Forward the Original Title ‘Comprehensive Guide to Fully Homomorphic Encryption (FHE)’

TLDR:

• Fully Homomorphic Encryption (FHE) is the next-generation privacy protection technology that is about to rise and is worth our investment. FHE has ideal privacy protection capabilities, but there are still performance gaps. We believe that with the entry of crypto capital, the development and maturity of the technology will be greatly accelerated, just like the rapid development of ZK in recent years.
• Fully Homomorphic Encryption can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy protection co-processors. Among them, I especially favor the privacy-protected EVM, which is more flexible and better suited to EVM than existing ring signature, coin mixing technologies, and ZK.
• We have researched several outstanding FHE projects, most of which will go live on the mainnet from this year to the first quarter of next year. Among these projects, ZAMA has the strongest technology but has not yet announced plans to issue a token. Additionally, we consider Fhenix to be the best FHE project among them.

1. FHE is an ideal privacy protection technology

1.1 The role of FHE

Fully Homomorphic Encryption (FHE) is a form of encryption that allows people to perform an arbitrary number of additions and multiplications on ciphertexts to obtain results that are still encrypted. When decrypted, the result is the same as if the operations had been performed on plaintext. This achieves “computable but invisible” data.

Fully homomorphic is particularly suitable for outsourced computing. You can outsource data to external computing power without worrying about data leakage.

In layman’s terms, for example, you run a company, and the company’s data is very valuable. You want to use useful cloud services to process and calculate this data, but you are worried about data leakage in the cloud. Then you can:

1. Convert the data into ciphertext through fully homomorphic encryption and then upload it to the cloud server. For example, the numbers 5 and 10 in the picture above will be encrypted into ciphertext and expressed as “X” and “YZ”.
2. When you need to perform operations on data, for example, if you want to add two numbers 5 and 10, you only need to let the ciphertext “X” and “YZ” on the cloud server perform the corresponding plaintext + operation specified by the algorithm. A certain operation results in the ciphertext result “PDQ”.
3. After the ciphertext result is downloaded from the cloud server, it is decrypted to obtain the plaintext. You will find that the plaintext result is the operation result of 5 + 10.

The plaintext only appears to you, while all stored and calculated on the cloud server are ciphertext data. This way you don’t have to worry about data leakage. This privacy-preserving approach is ideal.

• Semi-homomorphic encryption: Semi-homomorphism is easier and more practical. Semi-homomorphism means that the ciphertext has only one homomorphic property, such as additive homomorphism/multiplicative homomorphism.
• Approximately homomorphic: Allows us to calculate addition and multiplication on ciphertext at the same time, but the number of supported times is very limited.
• Finite series fully homomorphic encryption: Allows us to perform any combination of addition and multiplication on the ciphertext, with no limit on the number of times. But there is a new complexity upper limit, which limits the complexity of the function.
• Fully homomorphic encryption: It needs to support any number of addition and multiplication operations, with no limit on complexity and number of times.

Fully homomorphic encryption is the most difficult and ideal here, and is called the “Holy Grail of cryptography””.

1.2 History

Fully homomorphic encryption has a long history

• 1978: The concept of fully homomorphic encryption was proposed.
• Year 2009(First generation): The first fully homomorphic scheme was proposed.
• year 2011(Second generation): A fully homomorphic scheme based on integers is proposed. It is simpler than the previous solution, but the efficiency is not improved.
• year 2013(Third generation): A new technology GSW is proposed to construct an FTE solution, which is more efficient and safer. This technology was further improved and FHEW and TFHE were developed, further improving efficiency.
• 2016(Fourth generation): An approximately homomorphic encryption scheme CKKS is proposed, which is the most effective method for evaluating polynomial approximation and is particularly suitable for privacy-preserving machine learning applications.

The algorithms currently supported by commonly used homomorphic encryption libraries are mainly third- and fourth-generation algorithms. Algorithmic innovation, engineering optimization, more friendly Blockchain, and hardware acceleration are easy to emerge with the entry of capital.

1.3 Current performance and availability

Commonly used homomorphic encryption libraries：

ZAMA TFHE performance：

For example: ZAMA TFHE’s 256-bit addition and subtraction takes about 200ms, and the plaintext calculation takes about tens to hundreds of nanoseconds. The FHE calculation speed is about 10^6 times slower than the plaintext calculation. Partially optimized operations are approximately 1000 times slower than plain text. Of course, it is inherently unfair to compare a ciphertext calculation with a plaintext calculation. There is a price to pay for privacy, not to mention the ideal privacy protection technology of fully homomorphism.

ZAMA is aiming to enhance performance through the development of FHE hardware.

1.4 Technical Research Directions for FHE in Web3

Web3 is inherently decentralized, and integrating Fully Homomorphic Encryption (FHE) with Web3 opens up several promising research directions:

• Developing innovative FHE schemes, compilers, and libraries to make FHE more user-friendly, faster, and more suitable for blockchain applications.
• Creating FHE hardware to boost computational performance.
• Combining FHE with Zero-Knowledge Proofs (ZKP) to ensure private computations while proving that the inputs and outputs meet specific conditions or that FHE operations are correctly executed.
• Protecting computational nodes from malicious behavior, potentially using solutions like EigenLayer restaking.
• Implementing MPC (Multi-Party Computation) decryption schemes where shared states are encrypted and keys use MPC sharding, requiring a secure and high-performance threshold decryption protocol.
• Enhancing the data availability (DA) layer for higher throughput, as the current Celestia setup does not meet the necessary requirements.

In summary, we view Fully Homomorphic Encryption (FHE) as the next-generation privacy protection technology on the rise. While it offers excellent privacy capabilities, there are still performance challenges to overcome. With the influx of crypto capital, we anticipate rapid advancements and maturity in this technology, similar to the progress seen with Zero-Knowledge Proofs (ZK) in recent years. The FHE sector is certainly worth our investment.

2. FHE is used in various privacy protection scenarios in Web3, among which I am most optimistic about privacy EVM.

FHE belongs to the privacy protection track. Simply put, it includes “Transaction privacy protection”+“AI privacy protection”+ “Privacy Preserving Coprocessor”.

• Transaction privacy protection also includes privacy-protecting Defi, voting, bidding, anti-MEV, etc.
• AI privacy protection also includes decentralized identity, as well as the privacy protection of other AI models and data.
• The privacy protection coprocessor performs fully homomorphic ciphertext operations off-chain and ultimately returns the results to the chain. It can be used for Trustless games, etc.

Of course, there are many privacy protection technologies, and you will know the particularity of FHE by comparing them.

• TEE is very fast. Data is stored and calculated in plain text in trusted hardware, so it is very fast. But it relies on secure hardware. It actually trusts the manufacturer of the hardware rather than the algorithm. This trust model is centralized. And some calculation verification of TEE requires connecting to the TEE manufacturer for remote verification. This is not suitable for integration into the blockchain for on-chain verification. Because we require on-chain verification, only the historical data nodes of the blockchain can be completed independently, and should not rely on external centralized institutions.
• MPC secure multi-party computation is also a privacy-protecting multi-party computation technology. However, this technology often requires multiple parties to be online at the same time and interact frequently, and is usually not suitable for asynchronous scenarios such as blockchain. MPC is mostly used for decentralized key management. In the MPC wallet, the private key is not stored in complete form anywhere. Instead, the private key is broken into multiple shards (or parts) that are stored on different devices or nodes. Only when a transaction needs to be signed, multiple shards will jointly participate in the calculation through the multi-party calculation protocol to generate a signature.
• ZK zero-knowledge proofs are mostly used for calculation proofs to prove that a certain calculation process is executed correctly, and are rarely used for privacy protection. ZK and homomorphic technology are also inseparable, and homomorphic technology is also used in the privacy protection part.
• FHE fully homomorphic encryption does not require the exchange of data midway during the ciphertext operation process and can be completely calculated on the server/node. Therefore, MPC does not require the initiator/multiple parties to be online and is more suitable for blockchain. And compared to TEE, it is Trustless. The only drawback is that the performance is not high.

Therefore, as long as FHE gradually improves performance, its privacy protection capabilities are more suitable for Web3.

At the same time, in terms of transaction privacy protection, fully homomorphic encryption is also more suitable for EVM. because:

• Ring signature and currency mixing technologies cannot support contracts.
• For ZK privacy protection projects such as Aleo, the private data is similar to the UTXO model, not the EVM account model.
• Fully homomorphic encryption can support both contracts and account models, and can be easily integrated into the EVM.

In contrast, a fully homomorphic EVM is indeed attractive.

AI calculations are inherently computationally intensive, and adding an encryption mode as complex as fully homomorphic encryption may result in low performance and high costs at this stage.I think AI privacy protection will eventually be a hybrid solution of TEE/MPC/ZK/semi-homomorphic.

In summary, fully homomorphic encryption can be used in Web3Transaction privacy protection, AI privacy protection and privacy protection co-processor.Among them, I am particularly optimistic about privacy protection EVM. It is more flexible and more suitable for EVM than the existing ring signature, currency mixing technology, and ZK.

3. Most FHE Projects Will Launch on the Mainnet Between This Year and the First Quarter of Next Year; We Believe Fhenix is the Best FHE Project Besides ZAMA

We have evaluated several leading Fully Homomorphic Encryption (FHE) projects currently available. Here is a brief overview:

3.1 ZAMA (Tools)

Overview: ZAMA provides Fully Homomorphic Encryption solutions for blockchain and AI.

• Tools: TFHE-rs, a Rust implementation of TFHE.
• Tools: Concrete, a compiler for TFHE.
• Products: Concrete ML, a privacy-preserving machine learning platform.
• Products: fhEVM, privacy-preserving smart contracts.
• Team:
  • CTO & Co-Founder: Pascal Paillier, a distinguished cryptographer. He earned his PhD from Telecom ParisTech in 1999 and invented the Paillier cryptosystem in the same year. He has been publishing papers on homomorphic encryption since 2013 and is a leading expert in the field.
  • CEO & Co-Founder: Rand Hindi, who completed his PhD in Bioinformatics at UCL in 2011. He has worked on numerous data science projects and has advised multiple projects alongside his work at ZAMA.
• Funding: Over the past four years, ZAMA has raised over $82 million. Their latest Series A round secured $73 million, led by Multicoin Capital and Protocol Labs.
  • On September 26, 2023, they raised $7 million in a Seed Round led by Multicoin Capital, with participation from Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC, and Metaplanet.

3.2 Fhenix (EVM + AI)

• Narrative: FHE Coprocessor/L2 FHE Rollup (EVM Compatible Privacy L2)
  • Product: Rollup supports FHE and is an EVM-compatible confidential smart contract. Developers use Solidity to develop Dapps while ensuring data privacy.
  • Product: FHE coprocessor, which offloads encrypted computing tasks from the host chain (whether it is Ethereum, L2 or L3) to the off-chain. They greatly increase the efficiency of FHE-based operations.
  • Cooperation: Cooperate with Zama, use ZAMA’s fhEVM, and the ZAMA library on github is forked
  • Cooperation: Cooperate with EigenLayer, the nodes of Rollup need to be regenerated in EigenLayer
• Team: Guy Itzhaki has more than 7 years of working experience at Intel and serves as Intel’s Director of Homomorphic Encryption and Blockchain Business Development.
  • Founder: Guy Zyskind, PhD candidate at MIT, MSC at MIT in 2016.Participated in the research and development of MIT Enigma privacy protocol and has strong research and development capabilities.
  • CEO: Guy Itzhaki has 7 years of working experience at Intel and has very strong experience in the field of privacy protection.Served as Intel’s Homomorphic Encryption and Blockchain Business Development Director.
  • Prof. Chris, Peikert, Cryptozoologists for fully homomorphic encryption. Algorand’s cryptography leader.
• Financing: 1 year, the latest Series A round raised 15 million, led by Hack VC, followed by Foresight Ventures and other institutions.
  • In May 2024, Series A raised $15 million, led by Hack VC, followed by Foresight Ventures and other institutions.
  • On September 26, 2023, Seed Round raised US$7 million, led by Multicoin Capital, with participation from Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC and Metaplanet.
• Roadmap: The test network will be released in Q2 of 2024 and will be launched in Q1 of 2025.
  • In Q2 of 2024, the threshold network will be released.
  • 2024年Q3，FHE Co-processor V0.
  • Q1 2025, mainnet
  • 2025年Q3，FHE Co-processor V1.

3.3 Inco (EVM)

• Narrative: Modular Privacy Computing Layer/Support EVM Chain
  • Product: Rollup supports FHE and is an EVM-compatible confidential smart contract. Developers use Solidity to develop Dapps while ensuring data privacy.
  • Cooperation: Cooperate with Zama and use ZAMA’s fhEVM
• Team: Founder Remi Ga, who briefly worked as a software engineer at Microsoft and Google in the early days, and worked on Parallel Finance’s DeFi project
  • Founder: Remi Gai, 22 years ago, he had 6 to 9 months of experience as a software engineer at Microsoft and Google respectively, and later worked on Parallel Finance and DeFi projects.
  • Tech lead: Amaury A, core developer of Cosmos
• Financing: The latest round of seed financing was 4.5 million yuan, led by 1kx
  • In February 2024, Inco Network completed a US$4.5 million seed round of financing, led by 1kx, with participation from Circle Ventures, Robot Ventures, Portal VC, Alliance DAO, Big Brain Holdings, Symbolic, GSR, Polygon Ventures, Daedalus, Matter Labs and Fenbushi. cast
• Progress: Testnet launched in March 2024, mainnet launched in Q4 2024
  • In March 2024, the test network will be launched including fhEVM. It currently includes several examples of privacy-protecting ERC-20, privacy voting, blind photography, and privacy DID.
  • In Q2~Q3 of 2024, the test network will be launched including fhEVM
  • Q4 2024, on the mainnet
  • In 2025, we plan to implement FPGA hardware acceleration, hoping that the TPS will reach 100~1000.

3.4 Mind Network (AI&DePIN)

• Narrative: Privacy protection of data and private computing. AI and DePIN data and models.
  • Product: The 23-year narrative is Privacy Data Lake, privacy-preserving data storage and computing. This year, privacy protection for AI and DePIN data and models has been adjusted.
  • Cooperation: Cooperate with ZAMA and use ZAMA’s fully homomorphic library
  • Cooperation: Cooperate with Fhenix and Inco, use fhEVM for Rollup
  • Cooperation: Cooperate with Arweave to store encrypted data
  • Cooperation: Cooperate with EigenLayer, Babylon, etc. to serve node restaking. Reference: https://mindnetwork.medium.com/fhe-secured-restaking-layer-scaling-security-for-ai-depin-networks-73d5c6e5dda3
• Team: CTO George was a researcher at Cambridge University.
  • Co-founder & CTO: George was a researcher at Cambridge University, a technical director of a multinational bank, and has many years of experience in Internet financial technology.
• Financing: 2 years, Seed raised 2.5 million, incubated by Binance Labs
  • On June 20, 2023, Seed Round raised US$2.5 million, led by Binance Labs, with participation from HashKey, SevenX, etc.
• RoadMap: It has been on the test network and currently has a restake function. The rest of the Roadmap has not been announced yet.

3.5 Privasea (AI&DePIN)

• Narrative: AI and DePIN Privacy Computing.
  • Product: Use FHE to train ML models. Optimized TFHE’s Boolean gates.
  • Product: FaceID, privacy-protected version of face recognition. Used for witch prevention and KYC
  • Cooperation: Integrating BNB Greenfield to store encrypted data
• Team: CTO Zhuan Cheng, PhD in mathematics from the University of Chicago, has rich experience in cryptography technology research and development.
  • CEO: David Jiao, the AI ​​project has raised 20 million yuan, and the blockchain project has raised 4 million yuan.
  • CTO Zhuan Cheng, PhD in Mathematics at the University of Chicago, has rich experience in cryptography research and development. He has previously worked on NuLink’s ZK privacy protection project.
• Financing: 1 year, Seed raised 5 million, incubated by Binance Labs
  • In March 2024, Seed Round raised US$5 million, incubated by Binance Labs, with participation from MH Ventures, K300, Gate Labs, 1NVST, etc.
• RoadMap: Testnet V2 released in April 2024, Q3 mainnet in 2024
  • January 2024, Testnet V1.
  • April 2024, Testnet V2.
  • 2024年Q3，TGE.

3.6 Optalysys (Tools)

Narrative: Homomorphic encryption hardware.

Judging from the above information, ZAMA provides these projects with the core open source library of fully homomorphic encryption, and is currently the well-deserved technology pioneer and strongest player. However, ZAMA has not yet announced any plans to issue coins, so we focused on Fhinex.

Fhinex will implement privacy-protecting EVM and privacy-protecting smart contracts. They plan to build a Fhenix L2, a fully homomorphic privacy EVM. Provide privacy-preserving transactions and DeFi, etc. This L2 is also equipped with a threshold network for performing some encryption and decryption operations; in addition, Fhenix will also build an FHE co-processor, a fully homomorphic computing network that can serve EVM chains other than Fhenix and provide fully homomorphic computing. Serve.

The Fhinex team has strong technical strength. The team members include not only experts responsible for privacy computing at Intel, but also PHD who participated in the development of the Enigma privacy protocol at MIT, and the Algorand cryptography lead.

In short, we believe that fully homomorphic encryption projects such as ZAMA and Fhinex can bring ideal privacy protection tools to the blockchain.

Disclaimer：

1. This article is reprinted from [Foresight Research]. Forward the Original Title‘Foresight Ventures：深度解析FHE(全同态加密)赛道’. All copyrights belong to the original author [Maggie]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.