Fully Homomorphic Encryption FHE: Introduction and Application Scenarios

The term "encryption" usually evokes thoughts of static encryption and encryption in transit. Static encryption refers to encrypting data and storing it on hardware devices or cloud servers, where only authorized personnel can view the decrypted content. Encryption in transit ensures that data transmitted over the internet can only be interpreted by designated recipients; even if the data passes through public routers or channels, intermediaries cannot decrypt it.

Both of these scenarios rely on encryption algorithms and additionally ensure data integrity. "Authenticated encryption" not only prevents unauthorized decryption of ( confidentiality ), but also prevents a man-in-the-middle from tampering with the ciphertext ( integrity/authenticity ).

Some multi-party collaboration scenarios require complex processing of encrypted data, which falls under the category of privacy protection technology. fully homomorphic encryption ( FHE ) is one of them. For example, in online voting: voters submit their encrypted votes to an intermediary entity, which aggregates all results and calculates the vote count for each candidate, ultimately only announcing the final result.

In traditional "authenticated encryption" schemes, the intermediary responsible for the tally must decrypt all voting data to perform the counting, which exposes individual voting results. Unlike paper ballots, traditional cryptographic mechanisms struggle to separate encrypted ballots from voter identities while ensuring data integrity.

One solution is to add a hardware isolation wall around the voting intermediary, such as a Trusted Execution Environment ( TEE ). However, hardware vulnerabilities may lead to the leakage of decryption keys and are difficult to fix.

Fully homomorphic encryption ( FHE ) technology can handle this scenario. FHE allows for function computation directly on ciphertext, obtaining encrypted computation results without decryption, thereby protecting privacy.

In FHE, the mathematical construction of the function 𝑓 is public, so the processing of the input ciphertext 𝑥 to produce the output result 𝑓(𝑥) can be executed in the cloud without leaking privacy. It should be noted that both 𝑥 and 𝑓(𝑥) are ciphertexts and require a key for decryption, typically using the same decryption key.

FHE is a compact encryption scheme, where the size of the ciphertext and the decryption workload of the output result 𝑓(𝑥) depend only on the original plaintext of the input data 𝑥, not on the computation process. This is different from non-compact encryption systems, which simply concatenate 𝑥 with the source code of the function 𝑓, allowing the receiver to decrypt 𝑥 and input it into 𝑓 for computation.

In practice, the FHE outsourcing model is often viewed as an alternative to secure execution environments such as TEE. The security of FHE is based on cryptographic algorithms and does not rely on hardware devices, thus it is not affected by passive side-channel attacks or attacks on cloud servers. For scenarios requiring outsourcing of sensitive data computation, FHE is more secure and reliable than cloud-based virtual machines or TEE.

To crack private information in an FHE system, it is necessary to break its cryptographic algorithm, which is nearly impossible currently. However, an attacker might modify the output result 𝑓(𝑥) through active side-channel attacks. This type of attack can be mitigated in FHE design by employing computational process redundancy.

FHE typically uses several sets of keys:

1. Decryption Key: Master Key, generated locally by the user, never shared externally, and can only be used by the holder to decrypt FHE ciphertext.

2. Encryption Key: Used in public key mode to convert plaintext into ciphertext. It is used when the person generating the initial ciphertext is not the main key holder. Typically consists of random zero encryption, sufficient to encrypt any message.

3. Compute the key: used for performing homomorphic operations on ciphertext 𝑥, allowing function computation without decryption. It can be publicly released, and the recipient can only perform homomorphic operations without being able to decrypt ciphertext 𝑥.

The holder of the decryption key is the most sensitive, responsible for ensuring the entire homomorphic operation chain is effective and secure, ultimately decrypting to obtain the plaintext result. Malicious operations may lead to key leakage during decryption, but homomorphic operations can be publicly verified.

FHE has several common scenarios/patterns:

1. Outsourcing Model: Alice has private data but limited computing power, while Bob has strong computing resources but does not contribute private data. Alice encrypts the input parameters and sends them to Bob, who performs homomorphic computation and returns the encrypted result. This is mainly used in the PIR( private information retrieval ) scenario.

2. Two-party computation model: Bob contributes private data in the computation. Applicable to e-commerce applications such as the "Millionaire Problem."

3. Aggregation Mode: An improvement over the outsourcing model, aggregating data from multiple participants. Used for federated learning and online voting systems.

4. Client-Server Model: An improved two-party computation model where the server provides FHE computation for multiple independent key clients. Used for private AI model computation services.

FHE is easier to use in multi-party cooperation scenarios, as all parties have the motivation to comply with the agreement. In non-cooperative scenarios, redundancy ( such as multi-signature/consensus ) can be introduced to ensure computational correctness. Fully Homomorphic Signature is another method that does not require third-party verification.

To ensure that the recipient only decrypts the final result, access to the intermediate ciphertext can be restricted, or secret sharing can be used to distribute the decryption keys.

Homomorphic Encryption is divided into partially homomorphic encryption ( PHE ), leveled homomorphic encryption ( LHE ), and fully homomorphic encryption ( FHE ). FHE can support arbitrary computational tasks, and its parameters do not increase with the complexity of the tasks. However, FHE requires periodic execution of costly bootstrapping operations to control noise.