pith. sign in

arxiv: 2503.05136 · v25 · submitted 2025-03-07 · 💻 cs.CR · cs.DM

The Beginner's Textbook for Fully Homomorphic Encryption

Ronny Ko This is my paper

Pith reviewed 2026-05-23 01:31 UTC · model grok-4.3

classification 💻 cs.CR cs.DM
keywords fully homomorphic encryptionencrypted computationprivacy-preserving machine learninglogic gates on ciphertextsblockchain confidentialityfunction approximationsecure outsourcing
0
0 comments X

The pith

Fully homomorphic encryption supports addition and multiplication on ciphertexts to enable complex functions without decryption.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces fully homomorphic encryption as a scheme where computations occur directly on encrypted data and produce correct results upon decryption. It explains that addition and multiplication on encrypted values suffice to construct logic gates, subtraction, division, and approximations of functions such as ReLU and sigmoid. These capabilities allow a server to run machine learning models on client data while learning neither the inputs nor the outputs. The same properties extend to keeping smart-contract data encrypted on blockchains and to other secure outsourcing tasks. An online version of the textbook is provided for readers to explore the constructions interactively.

Core claim

Fully Homomorphic Encryption (FHE) is a cryptographic scheme that enables computations to be performed directly on encrypted data, as if the data were in plaintext. After all computations are performed on the encrypted data, it can be decrypted to reveal the result. The decrypted value matches the result that would have been obtained if the same computations were applied to the plaintext data. FHE supports basic operations such as addition and multiplication on encrypted numbers. Using these fundamental operations, more complex computations can be constructed, including subtraction, division, logic gates, and even advanced mathematical functions such as ReLU and sigmoid.

What carries the argument

Addition and multiplication on encrypted numbers, which serve as the foundation for building logic gates and function approximations.

If this is right

  • A server can run an ML model on a client's encrypted features and return only an encrypted prediction that the client alone can decrypt.
  • Smart contracts can execute on encrypted inputs while preserving both confidentiality and the public verifiability of the ledger.
  • Encrypted database queries and privacy-preserving searches become feasible without exposing plaintext records.
  • Multi-party protocols for digital signatures can incorporate FHE to keep intermediate values hidden.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The textbook's step-by-step construction of gates and activations could serve as a template for verifying new FHE libraries against the same functional specifications.
  • Approximation trade-offs described for ReLU and trigonometric functions suggest concrete benchmarks for measuring accuracy versus noise growth in different parameter sets.
  • The blockchain application points to a possible hybrid where FHE handles private state while zero-knowledge proofs handle public integrity checks.

Load-bearing premise

The textbook's explanations of FHE operations, approximations, and security properties accurately represent established cryptographic results.

What would settle it

An implementation of one of the described function approximations, such as sigmoid on encrypted inputs, that produces a decrypted output differing from the expected plaintext result by more than the stated error bound.

Figures

Figures reproduced from arXiv: 2503.05136 by Ronny Ko.

Figure 1
Figure 1. Figure 1: An illustration of number decomposition. [PITH_FULL_IMAGE:figures/full_fig_p027_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: An illustration of approximate decomposition [PITH_FULL_IMAGE:figures/full_fig_p029_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The figure illustrates a circle of Euler’s formula in the complex plane [PITH_FULL_IMAGE:figures/full_fig_p031_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: An illustration of the four roots of the 8th cyclotomic polynomial [PITH_FULL_IMAGE:figures/full_fig_p048_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: The figure illustrates Euler’s formula on the unit circle in the complex plane [PITH_FULL_IMAGE:figures/full_fig_p052_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: An illustration of LWE’s plaintext scaling and adding a noise: ∆ [PITH_FULL_IMAGE:figures/full_fig_p075_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: An illustration of a GLev ciphertext B-5.2 Decryption We decrypt the first GLWE ciphertext (i = 1) using the secret S, with the scaling factor ∆1 = q β . This is because while the ciphertext contains l encryptions, the higher indices i > 1 have progressively smaller scaling factors ∆i = q/βi . If ∆i becomes smaller than the noise threshold, those specific components cannot be decrypted correctly. B-5.3 Lev… view at source ↗
Figure 10
Figure 10. Figure 10: An illustration of a GGSW ciphertext B-6.2 Decryption To recover the message M, it is sufficient to decrypt the last GLev ciphertext (the one encrypting M) using the secret S. Decrypting the other rows yields −Si · M, but recovering M from these rows is only possible if Si is invertible (i.e., Si ̸= 0). B-6.3 GSW and RGSW GSW is GGSW with n = 1. RGSW is GGSW with k = 1. 89 [PITH_FULL_IMAGE:figures/full_f… view at source ↗
Figure 11
Figure 11. Figure 11: Noise reduction in ciphertext-to-plaintext multiplication by gadget decomposition. [PITH_FULL_IMAGE:figures/full_fig_p097_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: An illustration of scaled plaintext with a noise: ∆ [PITH_FULL_IMAGE:figures/full_fig_p101_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: An illustration of the MUX logic gate Homomorphic MUX Logic Gate: In step 3, the formula s0 · (V0 · Xaˆ0 − V0) + V0 implements the MUX logic gate as shown in [PITH_FULL_IMAGE:figures/full_fig_p125_13.png] view at source ↗
Figure 14
Figure 14. Figure 14: An illustration of neural networks Homomorphic encryption can be applied to the neurons of deep neural networks, in which each neuron is generally comprised of two steps of computation: 1. Linear Combination of Input Values: An input feature value (or intermediate value) set (x1, x2, · · · , xn), a weight set (w1, w2, · · · , wn), and a bias b are computed as: y = Pn i=1 xiwi + b. 2. Activation Function: … view at source ↗
Figure 15
Figure 15. Figure 15: An illustration of neural networks’s programmable bootstrapping [PITH_FULL_IMAGE:figures/full_fig_p132_15.png] view at source ↗
Figure 16
Figure 16. Figure 16: Sine function f(x) = q0 2π · sin  2πx q0  such that f(∆mi + ei + q0ki) ≈ ∆mi + ei (provided ∆mi + ei ≪ q0) (Source) To do so, we will take an approximated approach by using a sine function described in [PITH_FULL_IMAGE:figures/full_fig_p200_16.png] view at source ↗
Figure 17
Figure 17. Figure 17: Arc-sine graph for smaller approximation error [PITH_FULL_IMAGE:figures/full_fig_p210_17.png] view at source ↗
read the original abstract

Fully Homomorphic Encryption (FHE) is a cryptographic scheme that enables computations to be performed directly on encrypted data, as if the data were in plaintext. After all computations are performed on the encrypted data, it can be decrypted to reveal the result. The decrypted value matches the result that would have been obtained if the same computations were applied to the plaintext data. FHE supports basic operations such as addition and multiplication on encrypted numbers. Using these fundamental operations, more complex computations can be constructed, including subtraction, division, logic gates (e.g., AND, OR, XOR, NAND, MUX), and even advanced mathematical functions such as ReLU, sigmoid, and trigonometric functions (e.g., sin, cos). These functions can be implemented either as exact formulas or as approximations, depending on the trade-off between computational efficiency and accuracy. FHE enables privacy-preserving machine learning by allowing a server to process the client's data in its encrypted form through an ML model. With FHE, the server learns neither the plaintext version of the input features nor the inference results. Only the client, using their secret key, can decrypt and access the results at the end of the service protocol. FHE can also be applied to confidential blockchain services, ensuring that sensitive data in smart contracts remains encrypted and confidential while maintaining the transparency and integrity of the execution process. Other applications of FHE include secure outsourcing of data analytics, encrypted database queries, privacy-preserving searches, efficient multi-party computation for digital signatures, and more. A dynamic website version is available at (https://fhetextbook.github.io). Please report any bugs or errors to the Github issues board.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 1 minor

Summary. The manuscript is a beginner's textbook on Fully Homomorphic Encryption (FHE). It claims that FHE enables direct computation on encrypted data yielding results identical to plaintext computation, supports addition and multiplication on ciphertexts from which subtraction, division, logic gates (AND, OR, XOR, NAND, MUX), and functions such as ReLU, sigmoid, sin, and cos can be constructed (exactly or via polynomial approximations), and enables privacy-preserving machine learning (server processes encrypted client data without learning inputs or outputs) as well as confidential blockchain services and other applications such as secure data analytics and encrypted queries. A dynamic website version is referenced.

Significance. The work is purely expository and summarizes established FHE properties (e.g., CKKS-style approximate arithmetic, bootstrapping for circuit depth) without introducing new derivations, proofs, or empirical results. If the explanations are accurate, it may have pedagogical value as an accessible introduction for beginners in cryptography and privacy-preserving computation, but its significance for a research journal is limited by the absence of novel contributions.

minor comments (1)
  1. [Abstract] The abstract references a dynamic website (https://fhetextbook.github.io) and GitHub issues board; if the manuscript is intended for journal publication, consider whether these external resources should be described in a dedicated section or appendix for reproducibility.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their review and for recommending acceptance. We appreciate the acknowledgment that the manuscript provides an accessible introduction with pedagogical value for beginners in cryptography and privacy-preserving computation.

Circularity Check

0 steps flagged

No significant circularity; purely expository textbook

full rationale

The document is a beginner's textbook on established FHE properties with no derivations, equations, predictions, fitted parameters, or novel claims. All described operations (addition/multiplication on ciphertexts, circuit constructions for gates, polynomial approximations for ReLU/sigmoid, and applications in PPML/blockchain) are standard results from the literature (e.g., CKKS, bootstrapping). No self-citations, ansatzes, or load-bearing steps exist that could reduce to inputs by construction. The reader's assessment of score 0.0 is confirmed by the absence of any derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

As an educational textbook the work relies on standard cryptographic assumptions already established in the literature and introduces no new free parameters or entities.

axioms (1)
  • domain assumption Security of underlying lattice-based or other FHE schemes against chosen-plaintext attacks
    Invoked implicitly when describing that decrypted results match plaintext computations while preserving confidentiality.

pith-pipeline@v0.9.0 · 5822 in / 968 out tokens · 28533 ms · 2026-05-23T01:31:46.449770+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

28 extracted references · 28 canonical work pages · 1 internal anchor

  1. [1]

    Fields and cyclotomic polynomials, 2024

    Cornell University. Fields and cyclotomic polynomials, 2024. https://e.math.cornell.edu/ people/belk/numbertheory/CyclotomicPolynomials.pdf

    work page 2024

  2. [2]

    Polynomial ring, 2024

    Wikipedia. Polynomial ring, 2024. https://en.wikipedia.org/wiki/Polynomial_ring

    work page 2024

  3. [3]

    Polynomial rings, 2024

    Al Doerr, Ken Levasseur. Polynomial rings, 2024. https://math.libretexts.org/Bookshelves/ Combinatorics_and_Discrete_Mathematics/Applied_Discrete_Structures_(Doerr_ and_Levasseur)/16%3A_An_Introduction_to_Rings_and_Fields/16.03%3A_Polynomial_ Rings

    work page 2024

  4. [4]

    Chinese remainder theorem, 2024

    Mei Li, Curtis Clement et al. Chinese remainder theorem, 2024. https://brilliant.org/wiki/ chinese-remainder-theorem/

    work page 2024

  5. [5]

    Polynomials and the fast fourier transform (fft), 2011

    David Maier. Polynomials and the fast fourier transform (fft), 2011. http://web.cecs.pdx.edu/ ˜maier/cs584/Lectures/lect07b-11-MG.pdf

    work page 2011

  6. [6]

    Lattice-basedcryptographyandthelearningwith errorsproblem, 2017

    StephenHarrigan. Lattice-basedcryptographyandthelearningwith errorsproblem, 2017. https: //mysite.science.uottawa.ca/mnevins/papers/StephenHarrigan2017LWE.pdf

    work page 2017

  7. [7]

    Tfhe deep dive - part i - ciphertext types, 2022

    Ilaria Chillotti. Tfhe deep dive - part i - ciphertext types, 2022. https://www.zama.ai/post/ tfhe-deep-dive-part-1

    work page 2022

  8. [8]

    Tfhe deep dive - part ii - encodings and linear leveled operation, 2022

    Ilaria Chillotti. Tfhe deep dive - part ii - encodings and linear leveled operation, 2022. https: //www.zama.ai/post/tfhe-deep-dive-part-2

    work page 2022

  9. [9]

    Tfhe deep dive - part iii - key switching and leveled multiplications, 2022

    Ilaria Chillotti. Tfhe deep dive - part iii - key switching and leveled multiplications, 2022. https://www.zama.ai/post/tfhe-deep-dive-part-3

    work page 2022

  10. [10]

    Tfhe deep dive - part iv - programmable bootstrapping, 2022.https://www.zama.ai/ post/tfhe-deep-dive-part-4

    Ilaria Chillotti. Tfhe deep dive - part iv - programmable bootstrapping, 2022.https://www.zama.ai/ post/tfhe-deep-dive-part-4

    work page 2022

  11. [11]

    Guide to fully homomorphic encryption over the [discretized] torus

    Marc Joye. Guide to fully homomorphic encryption over the [discretized] torus. Cryptology ePrint Archive, Paper 2021/1402, 2021. https://eprint.iacr.org/2021/1402

    work page 2021

  12. [12]

    Introduction to the BFV encryption scheme, 2021

    Inferati Inc. Introduction to the BFV encryption scheme, 2021. https://www.inferati.com/ blog/fhe-schemes-bfv

    work page 2021

  13. [13]

    Somewhat practical fully homomorphic encryption

    Junfeng Fan and Frederik Vercauteren. Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Paper 2012/144, 2012. https://eprint.iacr.org/2012/144

    work page 2012

  14. [14]

    Bootstrapping for BGV and BFV revisited

    Robin Geelen and Frederik Vercauteren. Bootstrapping for BGV and BFV revisited. Cryptology ePrint Archive, Paper 2022/1363, 2022. https://eprint.iacr.org/2022/1363

    work page 2022

  15. [15]

    Bootstrapping for helib

    Shai Halevi and Victor Shoup. Bootstrapping for helib. J. Cryptol., 34(1), January 2021. https: //doi.org/10.1007/s00145-020-09368-7

    work page doi:10.1007/s00145-020-09368-7 2021

  16. [16]

    A note on lower digits extraction polynomial for bootstrapping,

    Mingjia Huo, Kewen Wu, and Qi Ye. A note on lower digits extraction polynomial for bootstrapping,

    work page

  17. [17]

    https://arxiv.org/abs/1906.02867. 256

    work page internal anchor Pith review Pith/arXiv arXiv 1906

  18. [18]

    Fully homomorphic encryption for cyclotomic prime moduli

    Robin Geelen and Frederik Vercauteren. Fully homomorphic encryption for cyclotomic prime moduli. Cryptology ePrint Archive, Paper 2024/1587, 2024. https://eprint.iacr.org/2024/1587

    work page 2024

  19. [19]

    Bootstrapping for approximate homomorphic encryption

    Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim, and Yongsoo Song. Bootstrapping for approximate homomorphic encryption. In Jesper Buus Nielsen and Vincent Rijmen, editors, Advances in Cryptology – EUROCRYPT 2018 , pages 360–384, Cham, 2018. Springer International Publishing. https://eprint.iacr.org/2018/153.pdf

    work page 2018

  20. [20]

    High-precision bootstrapping of RNS-CKKS homomorphic encryption using optimal minimax polynomial approximation and inverse sine function

    Joon-Woo Lee, Eunsang Lee, Yongwoo Lee, Young-Sik Kim, and Jong-Seon No. High-precision bootstrapping of RNS-CKKS homomorphic encryption using optimal minimax polynomial approximation and inverse sine function. Cryptology ePrint Archive, Paper 2020/552, 2020. https://eprint.iacr.org/2020/552

    work page 2020

  21. [21]

    META-BTS: Bootstrapping precision beyond the limit

    Youngjin Bae, Jung Hee Cheon, Wonhee Cho, Jaehyung Kim, and Taekyung Kim. META-BTS: Bootstrapping precision beyond the limit. Cryptology ePrint Archive, Paper 2022/1167, 2022. https://eprint.iacr.org/2022/1167

    work page 2022

  22. [22]

    Design and implementation of HElib: a homomorphic encryption library

    Shai Halevi and Victor Shoup. Design and implementation of HElib: a homomorphic encryption library. Cryptology ePrint Archive, Paper 2020/1481, 2020. https://eprint.iacr.org/2020/ 1481

    work page 2020

  23. [23]

    Fully homomorphic encryption without bootstrapping

    Masahiro Yagisawa. Fully homomorphic encryption without bootstrapping. Cryptology ePrint Archive, Paper 2015/474, 2015. https://eprint.iacr.org/2015/474

    work page 2015

  24. [24]

    Craig Gentry, Shai Halevi, and Nigel P. Smart. Homomorphic evaluation of the AES circuit. Cryptology ePrint Archive, Paper 2012/099, 2012. https://eprint.iacr.org/2012/099

    work page 2012

  25. [25]

    A full RNS variant of FV like somewhat homomorphic encryption schemes

    Jean-Claude Bajard, Julien Eynard, Anwar Hasan, and Vincent Zucca. A full RNS variant of FV like somewhat homomorphic encryption schemes. Cryptology ePrint Archive, Paper 2016/510,

    work page 2016

  26. [26]

    https://eprint.iacr.org/2016/510

    work page 2016

  27. [27]

    Robin Geelen, Michiel Van Beirendonck, Hilder V. L. Pereira, Brian Huffman, Tynan McAuley, Ben Selfridge, Daniel Wagner, Georgios Dimou, Ingrid Verbauwhede, Frederik Vercauteren, and David W. Archer. BASALISC: Programmable hardware accelerator for BGV fully homomorphic encryption. Cryptology ePrint Archive, Paper 2022/657, 2022. https://eprint.iacr.org/2022/657

    work page 2022

  28. [28]

    A full rns variant of approximate homomorphic encryption

    Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim, and Yongsoo Song. A full rns variant of approximate homomorphic encryption. In Selected Areas in Cryptography – SAC 2018: 25th International Conference, Calgary, AB, Canada, August 15–17, 2018, Revised Selected Papers , page 347–368, Berlin, Heidelberg, 2018. Springer-Verlag. https://eprint.iacr.org/20...

    work page 2018