Computing on Encrypted Data (COED)

• COED is a set of cryptographic and system techniques that enable computations directly on encrypted data, preserving confidentiality in untrusted environments.
• It employs methods like homomorphic encryption, secure multi-party computation, and trusted hardware to perform complex data analytics without decryption.
• COED systems balance efficiency, accuracy, and security, enabling privacy-preserving applications in machine learning, big data search, and quantum computing.

Computing on Encrypted Data (COED) refers to a broad class of cryptographic and system methodologies enabling computation and data analysis on data that remains encrypted during processing, ensuring confidentiality even in the presence of an untrusted or adversarial computing environment. COED spans symmetric- and asymmetric-key cryptosystems, classical and quantum settings, homomorphic encryption (HE), secure multi-party computation (MPC), trusted hardware, compiler-based obfuscation, and specialized hardware accelerators. This article surveys the foundational schemes, system architectures, security trade-offs, and recent advances that shape the field.

1. Core Cryptographic Paradigms for COED

The principal cryptographic primitive in COED is homomorphic encryption, which allows specific or arbitrary functions to be evaluated on ciphertexts such that decryption yields the result as if the operation were performed on plaintexts. Homomorphic encryption schemes can be classified according to their functional expressiveness and efficiency:

• Partially Homomorphic Encryption (PHE): Supports only a single operation (addition or multiplication) over ciphertexts, e.g., RSA (multiplicative), Paillier (additive) (Grimaldi, 17 Sep 2025).
• Somewhat Homomorphic Encryption (SHE): Enables limited-depth circuits (bounded number of operations) before decryption fails due to noise growth.
• Fully Homomorphic Encryption (FHE): Allows circuits of arbitrary depth by incorporating a bootstrapping (noise-refresh) procedure, as in the schemes based on Learning With Errors (LWE) or Ring-LWE (Grimaldi, 17 Sep 2025).

COED also encompasses:

• Code-based and Polynomial-based Schemes: Leveraging evaluation codes (e.g., Reed–Muller, Reed–Solomon) and algebraic techniques for exact or somewhat homomorphic operations with varying noise behavior (Grimaldi, 17 Sep 2025).
• Quantum Homomorphic Encryption and Blind Quantum Computation: Achieve information-theoretic security through protocols that use quantum one-time pads, magic-state gadgets, and measurement-based (MBQC) or continuous-variable (CV) frameworks (Fisher et al., 2013, Marshall et al., 2016, Joshi et al., 26 Aug 2025).

In contrast, secure multi-party computation (MPC) protocols rely on secret-sharing and distributed protocols enabling joint computation without any single party accessing the plaintext, a method widely integrated with COED approaches in applications such as privacy-preserving analytics (Kenhove et al., 5 Jan 2026).

2. System Architectures and Trusted Computing Approaches

COED architectures instantiate cryptographic primitives in practical systems while addressing the challenges of trust and performance.

• Software-Only FHE: Powers privacy-preserving inference and analytics, as shown by GPU-accelerated homomorphic neural networks achieving high throughput for MNIST and CIFAR-10, with secure parameter choices and polynomial activation approximations (Badawi et al., 2018).
• Trusted Execution Environments (TEEs): Hybrid designs such as TEEFHE offload the computational bottleneck of bootstrapping to secure enclaves (e.g., Intel SGX), which reduces key size and memory requirements while mitigating side-channel leakage through constant-time memory access patterns (Wang et al., 2019).
• Encrypted Computing Processors: Architectures such as the FxA-ISA allow user-mode code to execute entirely in the encrypted domain. Compiling to randomized offsets for every value and recompilation produces equiprobable encrypted traces, establishing cryptographic semantic security against an insider adversary (Breuer, 2021, Breuer, 2019).
• Confidential Hardware and Memory Hierarchies: Systems like EDAP place cryptographic engines between processor caches, integrating multi-level key protection to maintain data confidentiality, authenticity, and freshness even when system software is untrusted. Simulated overheads of such approaches are as low as 6% (Tseng et al., 2021).
• Edge and Cloud Processing for COED: Frameworks such as MOZAIK combine cloud-scale FHE and MPC with edge intelligence for user-centric, privacy-preserving data search and analytics across encrypted big data (Ahmad et al., 2019, Kenhove et al., 5 Jan 2026).

3. Security Guarantees, Noise and Exactness, and Trade-Offs

The security properties and computational exactness of COED techniques are fundamentally constrained by both cryptographic assumptions and algorithmic design:

• Security Reductions: LWE/RLWE-based FHE schemes reduce semantic security to worst-case lattice problems, while code-based and polynomial-based systems depend on syndrome decoding or ideal rank-metric assumptions (Grimaldi, 17 Sep 2025). Quantum protocols guarantee information-theoretic privacy due to the indistinguishability of encrypted quantum states (Fisher et al., 2013, Marshall et al., 2016).
• Noise Management: Most FHE schemes introduce ciphertext "noise" that increases with each operation; correct decryption is possible only if accumulated noise remains below a threshold set by the modulus and plaintext scaling parameter. Bootstrapping or modulus-switching are used to reset or manage the noise budget (Grimaldi, 17 Sep 2025, Khan et al., 2023). Polynomial-based and certain quantum schemes (e.g., EHE or CV-based quantum COED) achieve exactness due to invertibility and lack of accumulated noise, thus eliminating the need for bootstrapping (Su et al., 2024, Marshall et al., 2016).
• Functional Accuracy vs. Efficiency: Some COED systems trade off computational expressiveness for efficiency. For neural networks derived from plaintext architectures, polynomial activations (e.g., squares) are favored for depth control and performance at some accuracy loss compared to nonlinearities like ReLU (Badawi et al., 2018). Multi-party computation and hybrid architectures achieve lower latency at the cost of potential functional restrictions or additional trust assumptions (Kenhove et al., 5 Jan 2026, Ahmad et al., 2019).
• Quantum-Resilient and Information-Theoretic Security: Classic FHE achieves only computational security, which is threatened by quantum attacks; in contrast, "hyper-quantum-resilient" schemes such as EHE (using noncommutative, invertible gate sequences) achieve combinatorial keyspace sizes that far exceed quantum brute-force limits (Su et al., 2024).

4. Compiler, Obfuscation, and Programming Techniques

A significant branch of COED research addresses the transformation of programming languages and data structures for execution in encrypted or obfuscated domains.

• Obfuscating Compilation for Encrypted Computing: Compilers generate machine code with fresh per-location offsets on every recompilation, ensuring the encrypted trace space achieves maximal entropy. Each arithmetic write is assigned a new random offset; semantic security holds as the adversary's view is consistent with all possible plaintext assignments under the constraints of the control/data-flow (Breuer, 2019, Breuer, 2021).
• Data Flow Authentication (DFAuth): DFAuth enforces the correctness of control-flow and decryption by embedding authenticated labels into ciphertexts. Only computations that follow the original program's data-flow graph can be decrypted, preventing adversarial alteration of the computational path. The approach achieves strong data confidentiality even against active cloud adversaries and extends to programs with dynamic control based on encrypted data (Fischer et al., 2017).
• Operator and Circuit Obfuscation: Encrypted Operator Computing (EOC) constructs an obfuscated reversible logic circuit using a two-stage NC1 cipher (linear + nonlinear tree-structured reversible gates). Each operator is released as a collection of OBDDs (ordered binary decision diagrams), a form of best-possible obfuscation that releases only the input-output map and hides the actual implementation (Chamon et al., 2022).

5. Hardware Acceleration and Performance Engineering

The computational overhead of COED, particularly FHE and GC, drives significant research into architecture design and hardware-software co-optimization:

• High-Performance FHE Accelerators: Dedicated FPGA platforms such as Medha and ASIC/FPGA designs like HEAX exploit parallelism at ciphertext, residue (RNS), and coefficient levels via parallel NTT engines, pipelined modular multipliers, and memory-optimized layouts. Reported speedups for key FHE routines (e.g., key-switching, mult+relinearization) are 68–268× over optimized software baselines (Mert et al., 2022, Riazi et al., 2019).
• In-Memory Computing (IMC) for COED: PPIMCE tightly integrates on-SRAM compute primitives for CKKS-based HE and garbled-circuit (GC) backends. By scheduling all polynomial arithmetic and Boolean logic inside memory arrays, it reduces data movement and achieves demonstration-level 1,500× (HE) and 107× (GC) speedups over CPU implementations. End-to-end PPML inference times on benchmarks (e.g., ResNet-20/CIFAR-10) are orders of magnitude faster than previous ASIC or CPU/GPU solutions (Geng et al., 2023).
• Edge and Distributed Processing: User-centric search, pruning, and streaming analytics exploit locality at the edge to minimize latency and database traversal costs while maintaining encrypted-document security, as exemplified by dynamic abstract sampling and Markovian search prediction (Ahmad et al., 2019). In distributed settings (e.g., MOZAIK), the combination of MPC and FHE allows flexible trade-off between latency, throughput, and adversarial tolerance across heterogeneous environments (Kenhove et al., 5 Jan 2026).

6. Quantum Computing on Encrypted Data

Quantum COED protocols implement universal quantum computation while maintaining input and computation privacy:

• Discrete-Variable Protocols: The quantum one-time pad, combined with gadget-based implementations for non-Clifford gates (e.g., the T gate via magic-state gadgets), achieves universal and statistically blind quantum computation with only a constant-factor overhead compared to classical FHE's super-polynomial overhead. Information-theoretic security is established by the impossibility of distinguishing encrypted states for the server (Fisher et al., 2013).
• Continuous-Variable Schemes: CV protocols utilize random displacement in phase space, with client-side “masking” followed by server-side Gaussian operations. Computations are exact for Gaussian operations, with correction operators managed entirely by the client, and only minimal interaction is required for non-Gaussian gates (Marshall et al., 2016).
• Recent Developments in Blind Quantum Computation: Protocols exploiting native Rz(θ) gates achieve $O(\log_2^2(\pi/\epsilon))$ interaction complexity for high-precision gates, far outperforming Solovay–Kitaev-based constructions for universal computation privacy in NISQ-era devices (Joshi et al., 26 Aug 2025).
• Practical Implementations and Challenges: Simulations on noisy hardware and adaptation to real quantum chips underline the challenge of decoherence and gate error rates relative to practical COED tasks, motivating continued advances in circuit optimization and fault tolerance (Čepaitė, 2022).

7. Applications and Challenges in Large-Scale and Real-World Systems

COED underpins a spectrum of privacy-preserving applications:

• Privacy-Preserving Machine Learning: HCNN demonstrates efficient evaluation of deep CNNs on encrypted batches with minimal accuracy loss (Badawi et al., 2018). PPIMCE and analogous systems combine HE and GC to accelerate privacy-preserving inference with communication-computation trade-off analysis (Geng et al., 2023).
• Encrypted Big Data Search and Analytics: Edge-enhanced SSE and MPC/FHE-based IoT analytics platforms ensure data confidentiality throughout the data lifecycle, scaling to high-throughput cloud and edge deployments (Ahmad et al., 2019, Kenhove et al., 5 Jan 2026).
• Scientific Computation: CKKS-based FHE supports approximate but precise-enough encrypted matrix operations, with negligible accuracy loss in real-world regression tasks (Khan et al., 2023).
• Regulatory and Cloud Security Compliance: Hardware and system-level approaches provide "zero-trust" guarantees—protecting against operator/OS access and supporting confidentiality, integrity, and freshness in cloud and hybrid settings (Tseng et al., 2021).

Open challenges include noise management for deep circuits, further reducing performance overhead, establishing tight security proofs (e.g., for leakage in SSE and hybrid schemes), and bridging efficient quantum-secure designs with practical implementations. The COED research landscape continues to evolve, balancing algorithmic advances, hardware engineering, formal security analysis, and real-world deployment constraints.