Paper 2024/203

Application-Aware Approximate Homomorphic Encryption: Configuring FHE for Practical Use

Andreea Alexandru, Duality Technologies
Ahmad Al Badawi, Duality Technologies
Daniele Micciancio, University of California, San Diego, Duality Technologies
Yuriy Polyakov, Duality Technologies

Fully Homomorphic Encryption (FHE) is a powerful tool for performing privacy-preserving analytics over encrypted data. A promising method for FHE over real and complex numbers is approximate homomorphic encryption, instantiated with the Cheon-Kim-Kim-Song (CKKS) scheme. The CKKS scheme enables efficient evaluation for many privacy-preserving machine learning applications. Despite its high efficiency, there is currently a lot of confusion on how to securely instantiate CKKS for a given application, especially after secret-key recovery attacks were proposed by Li and Micciancio (EUROCRYPT'21) for the $IND-CPA^{D}$ setting, i.e., where decryption results are shared with other parties. On the one hand, the generic definition of $IND-CPA^{D}$ is application-agnostic and often requires impractically large parameters. On the other hand, practical CKKS implementations target specific applications and use tighter parameters. A good illustration are the recent secret-key recovery attacks against a CKKS implementation in the OpenFHE library by Guo et al. (USENIX Security'24). We show that these attacks misuse the library by employing different (incompatible) circuits during parameter estimation and run-time computation, yet they do not violate the generic (application-agnostic) $IND-CPA^{D}$ definition. To address this confusion, we introduce the notion of application-aware homomorphic encryption and devise related security definitions, which correspond more closely to how homomorphic encryption schemes are implemented and used in practice. We then formulate the guidelines for implementing the application-aware homomorphic encryption model to achieve $IND-CPA^{D}$ security for practical applications of CKKS. We also show that our application-aware model can be used for secure, efficient instantiation of exact homomorphic encryption schemes.

Available format(s)
Public-key cryptography
Publication info
application-aware homomorphic encryptionapproximate FHECKKS
Contact author(s)
aalexandru @ dualitytech com
aalbadawi @ dualitytech com
daniele @ cs ucsd edu
ypolyakov @ dualitytech com
2024-02-12: approved
2024-02-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andreea Alexandru and Ahmad Al Badawi and Daniele Micciancio and Yuriy Polyakov},
      title = {Application-Aware Approximate Homomorphic Encryption: Configuring FHE for Practical Use},
      howpublished = {Cryptology ePrint Archive, Paper 2024/203},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.