Advances and Applications of Fully Homomorphic Encryption (FHE)
Fully Homomorphic Encryption (FHE)
Fully Homomorphic Encryption (FHE) has long been regarded as the crown jewel of cryptography. On July 20, 2020, Vitalik Buterin emphasized its importance in a blog post. Recently, on May 5, 2023, Vitalik reignited interest in FHE by sharing the article "Exploring Fully Homomorphic Encryption" on X, pointing out that "many people are interested in FHE."
This growing interest is also reflected in the field of crypto venture capital. In March 2023, the FHE company Zama announced the completion of a $73 million Series A funding round led by Multicoin and Protocol Labs, attracting significant market attention.
What is FHE
Fully Homomorphic Encryption (FHE) was first discussed in the 1970s but has been difficult to implement. The basic idea is to encrypt data and perform computations on it without decrypting it. Initially, only simple operations like addition or multiplication could be performed on encrypted data, which is known as partial homomorphic encryption. A breakthrough occurred in 2009 when Craig Gentry demonstrated that any computation could be performed on encrypted data, leading to the development of fully homomorphic encryption.
FHE is an advanced form of encryption that allows computations on encrypted data without the need to decrypt it first. This means that operations can be performed on ciphertext (encrypted data) to produce encrypted results, which, when decrypted, are consistent with the results of operations performed on plaintext (unencrypted data).
Key Features of Fully Homomorphic Encryption
Homomorphic Properties
- Addition: Performing addition on ciphertext is equivalent to performing addition on plaintext.
𝐸(𝑎+𝑏)=𝐸(𝑎)+𝐸(𝑏)
- Multiplication: Performing multiplication on ciphertext is equivalent to performing multiplication on plaintext.
𝐸(𝑎×𝑏)=𝐸(𝑎)×𝐸(𝑏)
Noise Management: When encrypting data with FHE, noise is added to the ciphertext to ensure security. However, this noise increases with each operation. Managing and minimizing noise is crucial because if the noise becomes too large, computations may become inaccurate or fail.
Unlimited Operations: Unlike partial homomorphic encryption (PHE), which supports one type of operation (addition or multiplication) and limited operations, and somewhat homomorphic encryption (SHE), which supports both but with a limited number of operations, FHE supports unlimited additions and multiplications. This allows for any type of computation to be performed on encrypted data.
Strictly speaking, fully homomorphic encryption is a special case of homomorphic encryption. Homomorphic encryption means that performing addition or multiplication on ciphertext is equivalent to performing the same operation on plaintext, i.e.:
𝐸(𝑎+𝑏)=𝐸(𝑎)+𝐸(𝑏)
𝐸(𝑎×𝑏)=𝐸(𝑎)×𝐸(𝑏)
In this context, a and E(a), b and E(b) can be considered equivalent. However, two important challenges need to be noted:
The equivalence between plaintext and ciphertext involves adding some noise to the plaintext before performing operations to obtain ciphertext. If the noise leads to significant deviations, computations may fail. Therefore, controlling noise is crucial for various algorithms.
The overhead of addition and multiplication is significant. Computations on ciphertext can be 10,000 to 1,000,000 times more expensive than computations on plaintext. Fully homomorphic encryption is achieved only when unlimited additions and multiplications can be performed on ciphertext.
Different types of homomorphic encryption have unique values in their respective domains and can be classified based on their level of implementation as follows:
Types of Homomorphic Encryption
Partial Homomorphic Encryption (PHE): Supports unlimited operations of one type (addition or multiplication). For example, RSA is partially homomorphic in multiplication.
Somewhat Homomorphic Encryption (SHE): Supports both addition and multiplication but with a limited number of operations. This is useful for specific applications that require only a small number of operations.
Fully Homomorphic Encryption (FHE): Supports unlimited additions and multiplications, allowing arbitrary computations on encrypted data. This makes FHE extremely powerful but also computationally intensive.
The main advantage of FHE is its ability to perform any type of computation on encrypted data, ensuring privacy and security throughout the computation process.
Applications of FHE in Blockchain
Vitalik pointed out that FHE could become a key technology for blockchain scalability and privacy protection. Current blockchains are inherently transparent, with every transaction and smart contract variable being public. FHE can transform a fully transparent blockchain into a partially encrypted form while still being controlled by smart contracts.
For example, Zama is developing an FHE virtual machine that allows programmers to write Solidity code that operates on FHE primitives. This approach can address privacy issues on today's blockchains, enabling use cases like encrypted payments, slot machines, and casinos while retaining transaction graphs, making it more regulatory-friendly compared to solutions like Tornado Cash.
Another key application of FHE is improving the usability of privacy projects. Projects like Zcash, Aztec, and Tornado Cash face significant usability issues, such as long retrieval times for balance information and synchronization delays. FHE offers a solution through Oblivious Message Retrieval (OMR), allowing wallet clients to synchronize without exposing the content being accessed.
However, FHE does not directly address blockchain scalability issues like Rollup technology. Combining FHE with Zero-Knowledge Proofs (ZKP) may resolve some scalability challenges. Verifiable FHE can ensure that computations are executed correctly, similar to ZK Rollups, providing a trusted computing mechanism for blockchain environments.
Relationship Between FHE and Zero-Knowledge Proofs (ZKP)
FHE and ZKP are complementary technologies but serve different purposes. ZKP allows for verifiable computation and zero-knowledge properties, providing privacy for private states. However, ZKP does not provide privacy for shared states, which is crucial for permissionless smart contract platforms like Uniswap. This is where FHE and Multi-Party Computation (MPC) come into play, allowing computations on encrypted data without exposing the data itself.
Combining ZKP and FHE significantly increases computational complexity and is impractical unless specific use cases require it.
Current Stage and Future Prospects of FHE
FHE is approximately three to four years behind ZKP in development but is rapidly catching up. First-generation FHE projects are launching testnets, with mainnets expected to be released later this year. Although FHE still has a higher computational overhead than ZKP, its potential for widespread adoption is imminent. Once FHE enters production and scales, it is expected to grow rapidly like ZK Rollups.
Challenges and Bottlenecks
The adoption of FHE faces several challenges, including computational efficiency and key management. Bootstrapping operations in FHE are computationally intensive, but improvements are being made with algorithm advancements and engineering optimizations. For specific use cases like machine learning (ML), alternatives that do not use bootstrapping operations may be more efficient.
Key management also poses challenges. Projects like Zama's fhEVM, Inco, or Phoenix require threshold key management, involving a set of validators with decryption capabilities. This approach needs further development to overcome single points of failure.
Use Cases:
Current State of the FHE Market
Crypto venture capital firms like 1kx have been actively investing in the FHE space, recognizing its potential. 1kx led the investment in the Inco project built on Zama, focusing on the use cases of fhEVM. Inco is developing applications such as slot machines, casinos, commercial payments, and gaming in collaboration with partners.
Threshold FHE (TFHE) combines FHE with MPC and blockchain, showing particular promise and opening up new use cases. The developer-friendly nature of FHE allows programming in Solidity, making it practical and feasible for application development.
Competitive Landscape
Arcium (formerly Elusiv)
Arcium is a DePIN network on Solana for parallel confidential computing. Founded by Yannik Schrade, Julian Deschler, Nicolas Schapeler, and Lukas Steiner, it was renamed from the zk-based compliance privacy protocol Elusiv on May 8, 2024.
Arcium supports developers and applications in DeFi, DePIN, AI, etc., providing flexible, trustless, verifiable, high-performance confidential computing capabilities through the underlying blockchain's DA layer and consensus layer calls. It is not a blockchain but allows developers to deploy confidential smart contracts across different blockchains and provides non-blockchain users the ability to configure blockchain layer trust models on demand.
In May 2024, Arcium completed a $5.5 million strategic financing round led by Greenfield Capital, with participation from Coinbase Ventures, Heartcore Capital, Longhash VC, L2 Iterative Ventures, Stake Facilities, Smape Capital, Everstake, Solana co-founder Anatoly Yakovenko, and Monad co-founder Keone Han.
Cysic
Cysic is a hardware acceleration company focused on real-time generation and verification of zero-knowledge (ZK) proofs. They offer ZK computing as a service (ZK-CaaS) based on proprietary ASIC, FPGA, and GPU chips. Cysic has developed FPGA hardware and plans to launch ZK DePIN chips/devices called ZK Air and ZK Pro, forming a Prover Network for DePIN.
In February 2023, Cysic completed a $6 million seed funding round led by Polychain Capital, with participation from HashKey, SNZ Holding, ABCDE, A&T Capital, and Web3.com Foundation.
Zama
Zama is an open-source cryptography company developing FHE solutions for blockchain and AI. Co-founded in early 2020 by Hindi and renowned cryptographer Pascal Paillier, one of the inventors of FHE, Zama provides FHE solutions for Web3 projects, such as the TFHE-re library, the TFHE compiler Concrete, privacy-preserving machine learning Concrete ML, and confidential smart contracts fhEVM.
Zama focuses on TFHE (Threshold Fully Homomorphic Encryption), with TFHE-re implemented in pure Rust for encrypting Boolean and integer computations, allowing developers and researchers fine-grained control over TFHE for advanced functionalities. fhEVM integrates TFHE-re into the EVM, allowing homomorphic operations as precompiled contracts without modifying the compilation tools.
On March 7, 2024, Zama completed a $73 million Series A funding round led by Multicoin Capital and Protocol Labs, with participation from Metaplanet, Blockchange Ventures, Vsquared Ventures, Stake Capital, Filecoin founder Juan Benet, Solana co-founder Anatoly Yakovenko, and Ethereum co-founder Gavin Wood. The funds will be used to continue research and development of their FHE tools.
Sunscreen
Sunscreen is a privacy startup that helps engineers build and deploy private applications using cryptographic technologies like FHE. They have open-sourced an FHE compiler, a Web3-native compiler that converts standard Rust functions into equivalent private FHE functions, providing optimal performance for arithmetic operations without hardware acceleration. The compiler also supports the BFV FHE scheme and is developing a compiler compatible with ZKP to ensure computational integrity when combined with FHE.
In July 2022, Sunscreen completed a $4.65 million seed funding round led by Polychain Capital, with participation from Northzone, Coinbase Ventures, dao5, and individuals like Naval Ravikant and Tux Pacific.
Octra
Octra is an FHE blockchain network that supports isolated execution environments and proposes a new type of FHE called HFHE (Homomorphic Fully Homomorphic Encryption) running on hypergraphs. According to official documentation, HFHE can be compatible with any project and run independently. Most of Octra's codebase is developed in OCaml, AST, ReasonML (for smart contracts and applications interacting with Octra), and C++. This approach is relatively new, with limited academic discussion. The security of the solution has not yet been validated and requires further verification.
Fhenix
Fhenix is an Ethereum Layer 2 (L2) supported by FHE Rollups and FHE Coprocessors, fully compatible with EVM and Solidity, using FHE to implement on-chain confidential smart contracts. Fhenix does not use zkFHE but adopts Optimistic Rollup and Zama's FHE to achieve on-chain confidentiality through fhEVM, focusing on TFHE (Threshold FHE).
In September 2023, Fhenix completed a $7 million seed funding round led by Sora Ventures, Multicoin Capital, and Collider Ventures, with participation from Node Capital, Bankless, HackVC, TaneLabs, and Metaplanet. A public testnet is expected to be released in early 2024 to support ecosystem application development.
Mind Network
Mind Network is an FHE re-staking layer for DePIN and AI, supported by Zama, aimed at achieving "HTTPZ" (end-to-end encrypted internet). Products include the FHE re-staking solution MindLayer, the FHE-authorized invisible address protocol MindSAP, and the FHE DataLake MindLake built through MindLayer's FHE verification network. Users can re-stake BTC and ETH LST tokens to Mind Network, introducing FHE-enhanced validators to ensure end-to-end encryption in the verification and computation processes of AI and DePIN networks. The smart PoI (Proof of Intelligence) consensus mechanism for AI machine learning tasks ensures fair and secure distribution among FHE validators. FHE computations can be hardware accelerated. MindLake is a data storage Rollup for on-chain encrypted data computation.
In June 2023, Mind Network completed a $2.5 million seed funding round, with participation from Binance Labs, Comma3 Ventures, SevenX Ventures, HashKey Capital, Big Brain Holdings, Arweave SCP Ventures, and Mandala Capital.
Inco
Inco Network is a modular confidential computing Layer 1 blockchain and Web3 universal privacy layer that provides privacy protection for on-chain applications. It combines Ethereum EVM and FHE, protected by EigenLayer, allowing programs to operate and compute on encrypted data without decryption, using on-chain native randomness. Inco launched the Gentry testnet to address Web3 privacy challenges, supporting applications such as gaming, DeFi (including dark pools, private lending, and blind auctions), and enterprise solutions (like confidential stablecoins, private RWAs, and private voting).
In February 2024, Inco Network completed a $4.5 million seed funding round led by 1kx, with participation from Circle Ventures, Robot Ventures, Portal VC, Alliance DAO, Big Brain Holdings, Symbolic, GSR, Polygon Ventures, Daedalus, Matter Labs, and Fenbushi.
Regulatory Environment for Privacy Technologies like FHE
The regulatory environment varies across different regions. While data privacy is widely supported, financial privacy remains a gray area. FHE has the potential to enhance data privacy, allowing users to retain ownership of their data and potentially profit from it while maintaining social benefits like targeted advertising.
Looking ahead, gradual improvements in theory, software, hardware, and algorithms are expected to make FHE increasingly practical. The development of FHE is currently transitioning from theoretical research to practical applications, with significant progress anticipated in the next three to five years.
Conclusion
Fully Homomorphic Encryption (FHE) is on the brink of a revolutionary transformation in the field of cryptography, offering advanced privacy and security solutions. With ongoing advancements and increasing attention from venture capital, FHE is poised for widespread adoption, addressing key issues of blockchain scalability and privacy protection. As the technology matures, it is expected to unlock new possibilities and drive innovation across various applications in the crypto ecosystem.
