Fully homomorphic encryption and the dawn of a private internet

Original Article ↗ Hacker News Discussion ↗

Performance and scalability limits

  • Many commenters argue current and foreseeable FHE is orders of magnitude slower (often cited ~1000×, possibly far worse) than plaintext due to bootstrapping and huge ciphertexts.
  • Even without bootstrapping, ciphertext blowup (often ~10³× larger) implies massive extra memory bandwidth and compute that hardware advances alone are unlikely to erase.
  • Latency impacts are framed as unacceptable for most user-facing tasks (e.g., milliseconds → seconds/minutes; 30s → hours).

Search, databases, and index problems

  • Fully private search over large indexes is highlighted as especially hard:
    • Naively, encrypted-key search is O(n) instead of O(log n); recent PIR-style schemes with polylog(n) queries require extreme preprocessing and storage blowups (petabytes for modest DBs).
    • For “FHE Google,” either the server must encrypt huge indexes per client or do near-linear work per query, both viewed as impractical.
  • Some systems mix FHE/PIR with partial leakage (e.g., hashed prefixes, subsets, anonymous networks), trading strict privacy for performance.

Use cases and economics

  • Strong consensus: generic “private internet” via FHE is not economically viable soon. A privacy‑first Google‑scale service would be vastly more expensive and far slower; few users would pay enough.
  • People often prefer free, data‑harvesting services; privacy‑preserving alternatives already exist but remain niche.
  • FHE is seen as promising for narrow, high‑value, low‑throughput tasks: finance, regulated data sharing, some medical or government/military computations, “data owner vs model owner” scenarios.

Alternatives to FHE

  • Confidential computing (TEEs: SGX/TDX/SEV/ARM TEE) is repeatedly described as the only realistic way to do private LLM inference and many cloud workloads, despite hardware‑trust issues and past breaks.
  • Specialized searchable encryption and PIR schemes can give near‑plaintext search performance for specific patterns, with FHE reserved for small filtered subsets.
  • Self‑hosting and encrypted backups are presented as a simpler, cheaper privacy route for many personal data uses.

How FHE works & security nuances

  • Multiple explanations outline homomorphism: operations on ciphertext correspond to operations on plaintext, enabling arbitrary circuits via additions/multiplications.
  • Some struggle with the intuition that “being able to compute means weaker encryption”; others note:
    • FHE is malleable (not NM‑CCA2) but can still be IND‑CPA/semantically secure.
    • Computation may leak allowed structure (e.g., which operations were run) but not plaintext, and “circuit privacy” research aims to hide even that.

Privacy, incentives, and politics

  • Commenters doubt big providers will voluntarily adopt FHE that blocks data harvesting without strong regulation or market pressure.
  • Governments may resist or demand backdoors; export controls and surveillance incentives are seen as major non‑technical obstacles.