Better Bootstrapping in Fully Homomorphic Encryption

  • Craig Gentry
  • Shai Halevi
  • Nigel P. Smart
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7293)


Gentry’s bootstrapping technique is currently the only known method of obtaining a “pure” fully homomorphic encryption (FHE) schemes, and it may offers performance advantages even in cases that do not require pure FHE (e.g., when using the noise-control technique of Brakerski-Gentry-Vaikuntanathan).

The main bottleneck in bootstrapping is the need to evaluate homomorphically the reduction of one integer modulo another. This is typically done by emulating a binary modular reduction circuit, using bit operations on binary representation of integers. We present a simpler approach that bypasses the homomorphic modular-reduction bottleneck to some extent, by working with a modulus very close to a power of two. Our method is easier to describe and implement than the generic binary circuit approach, and we expect it to be faster in practice (although we did not implement it yet). In some cases it also allows us to store the encryption of the secret key as a single ciphertext, thus reducing the size of the public key.

We also show how to combine our new method with the SIMD homomorphic computation techniques of Smart-Vercauteren and Gentry-Halevi-Smart, to get a bootstrapping method that works in time quasi-linear in the security parameter. This last part requires extending the techniques from prior work to handle arithmetic not only over fields, but also over some rings. (Specifically, our method uses arithmetic modulo a power of two, rather than over characteristic-two fields.)


  1. 1.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: Innovations in Theoretical Computer Science, ITCS 2012 (2012),
  2. 2.
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: FOCS 2011. IEEE Computer Society (2011)Google Scholar
  3. 3.
    Brakerski, Z., Vaikuntanathan, V.: Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011)Google Scholar
  4. 4.
    Cassels, J.W.S.: Local Fields. LMS Student Texts, vol. 3. Cambridge University Press (1986)Google Scholar
  5. 5.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully Homomorphic Encryption over the Integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010), Full version available on-line from CrossRefGoogle Scholar
  6. 6.
    Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009),
  7. 7.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC, pp. 169–178. ACM (2009)Google Scholar
  8. 8.
    Gentry, C., Halevi, S.: Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In: FOCS 2011. IEEE Computer Society (2011)Google Scholar
  9. 9.
    Gentry, C., Halevi, S.: Implementing Gentry’s Fully-Homomorphic Encryption Scheme. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 129–148. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Gentry, C., Halevi, S., Smart, N.P.: Better bootstrapping for fully homomorphic encryption (2011),
  11. 11.
    Gentry, C., Halevi, S., Smart, N.P.: Fully Homomorphic Encryption with Polylog Overhead. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 465–482. Springer, Heidelberg (2012), Full version at CrossRefGoogle Scholar
  12. 12.
    Rivest, R., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–180 (1978)Google Scholar
  13. 13.
    Smart, N.P., Vercauteren, F.: Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations (2011) (manuscript),

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Craig Gentry
    • 1
  • Shai Halevi
    • 1
  • Nigel P. Smart
    • 2
  1. 1.IBM T.J. Watson Research CenterUSA
  2. 2.Dept. Computer ScienceUniversity of BristolUSA

Personalised recommendations