TECHNOLOGIES

Homomorphic Encryption

Fully Homomorphic Encryption (FHE)

A cryptographic technique that lets a server compute on encrypted data without ever decrypting it.

Last reviewed: byKevin Riedl wiki ↗

Homomorphic encryption lets someone run a computation on your data while the data stays encrypted the whole time. The client encrypts the input, the server computes blind, and only the client can decrypt the result. The server learns nothing, not even the answer. Fully homomorphic encryption (FHE) is the general form: any computation, unlimited depth, at a price.

The price is the whole story. FHE runs roughly 1,000x to 10,000x slower than the same computation in plaintext, which rules out interactive workloads and anything frontier-model-sized. What ships in production is the narrow pattern: private lookups and small, well-defined computations. Apple’s Live Caller ID Lookup checks unknown callers against a server database without revealing the phone number (BFV scheme), Microsoft Edge checks passwords against breach corpora without seeing them, and Zama’s protocol settles encrypted transactions on Ethereum at tens of transactions per second. Nobody runs their backend under FHE, including the companies with the deepest pockets.

In practice, “FHE” is a family of schemes with different sweet spots: TFHE for encrypted logic and comparisons, CKKS for approximate numbers and machine learning, BGV/BFV for exact integer lookups. Tooling is open source and usable by strong engineering teams (Zama’s TFHE-rs and Concrete ML, OpenFHE, Apple’s Swift library), but parameter selection and performance engineering remain specialist work. If the goal is proving a fact rather than computing on hidden data, zero-knowledge proofs are the better tool; if a hardware trust root is acceptable, a trusted execution environment does the same job at near-native speed. Our FHE deep dive carries the sourced 2026 numbers, and the decision framework covers when FHE beats the alternatives.

// FAQ

FAQs

For narrow workloads, yes: private lookups (the Apple and Microsoft pattern), small-model ML inference, and encrypted logic at tens of transactions per second. For general-purpose or real-time computation, no: the overhead is still three to four orders of magnitude versus plaintext.
ZK proves a statement is true without revealing the evidence; FHE computes on data that stays encrypted. Use ZK when a third party must verify something, FHE when an untrusted party must compute on data it may never see. They compose well: many architectures use both.
Zama’s TFHE-rs for encrypted logic, Concrete ML for private inference on small models, OpenFHE for CKKS-style analytics, and Apple’s swift-homomorphic-encryption for private lookups. All open source; the cost sits in parameter selection and performance engineering, not licensing.