How can you analyze data without decrypting it?

Fully homomorphic encryption (FHE) allows mathematical operations directly on encrypted data. The result, when decrypted, is identical to performing the same operation on plaintext. This means AI models, search queries, analytics pipelines, and fraud detection systems can process sensitive data without ever decrypting it. The server performing the analysis never sees the raw data and never holds the decryption key.

What is the difference between BFV and CKKS encryption schemes?

BFV (Brakerski/Fan-Vercauteren) operates on exact integers and is ideal for operations requiring precise results — authentication, database lookups, counting, and matching. CKKS (Cheon-Kim-Kim-Song) operates on approximate floating-point numbers and is designed for machine learning inference, statistical analysis, and signal processing where small rounding errors are acceptable. H33 supports both schemes and routes operations to the optimal one automatically via FHE-IQ.

How does noise management work in FHE?

Every FHE operation adds a small amount of random noise to the ciphertext. If noise exceeds a threshold, decryption fails. Leveled FHE schemes manage this by allocating a noise budget at encryption time and consuming it with each operation. Multiplications consume more budget than additions. Techniques like modulus switching reduce noise by scaling down the ciphertext modulus, trading precision for noise headroom. H33 uses a single 56-bit modulus (H33-128 tier) with careful noise budgeting to complete all required operations without bootstrapping.

How to Analyze Data Without Decrypting It

The idea of computing on encrypted data sounds paradoxical. Encryption exists to make data unreadable. Computation requires reading data. Fully homomorphic encryption resolves this paradox through a specific mathematical property: operations on ciphertext produce results that, when decrypted, match the same operations performed on plaintext. The server computing on the data never sees the data and never could — it does not hold the decryption key.

The Mathematics in Simple Terms

FHE encodes data as polynomials — mathematical expressions with coefficients. Encryption adds carefully structured noise to these polynomials. The noise makes the encrypted data look random to anyone without the decryption key, but the mathematical structure is preserved.

Encrypted addition. Adding two ciphertexts produces a new ciphertext. When decrypted, the result equals the sum of the two original plaintext values. If you encrypt 5 and encrypt 7, adding the ciphertexts produces an encryption of 12 — without either value ever being exposed.

Encrypted multiplication. Multiplying two ciphertexts produces a ciphertext whose decryption equals the product of the plaintext values. Encrypting 3 and encrypting 4, then multiplying the ciphertexts, yields an encryption of 12.

Because addition and multiplication are the two fundamental arithmetic operations, any computation that can be expressed as a polynomial function — which includes all neural network layers, all distance calculations, all aggregation queries — can run entirely on encrypted data.

Noise Management: The Core Challenge

Every FHE operation adds noise to the ciphertext. This noise is what makes the scheme secure — without it, the ciphertext would reveal information about the plaintext. But if noise grows too large, it corrupts the result and decryption fails.

Additions add a small amount of noise. Multiplications add significantly more. In a leveled FHE scheme, the encryption parameters define a noise budget that is consumed by each operation. The challenge is choosing parameters that provide enough budget for the required computation while keeping ciphertext sizes and computation times manageable.

Modulus switching is the primary technique for managing noise mid-computation. It scales down the ciphertext modulus, reducing both the ciphertext values and the noise proportionally. This trades a small amount of precision for a large reduction in noise, extending the computation's lifespan. H33's BFV implementation uses a single 56-bit modulus with careful noise budgeting that eliminates the need for bootstrapping in all production workloads.

BFV vs. CKKS: Choosing the Right Scheme

Two FHE schemes dominate production deployments, each optimized for different data types and use cases.

BFV: Exact Integer Arithmetic

The Brakerski/Fan-Vercauteren (BFV) scheme operates on exact integers modulo a plaintext modulus t. Every operation produces a precise result — no rounding, no approximation. BFV is the correct choice for biometric matching (where inner product results must be exact), database queries (where counts and lookups cannot tolerate error), authentication decisions (where the result is binary), and any computation requiring deterministic output.

H33's production authentication pipeline uses BFV with N=4096, a single 56-bit modulus Q, and plaintext modulus t=65537. This configuration packs 32 independent user templates into a single ciphertext via CRT-based SIMD batching, processing all 32 in a single encrypted inner product.

CKKS: Approximate Floating-Point

The Cheon-Kim-Kim-Song (CKKS) scheme operates on approximate complex (or real) numbers. It encodes floating-point values into the ciphertext and accepts small rounding errors in exchange for native support for real-number arithmetic. CKKS is ideal for machine learning inference (where activations are floating-point), statistical analysis (means, variances, correlations), signal processing, and any workload where small numerical errors are acceptable.

CKKS uses rescaling instead of modulus switching: after each multiplication, the ciphertext modulus is reduced by a scale factor, keeping encrypted values at a consistent magnitude. This is analogous to fixed-point arithmetic where the decimal point is managed explicitly.

H33's Production Implementation

H33 supports both BFV and CKKS and routes operations to the optimal scheme automatically through FHE-IQ (Intelligent Encrypted Routing). The production pipeline applies several optimizations that reduce computation from the millisecond range to microseconds.

Montgomery NTT transforms polynomial multiplication from O(n²) to O(n log n) using number-theoretic transforms with Montgomery-form twiddle factors. No modular division appears in the hot path.

Harvey lazy reduction allows intermediate butterfly values to remain in [0, 2q) between NTT stages, halving the number of reduction operations.

NTT-domain persistence stores secret keys and enrolled templates in NTT form permanently, eliminating redundant forward transforms during computation.

SIMD batching packs 32 independent data slots into a single ciphertext. One encrypted operation processes 32 inputs simultaneously, amortizing the per-input cost to 38.5 microseconds.

The full pipeline — FHE computation, ZK-STARK proof of correct execution, and Dilithium post-quantum attestation — runs in 1,232 microseconds per 32-user batch. H33 sustains 2,172,518 operations per second on a single AWS Graviton4 instance (c8g.metal-48xl).

What You Can Analyze Without Decrypting

With production-grade FHE, the following operations work directly on encrypted data at scale:

Biometric matching. Encrypted face, fingerprint, or voice templates are compared via inner product without the biometric data ever being decrypted on the server.

Fraud detection. Transaction patterns are scored against encrypted models. The bank's data and the fraud detection vendor's model never see each other's plaintext.

Encrypted search. Queries run against encrypted databases. The server returns encrypted results without knowing what was searched or what was found.

Compliance checks. Age verification, accreditation validation, and sanctions screening run on encrypted identity data. The checker learns only the pass/fail result, not the underlying PII.

Medical analytics. Patient records are analyzed for population health trends, drug interactions, and diagnostic patterns without any individual record being decrypted outside the hospital's control.