Paper 2024/463

Security Guidelines for Implementing Homomorphic Encryption

Jean-Philippe Bossuat
Rosario Cammarota, Intel (United States)
Jung Hee Cheon, Seoul National University
Ilaria Chillotti
Benjamin R. Curtis, Zama
Wei Dai, TikTok Inc.
Huijing Gong, Intel (United States)
Erin Hales, Royal Holloway University of London
Duhyeong Kim, Intel (United States)
Bryan Kumara, The Alan Turing Institute
Changmin Lee, Korea Institute for Advanced Study
Xianhui Lu, Chinese Academy of Sciences
Carsten Maple, University of Warwick, The Alan Turing Institute
Alberto Pedrouzo-Ulloa, atlanTTic, Universidade de Vigo
Rachel Player, Royal Holloway University of London
Luis Antonio Ruiz Lopez, Lorica Cybersecurity
Yongsoo Song, Seoul National University
Donggeon Yhee
Bahattin Yildiz, LG Electronics

Fully Homomorphic Encryption (FHE) is a cryptographic primitive that allows performing arbitrary operations on encrypted data. Since the conception of the idea in [RAD78], it was considered a holy grail of cryptography. After the first construction in 2009 [Gen09], it has evolved to become a practical primitive with strong security guarantees. Most modern constructions are based on well-known lattice problems such as Learning with Errors (LWE). Besides its academic appeal, in recent years FHE has also attracted significant attention from industry, thanks to its applicability to a considerable number of real-world use-cases. An upcoming standardization effort by ISO/IEC aims to support the wider adoption of these techniques. However, one of the main challenges that standards bodies, developers, and end users usually encounter is establishing parameters. This is particularly hard in the case of FHE because the parameters are not only related to the security level of the system, but also to the type of operations that the system is able to handle. In this paper, we provide examples of parameter sets for LWE targeting particular security levels that can be used in the context of FHE constructions. We also give examples of complete FHE parameter sets, including the parameters relevant for correctness and performance, alongside those relevant for security. As an additional contribution, we survey the parameter selection support offered in open-source FHE libraries.

Available format(s)
Attacks and cryptanalysis
Publication info
Fully Homomorphic EncryptionHomomorphic EncryptionConcrete SecurityLearning with ErrorsBGVBFVCKKSCGGI
Contact author(s)
jeanphilippe bossuat @ gmail com
rosario cammarota @ intel com
jhcheon @ snu ac kr
chillotti ilaria @ gmail com
ben curtis @ zama ai
weidai3141 @ gmail com
huijing gong @ intel com
erin hales 2018 @ live rhul ac uk
duhyeong kim @ intel com
bkumara @ turing ac uk
changminlee @ kias re kr
luxianhui @ iie ac cn
CM @ warwick ac uk
apedrouzo @ gts uvigo es
rachel player @ rhul ac uk
luis @ loricacyber com
y song @ snu ac kr
dgyhee @ gmail com
bahattin yildiz @ lge com
2024-03-22: approved
2024-03-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jean-Philippe Bossuat and Rosario Cammarota and Jung Hee Cheon and Ilaria Chillotti and Benjamin R. Curtis and Wei Dai and Huijing Gong and Erin Hales and Duhyeong Kim and Bryan Kumara and Changmin Lee and Xianhui Lu and Carsten Maple and Alberto Pedrouzo-Ulloa and Rachel Player and Luis Antonio Ruiz Lopez and Yongsoo Song and Donggeon Yhee and Bahattin Yildiz},
      title = {Security Guidelines for Implementing Homomorphic Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2024/463},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.