Home > Cryptography, HElib > Guide to HElib (#2)

Guide to HElib (#2)

Setting up the Context

HElib requires that you setup a context using the FHEcontext class to get things going. This stores all the parameters, etc needed for other tasks you will want to perform (key generation, encryption, decryption, homomorphic operations). I’ve been doing this in my code as follows:

long p=101;
long r=1;
long L=4;
long c=2;
long k=80;
long s=0;
long d=0;
long w=64;
long m = FindM(k, L, c, p, d, s, 0);

FHEcontext context(m,p,r);

I explained the parameters in my last post so I won’t go into much detail. The FindM function is something new. I’m not going to go into the details of it (as I’m still trying to understand it all), but basically it will find a valid value for m given the specified values. In addition to setting up the context, we also need to build the modulus chain (this is what recent versions of BGV use to avoid bootstrapping). We also need a value G which is the monic polynomial used in constructing the ring BGV works in:

buildModChain(context, L, c);
G = context.alMod.getFactorsOverZZ()[0];

Key Generation

Once you have all this setup, generating public and private keys in HElib is pretty easy:

FHESecKey secretKey(context);
const FHEPubKey& publicKey = secretKey;

The value w is the hamming weight to use in key generation (see appendix B of GHS12 for an explanation).

Encryption and Decryption

Now that we have the key pair established, we can encrypt and decrypt. HElib uses the EncryptedArray class for data movement, so make sure you #include <EncryptedArray.h>.  Then create an encrypted array as:

EncryptedArray ea(context, G);

We then use a PlaintextArray to represent a plaintext. The documentation shows all the various ways this can be done. I’m going to show a simple (yet inefficient) way to encrypt a single value:

Ctxt c(publicKey);
PlaintextArray p(ea);
ea.encrypt(c, publicKey, p);

This will encrypt the number 5 and store it in c. Decryption is very simple too:

PlaintextArray p_decrypted(ea);
ea.decrypt(c, secretKey, p_decrypted);


The reason for using a PlaintextArray is that BGV supports what is being called SIMD (single-instruction, multiple-data) operations. To understand this, consider a simple example. Say we have 20 pairs of numbers (a1,b1) to (a20, b20) and we want to multiply each pair together to get c1…c20. Clearly this can be done by computing (a1*b1), (a2*b2), and so on. BGV, however, will allow us to store all a1…a20 in a single ciphertext (say a) and all b1…b20 in a single ciphertext (say b). Then we only need to compute c=a*b. When we decrypt c we can access c1…c20. Thus a single multiplication can actually multiply many values at once.

Homomorphic Operations

The ciphertext values are stored in instances of Ctxt. Take a look at that class’s documentation to see the supported operations. The most basic are overloads of operator+=operator-=, and operator*=. Using those you can operate on the ciphertexts to compute functions. You should be able to do as many additions and subtractions as you want. If, however, you do too many multiplications on the same ciphertext value, the ciphertext becomes too noisy to decrypt. More on that in the next post.

  1. George
    June 5, 2013 at 4:51 am

    Dear pwnhome,

    could you please post a full code for this example (or just a link to the cpp-file) and the command to compile it with? I would really appreciate it!


    • pwnhome
      June 5, 2013 at 6:41 am


      In post #3 I plan to detail a simple app I’ve been working on that uses HElib. In that one, I’ll put up the source. I’m hoping to put out that post next week.

  2. George
    June 6, 2013 at 1:37 am

    Dear pwnhome,

    that would be really nice, I am really looking forward to it!

  3. Stefania
    June 10, 2013 at 2:23 am

    Dear pwnhome,
    thank you very much for the posts, your explanations are very useful! I’m waiting the post #3 too!
    Best regards


  4. George
    June 17, 2013 at 1:27 am

    Dear pwnhome,

    any news on the next post about HElib so far?

    • pwnhome
      June 17, 2013 at 4:43 am

      Yeah, delayed some. Having problems figuring out ciphertext relinearization. Relinearization allows us to perform multiple multiplications.

    • pwnhome
      June 19, 2013 at 5:57 am

      FYI, finally got #3 up. Sorry for the delay. I hope it helps!

  5. Stefania
    June 23, 2013 at 7:34 am

    Thank you very much! Well done, a very good job!

  6. kasmire
    November 7, 2013 at 9:21 am

    hello pwnhome thank you for the example. Just quick question is it possible to print the encrypted cipher text before decrypting it? thanks

  7. November 27, 2013 at 10:18 pm

    Have you ever thought about including a little bit more than just your articles? I mean, what you say is fundamental and everything. Nevertheless think of if you added some great visuals or video clips to give your posts more, “pop”! Your content is excellent but with images and videos, this blog could certainly be one of the most beneficial in its niche. Terrific blog!|
    Michael Kors Outlet online store http://www.demigraphics.com/

  8. June 6, 2016 at 12:15 pm

    Does the encode function on p.encode(5) still works? I think NewPlaintextArray is introduced and its changed a little.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: