Paper 2011/405

Can Homomorphic Encryption be Practical?

Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan


The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency -- can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is two-fold. First, we exhibit a number of real-world applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is "somewhat" homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the "ring learning with errors" (Ring LWE) problem. The system is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairing-based schemes with the same level of security and homomorphic capacity. We also show a number of application-specific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.

Note: Full version of the ACM CCSW 2011 paper.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Homomorphic encryptionring learning with errors
Contact author(s)
michael @ cryptojedi org
2011-09-01: last of 3 revisions
2011-07-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kristin Lauter and Michael Naehrig and Vinod Vaikuntanathan},
      title = {Can Homomorphic Encryption be Practical?},
      howpublished = {Cryptology ePrint Archive, Paper 2011/405},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.