A Review of Homomorphic Encryption Libraries for Secure Computation

by   Sai Sri Sathya, et al.

In this paper we provide a survey of various libraries for homomorphic encryption. We describe key features and trade-offs that should be considered while choosing the right approach for secure computation. We then present a comparison of six commonly available Homomorphic Encryption libraries - SEAL, HElib, TFHE, Paillier, ELGamal and RSA across these identified features. Support for different languages and real-life applications are also elucidated.



There are no comments yet.


page 1

page 2

page 3

page 4


Toward Efficient Evaluation of Logic Encryption Schemes: Models and Metrics

Research in logic encryption over the last decade has resulted in variou...

Computing Power, Key Length and Cryptanalysis. An Unending Battle?

There are several methods to measure computing power. On the other hand,...

Secure and Private Implementation of Dynamic Controllers Using Semi-Homomorphic Encryption

This paper presents a secure and private implementation of linear time-i...

A survey on Functional Encryption

Functional Encryption (FE) expands traditional public-key encryption in ...

Comparative study of Joint Image Encryption and Compression Schemes: A Review

With the development of imaging methods in wireless communications, enha...

Implementing Homomorphic Encryption Based Secure Feedback Control for Physical Systems

This paper is about an encryption based approach to the secure implement...

Hardware Design and Analysis of the ACE and WAGE Ciphers

This paper presents the hardware design and analysis of ACE and WAGE, tw...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Homomorphic Encryption is a method of secure computation on encrypted data (ciphertext) such that the result of the computation is also a ciphertext. Once this resultant ciphertext is decrypted, the decrypted result should match the output of operations on the corresponding unencrypted (plaintext) data.

For example, a hospital that has a significant amount of private and sensitive information on patients can homomorphically encrypt the data and send it to a third party for analysis. The third party can perform calculations on encrypted data and send the results (also encrypted) back to the hospital. The hospital can then view the results by decrypting the data using a private key.

There are several schemes of homomorphic encryption categorized based on the number of operations allowed on the encrypted data. For a cryptosystem to be Fully Homomorphic (FHE) it should support any number of arbitrary computations. Brakerski-Gentry-Vaikuntanathan (BGV) [1] and CGGI [2, 3] are examples of Fully Homomorphic schemes. In practice, Fully Homomorphic schemes have tremendous overhead and are computationally very expensive. Somewhat Homomorphic Encryption (SWHE) schemes are practically more feasible but allow only certain operations on encrypted data and limit the number of computations as the Ciphertext size increases with each step due to noise. Some examples of Somewhat Homomorphic Encryption schemes are [4, 5, 6, 7, 8]. Partially Homomorphic Encryption (PHE) schemes such as [9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19] allow only one type of operation any number of times - either addition or multiplication on encrypted data as compared to Somewhat Homomorphic schemes that support both. Generation of such schemes continues to be an active area of research and development of standards for homomorphic encryption has recently taken-off as described in [20, 21]. Below is an example to introduce the high-level concept of homomorphic encryption:

  1. Let m be the plaintext message

  2. Let a shared public key be a random odd integer

  3. Choose a random large , small ,

  4. Ciphertext (Ciphertext is close to multiple of )

  5. Perform homomorphic addition / multiplication as required

  6. Decrypt:

In this case, the corresponding homomorphic operations of addition and multiplication are given below:

Homomorphic Addition

Homomorphic Multiplication

If more complicated functions that require operations other than addition and multiplication need to be homomorphically encrypted, an alternative would be to generate a polynomial approximation (using Taylor series for example) and then apply homomorphic encryption on the resulting polynomial instead.

Homomorphic encryption libraries are based on different schemes and hence feature different behavior. Microsoft’s SEAL(V2.3.1) [22] is based on BFV [4], HElib is based on BGV [1] and TFHE is based on CGGI [2, 3].

2 Features of Homomorphic Encryption Libraries

In this section we introduce important features of homomorphic encryption libraries. Features such as asymmetry, negative computations, noise budget, recrypt, ciphertext packing, bootstrapping [1, 2] and relinearization are discussed in subsections 2.1 and 2.2. In sub-section 2.3, operations (atomic) allowed by various libraries are discussed and supported languages are also mentioned for all the libraries.

2.1 Basic features

2.1.1 Asymmetry

All homomorphic encryption libraries in this study have been implemented in an asymmetric manner where they use a pair of keys for encryption and decryption of data. To be specific, keys used in asymmetric cryptography include a public key to encrypt the plaintext data which may be shared widely and a private key to decrypt the encrypted result. This is different from symmetric cryptographic systems that use a single key to encrypt the plaintext as well as decrypt the ciphertext.

2.1.2 Serialization

Certain homomorphic encryption libraries such as SEAL, HElib and TFHE provide custom APIs to serialize (and deserialize) keys and ciphertexts for local storage and retrieval. Libraries that dont provide this feature require the developers to create their own implementation of serialization (which could be challenging with the complex data type) unless the ciphertext can be represented in a primitive type such as String or BigInteger using the same library.

2.1.3 Negative computations

Negative computations correspond to subtracting operand 1 with operand 2 (where operand 2 operand 1). This means the result of this computation should be a negative number. Microsoft SEAL(V2.3.1) uses BFV and Cheon-Kim-Kim-Song (CKKS) for encryption. In this scheme the integers or real numbers correspond to polynomials in a specifically chosen ring [23]. Different kinds of encoders such as Integer, Scalar, Fractional, PolyCRTBuilder can be used to convert the integers/reals in the input data into the corresponding coefficients in the polynomial space. In SEAL, if the ciphertext is encoded using ‘Integer Encoder’ or ‘Fractional Encoder’ then the negative computations are supported. On the other hand, if the ciphertext is composed and encrypted using a ‘PolyCRTBuilder’ then the resultant ciphertext after homomorphic subtraction will not be negative. This is due to the limitations in the chinese remainder theorem when dealing with absolute values.

2.1.4 Encryption Parameters, Ciphertext Size and Memory Requirements

Implementing homomorphic encryption through any library requires certain encryption parameters such as polynomial modulus, coefficient modulus, plain modulus, noise standard deviation, a random generator, etc to be initialized. Choice of these parameters can significantly affect the size of the ciphertext, RAM required, noise budget (refer section 2.2.1), speed, performance and security

[22] of the encryption. Size of the ciphertext is usually large with the complex Ciphertext data type in libraries like SEAL and HElib and operations such as matrix rotation that use Galois keys (in SEAL) could result in huge RAM requirements.

Basic Features SEAL HElib TFHE Paillier ELGamal RSA
Asymmetric Yes Yes Yes Yes Yes Yes
Serialization and Deserialization of keys and ciphertexts Yes Yes Yes No No No
Negative computations support Yes No No No No No
Ciphertext size (less than 1MB for 1 input) No No Yes Yes Yes Yes
Can run on less than 2GB RAM No Yes Yes Yes Yes Yes
Table 1: Comparison of Homomorphic Encryption libraries based on basic features

2.2 Advanced features

2.2.1 Noise budget

A noise term is generally appended to a ciphertext in the encryption operation to guarantee the security of the cryptosystem. This term could be an integer (if the scheme is based on integers) or a polynomial (if the scheme is based on polynomials) with coefficients in {−1,0,1}. Size of the term depends on the security and correctness properties of each system (for instance, a polynomial is typically considered small if all its coefficients are small). Homomorphic operations increase the noise and beyond a threshold, the resultant ciphertext would become too corrupt to be decrypted. Noise budget (invariant) is defined as the total amount of noise that can be added until the decryption fails. Addition and subtraction have a very small impact on noise compared to multiplication and Partially Homomorphic Encryption schemes are not affected by noise.

2.2.2 Recryption

Recryption is a technique to re-generate the noise budget of a ciphertext that was depleted by arbitrary computations. Recryption boosts bounded-depth homomorphism to unbounded-depth homomorphism. This implies that the noisy ciphertext can be converted into a noise-free ciphertext (of the same plaintext) without the secret key [24, 25]. Libraries that do not have recryption functionality implemented, provide no means of converting a noisy ciphertext to a noise-free ciphertext. They therefore limit the number of arbitrary computations on a ciphertext.

2.2.3 Ciphertext Packing

In some homomorphic encryption libraries such as SEAL and HElib, a list of plain values can be packed into a single ciphertext vector by a technique called ciphertext packing using the Chinese Remainder Theorem (CRT)

[25]. Homomorphic operations are performed on these vectors, component-wise in a SIMD (Single Instruction Multiple Data) fashion. Ciphertext packing is used to achieve a nearly optimal homomorphic evaluation (upto polylogarithmic factors). Homomorphic operations act element-wise between encrypted matrices, allowing the user to obtain speed-ups of several orders of magnitude in naively vectorizable computations.

2.2.4 Bootstrapping

In certain homomorphic encryption schemes, arithmetic operations on ciphertext can be performed using basic gates (AND, OR, NOT, etc) but arbitrary operations could reduce the available noise budget. Bootstrapping [1, 2] is a technique to remove noise by passing a ciphertext and encrypted private key into a circuit that represents the decryption algorithm of a FHE scheme. This results in a new ciphertext that corresponds to the original ciphertext but with no noise. In the TFHE library, after every gate-by-gate operation, bootstrapping is applied on the resultant ciphertext and hence any number of arbitrary operations can be performed.

2.2.5 Relinearization

Two input ciphertexts of sizes m and n respectively result in a ciphertext of the size m+n-1 after multiplication. Consumption of the noise budget is also much higher during multiplication especially when the input ciphertexts sizes are huge. Relinearization reduces the size of the resultant ciphertext after a multiplication operation to the initial size. A ciphertext of size k + 1 when relinearized produces a ciphertext of size k. After repeated steps, this can result in a ciphertext of size 2 that can be decrypted using a smaller degree decryption function to yield the same result [22]. Thus, relinearization of resultant ciphertext after multiplication, can significantly improve the performance on the subsequent operations although relinearization by itself has both a computational cost and a noise budget cost.

2.2.6 Multithreading

In homomorphic encryption libraries, multithreading corresponds to APIs exposed by the libraries being thread safe. Thread-safe APIs help avoid deadlock and ease effective inter thread communication. Most of the tools in SEAL such as Encryptor, Decryptor, PolyCRTBuilder, and Evaluator are thread-safe by default. HElib can be multithreaded by setting NTL_THREADS=on, -DFHE_THREADs, -DFHE_DCRT_THREADS flags before making the project. In Partial Homomorphic Encryption libraries discussed in the paper, multithreading is not supported.

Advanced Features SEAL HElib TFHE Paillier ELGamal RSA
Noise affected after each computation Yes Yes Yes No No No
Recryption No Yes Yes N/A N/A N/A
Ciphertext p̊acking Yes Yes No No No No
Relinearization Yes Yes No N/A N/A N/A
Multithreading Yes Yes No No No No
Table 2: Comparison of Homomorphic Encryption Libraries based on advanced features

2.3 Operations

2.3.1 Ciphertext Comparison

Two ciphertexts can be compared for equality, greater than, greater than or equal to, less than or less than or equal to. TFHE allows evaluating an arbitrary boolean circuit composed of binary gates, over encrypted data. A custom comparator circuit can be used to perform comparisons using TFHE. In SEAL and HElib, a Binary-Encoder must be used to generate a ciphertext comprising of only 0s and 1s. Two such ciphertexts can then be compared in a bit-wise manner. This process is time-consuming and less secure. A computer with limited resources can potentially decrypt a ciphertext by randomly comparing it with a known ciphertext. Due to this security threat, HE libraries do not readily expose a comparison API.

2.3.2 Division

BGV or BFV schemes do not allow division of ciphertexts due to the randomness and complexity of the ciphertext. It’s possible to approximate division but using all kinds of expansions. In fully homomorphic encryption, division of ciphertext and ciphertext is performed by computing the inverse of ciphertext (decrypt, inverse and encrypt) and multiplying the inverse ciphertext by ciphertext A (multiplicative inverse). Another technique is through recursive subtraction. Recursive subtraction can work only if is equal to zero.

2.3.3 Boolean Operations

Some homomorphic encryption libraries that are based on Secure Multilayer Perceptron

[26] and Doubly Permuted Homomorphic Encryption [27] allow evaluating an arbitrary boolean circuit composed of binary gates over encrypted data.

2.3.4 Matrix Operations

SEAL exposes an API to perform matrix rotation and element-wise addition, multiplication and subtraction. In PHE libraries, first a ciphertext matrix has to be created by performing element-wise encryption on a nxn plaintext matrix and then custom logic has to be implemented to perform rows and column rotation.

2.3.5 Exponentiation

Exponentiation of ciphertexts is usually A raised to the power of where and are ciphertexts. Current FHE libraries only provide an implementation to raise a ciphertext base with a plain text exponent. This is accomplished through repetitive multiplication of the ciphertext. Eg: is . The same can be accomplished on PHE schemes. In additive PHE scheme, can be calculated as .

2.3.6 Add Plain, Subtract Plain, Multiple Plain

Homomorphic operations are usually carried out between two cipher texts. If one of the operands could be a plaintext it could significantly improve the performance. The size of the resultant ciphertext remains the same as the input ciphertext and the relinearlization step could be skipped. SEAL provides functions to perform addition, subtraction and multiplication of a ciphertext with a plaintext. The ‘plain’ operations are implemented in SEAL as Evaluator::add_plain, Evaluator::sub_plain and Evaluator::multiply_plain.

Operations SEAL HElib TFHE Paillier ELGamal RSA
Addition, S̊ubtraction Yes Yes Yes Yes No No
Multiplication Yes Yes Yes No Yes Yes
Comparison No No No No No No
Division No No No No No No
Boolean o̊perations No No Yes No No No
Bitwise operations Yes Yes Yes No No No
Matrix operations Yes Yes No No No No
Exponentiation Yes Yes No No No No
Square Yes Yes Yes No Yes Yes
Negation Yes Yes No No No No
Add Plain, Subtract Plain, Multiply Plain Yes No No No No No
Table 3: Different operations supported by Homomorphic Encryption libraries
Languages SEAL HElib TFHE Paillier ELGamal RSA
C++ Yes Yes No Yes Yes Yes
Python Yes Yes No Yes Yes Yes
Java No No No Yes Yes Yes
C No No Yes No No No
Table 4: Homomorphic Library implementations across programming languages

3 Applications

The need to create models or derive predictions from confidential distributed datasets is a commonly surfacing theme in many industries. For example, medical information might be distributed across multiple clinics. [28] outlines various potential real-world applications of homomorphic Encryption. Some of the emerging applications are:

3.1 Healthcare

In healthcare, maintaining privacy of patients’ information is critical and therefore, their private date is often protected by law. However, sharing and computing on information that is distributed across systems is important for diverse use cases such as coordinated patient care, fraud billing and reimbursements. It is therefore difficult to strike a balance between risk and utility. For example, in 2018, there were 11 large HIPAA enforcement actions with an average fine of $1.9 million [29]. Homomorphic Encryption can help balance the risk vis-a-vis utility by enabling the analysis of billing records across patient data to uncover potential cases of fraud reimbursement or billing, without violating the patient’s privacy.

3.2 Financial Services

Clients and businesses in the financial services work with confidential information. Consequently, data, the models and functions computed on them are often considered proprietary and confidential. Data in financial services functions may even be a continuous stream reflecting the most up-to-date information necessary for decisions making and is often a result of exclusive research or data feeds available to a particular client and is often, very expensive. Homomorphic Encryption provides the appropriate way to evaluate and run both these data and functions privately. For instance, a client can upload an encrypted version of the function to the cloud, and the streaming data, on which the functions / models run could be encrypted using the customer’s public key and uploaded to the cloud.

3.3 Smart Grid

Consider a smart grid consisting of multiple microgrids such as solar panel generators used by individuals. Each node in such a grid generates useful data like electrical generation and usage, temperatures of physical equipments, energy flows, etc. In case of a generator, if the nodes belong to a smart grid, then measurements include current energy usage, smart lights, sensors in use etc.

When the municipality or any other government entity wants an aggregate measure, or an alert about the data, they can use Homomorphic Encryption for computing data from nodes. They can do this without violating the terms of business contracts that prohibit them from disclosing confidential information such as usage of energy in a particular mall, or the location of the surveillance cameras in a household. In this way, they can develop trust and improve credibility of the smart grids with the public. Homomorphic encryption plays an important role in achieving this.

3.4 Genomics

Private data generated from sequencing human genome for complex disease or epidemiology can be a powerful tool in developing a cure or a therapy/treatment for the disease. DNA and RNA sequences can be generated rapidly and consequently, large amount of such sequences are now available in laboratories and medical institutes. However, significant challenges exist in sharing this data. [30]. Individual DNA sequences are as unique as fingerprints - they can be tracked down to an individual and can determine say for e.g. if they are susceptible to Alzheimer’s disease or heart attack. Existing rules for protecting genomics data has created a lot of limitations for the researchers. Homomorphic Encryption can enable researchers to speed up sharing information while safeguarding privacy of the individuals and thus significantly speed up discovery.

4 Conclusion

In this paper we survey and compare libraries across various dimensions for homomorphic encryption. These techniques enable us to perform computations on encrypted data as against having to decrypt data in order to perform computations. In this way, it allows for collaborative computing between multiple parties via encrypted ciphertexts. Although the field is rapidly progressing on the theoretical front, there has been significant recent progress in making it practical from an application/practical standpoint. Both these factors are crucial for rapid adoption and further development of this field.

Applications of homomorphic encryption primarily involve distributed applications in diverse sectors such as healthcare, smart grids or genomics. In these applications, ciphertexts, public keys, and other low-level information needs to be shared between data providers, encrypted computing hosts, and the desired recipients of the results of the computation.

There are many scenarios, such as the one mentioned in healthcare detection or genomics research, where these applications are currently almost impossible to develop due to technical or legal reasons. In cases where the technology is available, one still has to cross the expensive and time-consuming barrier of legal processes, driven by the need of maintaining strict privacy. We can however hope, that practical homomorphic encryption would lead to a dramatic rise in applications in cloud and edge computation where privacy is critical. Our intent is to share our learnings, motivate our colleagues and help the progress of the research and technology community.

5 Other Homomorphic Encryption Libraries

[31] publishes an exhaustive list of Homomorphic Encryption Libraries:
HEAAN - Scheme with native support for fixed point approximate arithmetic

FHEW - Homomorphic Encryption library based on Fast Fourier Transform

Λ ○ λ - Haskell library for ring-based [23] lattice cryptography that supports FHE
NFLlib - NTT-based Fast Lattice library
PALISADE - Lattice encryption library
Pyfhel - PYthon For HElib
libshe - Symmetric SWHE library based on DGHV scheme
cuHE - GPU-accelerated HE library for NVIDIA CUDA-Enabled GPUs
cuYASHE - Based on leveled FHE scheme YASHE for GPGPUs
python-paillier - PHE based on Paillier scheme
krypto - C++ implementation of multivariate quadratic FHE
petlib - Python library that implements a number of Privacy Enhancing Technologies


  • [1] Zvika Brakerski, Craig Gentry and Vinod Vaikuntanathan, Fully Homomorphic Encryption without Bootstrapping, IACR Cryptology ePrint Archive, 2015
  • [2] Ilaria Chillotti, Nicolas Gama, Mariya Georgieva and Malika Izabachène, Improving TFHE: Faster Packed Homomorphic Operations and Efficient Circuit Bootstrapping, Cryptology ePrint Archive Report 2017/430, https://eprint.iacr.org/2017/430, 2017
  • [3] Ilaria Chillotti, Nicolas Gama, Mariya Georgieva and Malika Izabachène, Faster Fully Homomorphic Encryption: Bootstrapping [1] in less than 0.1 Seconds, Cryptology ePrint Archive Report 2016/870, https://eprint.iacr.org/2016/870, 2016
  • [4] Junfeng Fan and Frederik Vercauteren, Somewhat Practical Fully Homomorphic Encryption, Cryptology ePrint Archive Report 2012/144, https://eprint.iacr.org/2012/144, 2012
  • [5] Andrew C. Yao, Protocols for Secure Computations, University of California Berkeley, California, IEEE Foundations of Computer Science, 23rd Annual Symposium on, https://research.cs.wisc.edu/areas/sec/yao1982-ocr.pdf, 1982
  • [6] T. Sander, A. Young, and M. Yung, Non-interactive Cryptocomputing for NC SUP1, IEEE Foundations of Computer Science, 40th Annual Symposium on, pp. 554–566 http://dx.doi.org/10.1109/SFFCS.1999.814630, 1999
  • [7] Dan Boneh, Eu-Jin Goh, and Kobbi Nissim, Evaluating 2-DNF Formulas on Ciphertexts, Theory of Cryptography. Springer, pp. 325–341, https://crypto.stanford.edu/~dabo/papers/2dnf.pdf, 2006
  • [8] Yuval Ishai and Anat Paskin, Evaluating Branching Programs on Encrypted Data, Theory of Cryptography, Springer, pp. 575–594. https://www.iacr.org/archive/tcc2007/43920574/43920574.pdf, 2007
  • [9] Josh Daniel Cohen Benaloh, Verifiable secret-ballot elections, Thesis, Yale University, Department of Computer Science, https://www.microsoft.com/en-us/research/wp-content/uploads/1987/01/thesis.pdf, 1987
  • [10] Josh Benaloh, ‘Dense probabilistic encryption’ Proceedings of the Workshop on Selected Areas of Cryptography, pp. 120–128. http://sancy.univ-bpclermont.fr/~lafourcade//PAPERS/FLA11.pdf, 1994
  • [11] Ronald L Rivest, Adi Shamir, and Len Adleman, A Method for Obtaining Digital Signatures and Public-key Cryptosystems, Communications of the ACM 21, 2, pp. 120–126 https://people.csail.mit.edu/rivest/Rsapaper.pdf, 1978
  • [12]

    Shafi Goldwasser and Silvio Micali, Probabilistic encryption & how to play mental poker keeping secret all partial information, Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing. ACM, pp. 365–377, 1982

  • [13] Taher ElGamal, A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Transactions in Information Theory, Vol 31, pp. 469-472, 1985
  • [14] David Naccache and Jacques Stern, A New Public Key Cryptosystem Based on Higher Residues, Proceedings of the 5th ACM Conference on Computer and Communications Security, ACM, pp. 59–66, 1998
  • [15] Tatsuaki Okamoto and Shigenori Uchiyama, A New public-key cryptosystem as secure as factoring, In Advances in Cryptology—EUROCRYPT ’98. Springer, pp. 308–318, https://link.springer.com/chapter/10.1007/BFb0054135, 1998
  • [16] Pascal Paillier, Public-key Cryptosystems Based on Composite Degree Residuosity Classes, Advances in cryptology—EUROCRYPT ‘99. Springer, pp. 223–238, 1999
  • [17] Ivan Damgård and Mads Jurik, A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-key System, Public Key Cryptography, International Workshop on Public Key Cryptography, Springer, pp. 119–136, 2001
  • [18] Akinori Kawachi, Keisuke Tanaka, and Keita Xagawa, Multi-bit Cryptosystems Based on Lattice Problems, Public Key Cryptography–PKC, Springer, pp. 315–329, 2007
  • [19] Steven D Galbraith, Elliptic Curve Paillier schemes, Journal of Cryptology 15, 2, pp. 129–138, 2002
  • [20] Melissa Chase, Hao Chen, Jintai Ding, Shafi Goldwasser, Sergey Gorbunov, Jeffrey Hoffstein, Kristin Lauter, Satya Lokam, Dustin Moody, Travis Morrison, Amit Sahai and Vinod Vaikuntanathan, Security of Homomorphic Encryption, 2018
  • [21] Martin Albrecht, Melissa Chase, Hao Chen, Jintai Ding, Shafi Goldwasser, Sergey Gorbunov, Shai Halevi, Jeffrey Hoffstein, Kristin Lauter, Satya Lokam, Daniele Micciancio, Dustin Moody, Travis Morrison, Amit Sahai and Vinod Vaikuntanathan, Homomorphic Encryption Standard, http://homomorphicencryption.org/wp-content/uploads/2018/08/HomomorphicEncryptionStandard2018-08-30.pdf, 2018
  • [22] Kim Laine, Simple Encrypted Arithmetic Library 2.3.1, Microsoft Research https://www.microsoft.com/en-us/research/uploads/prod/2017/11/sealmanual-2-3-1.pdf, 2017
  • [23] Fraleigh, J. B., A First Course in Abstract Algebra, 7th edition, Addison-Wesley, 2002
  • [24] Craig Gentry, Amit Sahai and Brent Waters, Homomorphic Encryption from Learning with Errors: Conceptually Simpler, Asymptotically Faster, Attribute Based, Advances in Cryptology CRYPTO, Springer, 2013
  • [25] Zvika Brakerski, Craig Gentry and Shai Halevi, Packed Ciphertexts in LWE-based Homomorphic Encryption, Cryptology ePrint Archive Report 2012/565, https://eprint.iacr.org/2012/565.pdf, 2012
  • [26] Reda Bellafqira, Gouenou Coatrieux, Emmanuelle Genin and Michel Cozic, Secure Multilayer Perceptron Based On Homomorphic Encryption, arXiv preprint, https://arxiv.org/abs/1806.02709, 2018
  • [27]

    Ryo Yonetani, Vishnu Naresh Boddeti, Kris M. Kitani and Yoichi Sato, Privacy-Preserving Visual Learning Using Doubly Permuted Homomorphic Encryption, IEEE International Conference on Computer Vision, pp. 2059–2069, 2017

  • [28] David Archer, Lily Chen, Jung Hee Cheon, Ran Gilad-Bachrach, Roger A. Hallman, Zhicong Huang, Xiaoqian Jiang, Ranjit Kumaresan, Bradley A. Malin, Heidi Sofia, Yongsoo Song and Shuang Wang, Applications of Homomorphic Encryption, Technical report, 2018
  • [29] Compliance Group, HIPAA Fines Listed by Year, https://compliancy-group.com/hipaa-fines-directory-year/, 2018
  • [30] Miran Kim and Kristin E. Lauter, Private Genome Analysis through Homomorphic Encryption, BMC medical informatics and decision making 15 Suppl 5 S3, 2015
  • [31] Jonathan Schneider, Awesome - A curated list of amazing Homomorphic Encryption libraries, software and resources, https://github.com/jonaschn/awesome-he