H33-128 (BFV)H33-256 (L5)H33-CKKS (Float)H33-TFHE (Gates)TFHE BootstrapFHE-IQ (Auto)H33-CompileFHE OverviewZK LookupsZKP-AIRBiometricsZK-KYCZK-PhishZK-TrustlessZK-VerifyArchiveSignH33-3-KeyH33-GatewayH33-MPCPQC ArchitectureDeviceProofH33-Agent-ZeroAI ComplianceBotShieldFraudShieldH33-HealthH33-KeyH33-ShareH33-ShieldH33-VaultMedVaultQuantumVaultVaultKeyEncrypted SearchStorage Encryption
Continuous Monitoring
Continuous Control MonitoringContinuous AttestationOperational Integrity
AI Governance
AI Agent GovernanceContinuous AI GovernanceAgent AttestationAgent Replay
Privacy & Chains
Privacy LayerZK-AttestationChain-Agnostic PrivacyDigital Asset Governance
Infrastructure
Governance ReplayPost-Quantum ConversionAttestation APIPost-Quantum APICyber Claim Verification
HATS Protocol
HATS StandardHATS SpecificationVerification GuaranteesConformance SuiteProtocol Stability
Compliance
SOC 2 Type IIISO 27001HIPAA BAAGDPRPCI DSSNIST FIPS 203/204FedNow
Operational Architecture
Governance GraphReplay EngineVerification ModelEvidence ChainsFederation
Cryptographic Infrastructure
H33-74 Proof BundlesCryptographic ProfilesConformance SuiteH33-ChaosCompatibility GuaranteesCompare
Validation
Adversarial ValidationDeterministic ReplayConformance VectorsAgent Benchmarks
Verification
Public VerifierSession Replay ExplorerGovernance ReplayIndependent Verification
Live Systems
Live API TestLive AuthenticationEncrypted ComputeAI Classification
Performance
BenchmarksH33 vs SEALWhite PaperHICS Code Scoring
Verifier CLITypeScript SDKMCP SDKGitHub
References
API ReferenceAgent SpecificationSchemasConformance VectorsDocumentation
Cyber Insurance (HATS)BankingGovernmentHealthcareLaw FirmsPayments (WireProof)Tokenization
PricingDemo
Log InGet API Key
FHE

Private Machine Learning with FHE: Running AI on Encrypted Data

📅 January 2, 2026 ⏱️ 8 min read ✍️ H33 Team

Machine learning models often need access to sensitive data. FHE enables ML inference on encrypted data—the model never sees the plaintext input, yet produces correct predictions. This opens new possibilities for privacy-preserving AI.

The Private ML Challenge

Traditional ML deployment creates privacy tensions:

  • Cloud ML services see all your data
  • Sensitive inputs (medical, financial, personal) are exposed
  • Model providers may learn from your data
  • Regulatory constraints limit where data can be processed

FHE ML allows you to use powerful cloud models while keeping data completely private.

How FHE ML Works

The process involves several steps:

FHE ML Inference Flow

1. Client encrypts input with their FHE key
2. Server receives encrypted input
3. Server evaluates ML model on encrypted data
4. Server returns encrypted prediction
5. Client decrypts to get prediction

The server performs real computation—matrix multiplications, activations, etc.—all on encrypted values.

Supported Operations

FHE supports operations needed for ML:

  • Linear layers: Matrix multiplication via homomorphic operations
  • Convolutions: Implemented as matrix operations
  • Activations: Polynomial approximations of ReLU, sigmoid, etc.
  • Pooling: Average pooling works directly; max pooling requires approximation
// Example: Encrypted linear layer
// W is plaintext weights, x is encrypted input
encrypted_output = W * encrypted_x + encrypted_b

// Polynomial ReLU approximation
// x^2 / 4 + x / 2 + 1/4 approximates ReLU for small x
encrypted_relu = a*encrypted_x^2 + b*encrypted_x + c

Model Architecture Considerations

Some architectures work better with FHE:

FHE-Friendly:

  • Shallow networks (fewer multiplications)
  • Polynomial activations
  • Convolutional networks
  • Square activations

FHE-Challenging:

  • Very deep networks
  • Attention mechanisms (expensive comparisons)
  • Batch normalization (division issues)
  • Sparse operations

CKKS for ML

CKKS is the preferred scheme for ML because:

  • Native approximate arithmetic suits ML's tolerance for imprecision
  • Efficient rescaling after multiplications
  • Real number encoding matches neural network weights
  • Good vectorization for batched inference

Performance Reality

FHE ML is slower than plaintext, but increasingly practical:

  • Simple classifiers: Milliseconds
  • CNNs on small images: Seconds
  • Larger networks: Minutes
  • With GPU acceleration: 10-100x faster

Real-World Applications

FHE ML is being used for:

  • Medical diagnosis on encrypted patient data
  • Financial fraud detection without exposing transactions
  • Face recognition with encrypted templates (H33's specialty)
  • Sentiment analysis on encrypted text

FHE ML represents the future of privacy-preserving AI—powerful models that respect data privacy by design.

Ready to Go Quantum-Secure?

Start protecting your users with post-quantum authentication today. 1,000 free auths, no credit card required.

Get Free API Key →

Related Articles

FHE
What Is Fully Homomorphic Encryption (FHE)? The Complete Guide
FHE
FHE for Biometric Authentication: Privacy-Preserving Identity Verification
FHE
BFV vs CKKS: Choosing the Right FHE Scheme for Your Application