Fully Homomorphic Encryption: the pros and cons

Fully Homomorphic Encryption: the pros and cons

As the “holy grail” of encryption, FHE certainly has some strong advantages, but it also has its downsides.

Estimated reading time: 4 minutes

This post is part 3 of the Fully Homomorphic Encryption series.




The main advantage of FHE is that it supports multiple operations on encrypted data.
Additions and multiplications are currently supported, which was impossible before the time of FHE. For example, PHE (Partially Homomorphic Encryption) can handle one of these operations, but not a combination of them. Unfortunately, there are limitations in supporting more types of functions. In the future, it is conceivable that subtractions and divisions will also be supported.

Third-Party Processing

Thanks to FHE, the (public) cloud can be used for operations that are highly sensitive.
When processing sensitive data, it is often chosen not to leave the data and its processing with an external party - the risk of leaking data is much greater. FHE allows the processor to store and process its data securely in the cloud. This opens the possibility of taking advantage of all the benefits of the cloud.


FHE can bridge the gap between existing solutions.
FHE makes it possible to offer extensive features, while maintaining maximum security. A good example is the comparison between cloud storage providers Dropbox and MEGA. Dropbox offers more features than MEGA, while MEGA offers more security than Dropbox. FHE can bridge this gap.

Post Quantum Cryptography

The lattice-based cryptography can withstand attacks from a quantum computer.
It used to be thought that public-key algorithms could withstand a cryptanalysis attack by quantum computers. Since 2021, this no longer applies to the most popular algorithms. However, it seems that FHE is not (yet) part of this group.

Sharing Data

Sensitive business data can be shared through the use of FHE.
For example, to enable cross-sector collaboration. This is possible because the calculations of the third-party will always be done on your encrypted data. It is therefore next to impossible that this data will be misused.


FHE can help you stay in compliance with modern laws and regulations.
As the penalties for violations of, for example, privacy regulations increase, it is more important than ever to handle information correctly. Because FHE can work with data that will never be readable, violations of the law suddenly become a much smaller risk in the event of a leak.



Unfortunately, FHE's performance is not exactly efficient at the moment.
For example, in 2011 a simple operation still took seconds to hours. This has improved a lot over the years, but it's not yet at the level of traditional encryption. FHE is still a balancing act between utility, safety, and performance. It is safe but has suboptimal performance.


FHE is still relatively young and is not being quickly adopted by the IT world.
IBM, Microsoft, Google, and others are still working hard on the first production ready FHE implementations. There is still a lot to gain in terms of features and performance.

Data Gathering

FHE protects users and their data. These cannot be sold easily.
If fully implemented, FHE could be the end of targeted advertising. Also, selling anonymous user data and many other ways in which money can be made are at risk of extinction. Users want to be more secure, but they probably aren't willing to pay for it.

Multiple Users

FHE does not have multi-user functionality yet.
Because of this flaw, a database could - for example - only support one customer if it is encrypted in its entirety with one key. It is therefore not possible to access only part of the encrypted data with a key. In the future, this may no longer be a problem.


Lattice-based cryptography, used by FHE, can make data unreadable.
Whenever a calculation is made with an encrypted value, the amount of noise in that value grows. There is a point where the value can no longer be used or deciphered. As a result, it is necessary to keep track of how much noise the data contains and possibly re-encrypt it. Most FHE implementations do this automatically.

User Friendliness

FHE can be implemented using only a few lines of code, but the inner workings are difficult to understand.
FHE is not beginner-friendly, not user-friendly, and very difficult to understand if you are not a cryptographer. Yet it can be implemented with just a few lines of code and an hour of time. It starts to become difficult when the standard options are not sufficient, and a more advanced implementation is desired.

This article is based on a research report I wrote for the project “Fully Homomorphic Encryption” commissioned by SALT Cyber Security. You can also read this blog post (in Dutch) on their website at https://salt-security.com/nieuws/fully-homomorphic-encryption-de-voor-en-nadelen/.