Cryptographic Schemes and Technical Foundations

Introduction to FHE Schemes

Fully homomorphic encryption is not a single algorithm but a family of cryptographic constructions that enable computation on encrypted data. Each scheme is built upon hard mathematical problems, primarily lattice-based assumptions such as Learning With Errors (LWE) and Ring-LWE, that are believed to be secure even against quantum computers. These schemes differ in their efficiency, the types of computations they support best, and how they manage the noise that accumulates during operations. Understanding the main schemes is essential for grasping how FHE integrates into smart-contract environments and why certain designs are chosen for specific use cases.

The four most widely discussed schemes are BFV, BGV, CKKS, and TFHE/FHEW. Each addresses different computational needs and operates under slightly different mathematical frameworks. Their selection for blockchain use often depends on whether the target application involves exact integer computations, approximate arithmetic suitable for machine learning, or fast bitwise operations required for smart-contract logic.

BFV and BGV: Integer-Focused Schemes

The BFV (Brakerski–Fan–Vercauteren) and BGV (Brakerski–Gentry–Vaikuntanathan) schemes were among the first practical FHE constructions to gain traction. Both are based on lattice cryptography and designed for operations on integers or modular arithmetic. They support exact addition and multiplication, making them suitable for financial calculations, voting mechanisms, and scenarios where precision is critical.

The BFV scheme focuses on efficient handling of modular integer computations, particularly useful when the application requires deterministic outcomes without rounding errors. BGV, while similar in underlying principles, incorporates additional optimizations for packed ciphertexts, allowing multiple values to be processed in parallel (a technique known as batching). This batching capability is valuable for throughput in environments like blockchains, where transaction throughput and cost are tightly coupled to computational efficiency.

Both BFV and BGV rely on leveled homomorphic encryption, meaning they allow a fixed number of operations before ciphertext noise grows too large. Bootstrapping, a process that “refreshes” the ciphertext by re-encrypting it homomorphically, enables these schemes to become fully homomorphic. While bootstrapping was initially prohibitively slow, modern implementations have reduced its overhead dramatically, making continuous encrypted computation feasible in real-world systems.

CKKS: Approximate Arithmetic for Machine Learning

The CKKS (Cheon–Kim–Kim–Song) scheme introduced a different approach to homomorphic encryption by supporting approximate arithmetic rather than exact integer operations. This design is particularly well-suited to machine learning and artificial intelligence workloads, where exact precision is often unnecessary and floating-point approximations are acceptable. CKKS encodes real or complex numbers into ciphertexts and allows vectorized computations, which can accelerate tasks like encrypted model inference or secure data analytics.

CKKS’s trade-off lies in its approximation: results may have minor errors due to scaling and rounding during encryption and computation. For many AI and data science applications, this trade-off is acceptable because models inherently tolerate small numerical variations. In blockchain contexts, CKKS could support confidential AI agents running on-chain, performing predictions or risk assessments without exposing either the model or the user data.

Despite its advantages for certain workloads, CKKS is less suited for financial smart contracts or voting mechanisms where exact outcomes are mandatory. For these applications, integer-based schemes like BFV or TFHE are preferred. However, CKKS’s capacity to handle high-dimensional vector operations makes it a candidate for future decentralized AI marketplaces and privacy-preserving federated learning on blockchains.

TFHE and FHEW: Bit-Level Schemes

TFHE (Fast Fully Homomorphic Encryption over the Torus) and its predecessor FHEW are optimized for bit-level computations. Unlike BFV, BGV, or CKKS, which operate on vectors or polynomials, TFHE encrypts individual bits and performs fast Boolean operations. This approach is particularly advantageous for applications requiring logic gates rather than arithmetic, such as comparisons, conditional branching, or encrypted smart-contract state transitions.

One of TFHE’s defining features is its extremely fast bootstrapping capability. In early FHE schemes, bootstrapping was the primary bottleneck, often taking seconds per operation. TFHE reduced this to milliseconds by redesigning how ciphertext refreshes are performed, making continuous encrypted computation practical for interactive applications. This breakthrough positioned TFHE as the leading candidate for blockchain environments like Zama’s fhEVM, where smart contracts must handle arbitrary encrypted logic efficiently.

The primary trade-off with TFHE is its focus on binary operations, which can make arithmetic-heavy workloads less efficient compared to CKKS or BFV. However, hybrid approaches are emerging, where TFHE is used for control logic and CKKS for approximate arithmetic, combining the strengths of both paradigms in privacy-preserving decentralized applications.

Bootstrapping and Noise Management

Noise is an inherent feature of lattice-based homomorphic encryption schemes. Each operation performed on encrypted data increases this noise, and once it exceeds a certain threshold, the ciphertext can no longer be correctly decrypted. Bootstrapping is the process of homomorphically decrypting and re-encrypting the ciphertext to reset this noise, effectively allowing unlimited computations.

Early bootstrapping algorithms were slow and resource-intensive, making fully homomorphic encryption impractical outside of academic demonstrations. Over the past decade, however, significant advances have reduced bootstrapping times from minutes to milliseconds. TFHE and FHEW pioneered low-latency bootstrapping suitable for real-time applications, while CKKS and BFV have also seen major improvements through optimized algorithms and hardware acceleration.

Noise management is not limited to bootstrapping. Techniques like modulus switching, key switching, and ciphertext packing help control noise growth and improve efficiency. Modulus switching reduces the size of ciphertexts during computation, key switching allows encrypted data to transition between different keys without decryption, and packing enables parallel processing of multiple values in a single ciphertext. Together, these techniques form the backbone of practical FHE implementations.

Hardware Acceleration and Performance Trends

Despite algorithmic optimizations, FHE remains computationally heavy compared to traditional cryptography. Hardware acceleration is therefore a key area of research and development. GPUs have become the first target due to their parallel processing capabilities, providing significant speedups for polynomial arithmetic and vectorized operations central to FHE schemes. More recently, field-programmable gate arrays (FPGAs) and dedicated application-specific integrated circuits (ASICs) are being explored to achieve even greater efficiency.

Zama’s introduction of a Homomorphic Processing Unit (HPU) prototype illustrates the industry’s push toward specialized hardware for encrypted computation. Such devices are designed specifically to handle FHE workloads, dramatically reducing latency and energy consumption. As blockchain applications demand low transaction costs and high throughput, hardware acceleration will likely play a crucial role in making FHE-powered smart contracts commercially viable.

Libraries and Development Frameworks

Several open-source libraries have emerged as foundational tools for developers working with FHE. Microsoft SEAL, one of the most widely used libraries, supports BFV and CKKS schemes and is optimized for ease of use and cross-platform compatibility. OpenFHE (formerly PALISADE) offers a more comprehensive set of features, including support for multiple schemes and advanced optimizations. HElib, developed by IBM, provides a research-oriented platform focusing on BGV but remains influential in the academic community.

For TFHE-based applications, the TFHE-rs library from Zama has become the standard, offering efficient bootstrapping and compatibility with their fhEVM framework. Concrete, another library from Zama, provides developer-friendly tools for building FHE applications in Rust, emphasizing usability without sacrificing performance. Fhenix, focusing on confidential smart contracts for Ethereum, has introduced a Solidity SDK that abstracts away much of the cryptographic complexity, enabling blockchain developers to build encrypted contracts with familiar tools.

The maturation of these libraries has lowered the barrier to entry for developers. What once required deep cryptographic expertise can now be approached by smart-contract developers familiar with standard languages like Solidity or Rust. This democratization of FHE development is accelerating experimentation and adoption across decentralized finance, healthcare, and AI-on-chain projects.