point FHE with CKKS scheme #python #PyFHEL #bfv #tutorial view
- Saving and Restoring objects #python #PyFHEL #tutorial view
- Client/Server demo #python #PyFHEL #deployment view
- Multiplication Depth with Integers and Noise budget #python #PyFHEL #bfv #ckks #tutorial view
- Scalar product #python #PyFHEL #bfv #ckks #tutorial view
- Hamming distance #python #pyFHEL #bfv #application view
SEAL
- Encrypted modular arithmetic using the BFV scheme #C++ #Seal #bfv #tutorial view
- Encoding more complex data into Microsoft SEAL plaintext objects #C++ #Seal #tutorial view
- Introduces the concept of levels; prerequisite for using the CKKS scheme #C++ #Seal #ckks #tutorial view
- Encrypted modular arithmetic using the BGV scheme #C++ #Seal #bgv #tutorial view
- Encrypted real number arithmetic using the CKKS scheme #C++ #Seal #ckks #tutorial view
- Performing cyclic rotations on encrypted vectors in the BFV and CKKS schemes #C++ #Seal #bfv #ckks #tutorial view
- Serializing objects in Microsoft SEAL #C++ #Seal #tutorial view
- Performance tests #C++ #Seal #benchmark view
TFHE-rs
- Integer operations #Rust #tfhe-rs #tfhe #tutorial view
- Integer Serialization/Deserialization view
- Boolean operations #Rust #tfhe-rs #tfhe #tutorial view
- Boolean serialization #Rust #tfhe-rs #tfhe #tutorial view
- C-API #C #tfhe-rs #tfhe #tutorial view
- WASM-API #JS #tfhe-rs #tfhe #tutorial view
- FHE SHA256 #Rust #tfhe-rs #tfhe #tutorial view
- Encrypted Regular Expression engine #Rust #tfhe-rs #tfhe #application view
- Dark Market in FHE #Rust #tfhe-rs #tfhe #application view
| Back to top |
💙 This website is a resource provided and contributed by the FHE.org community and is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. We welcome any contributions to this website! Read the contribution guidelines first and simply open a PR on the Github repo to add your resources.