Paper 2020/1118

Approximate Homomorphic Encryption with Reduced Approximation Error

Andrey Kim, Antonis Papadimitriou, and Yuriy Polyakov


The Cheon-Kim-Kim-Song (CKKS) homomorphic encryption scheme is currently the most efficient method to perform approximate homomorphic computations over real and complex numbers. Although the CKKS scheme can already be used to achieve practical performance for many advanced applications, e.g., in machine learning, its broader use in practice is hindered by several major usability issues, most of which are brought about by relatively high approximation errors and the complexity of dealing with them. We present a reduced-error CKKS variant that removes the approximation errors due to the Learning With Errors (LWE) noise in the encryption and key switching operations. We propose and implement its Residue Number System (RNS) instantiation that has a lower error than the original CKKS scheme implementation based on multiprecision integer arithmetic. While formulating the RNS instantiation, we also develop an intermediate RNS variant that has a smaller approximation error than the prior RNS variant of CKKS. The high-level idea of our main RNS-related improvements is to remove the approximate scaling error using a novel procedure that computes level-specific scaling factors. The rescaling operations and scaling factor adjustments in our implementation are done automatically. We implement both RNS variants in PALISADE and compare their approximation error and efficiency to the prior RNS variant. Our results for uniform ternary secret key distribution, which is the most efficient setting included in the community homomorphic encryption security standard, show that the reduced-error CKKS RNS implementation typically has an approximation error that is 6 to 9 bits smaller for computations with multiplications than the prior RNS variant. The results for the sparse secret setting, which was used for the original CKKS scheme, imply that our reduced-error CKKS RNS implementation has an approximation error up to 12 bits smaller than the prior RNS variant.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.CT-RSA 2022
approximate homomorphic encryptionsoftware implementationlattice-based cryptographyCKKS
Contact author(s)
ypolyakov @ dualitytech com
2021-12-06: last of 7 revisions
2020-09-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andrey Kim and Antonis Papadimitriou and Yuriy Polyakov},
      title = {Approximate Homomorphic Encryption with Reduced Approximation Error},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1118},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.