Privcompute

PythonOpenFHETenSEALFHE

The Problem

You have sensitive data — medical records, financial transactions, personal metrics — and you need someone else to compute on it. Maybe it's a cloud provider running analytics, or an AI model processing your inputs. The catch: you don't trust them with the plaintext. Traditional encryption forces a choice — decrypt to compute, or don't compute at all.

Fully Homomorphic Encryption (FHE) eliminates that tradeoff. It lets you perform arithmetic on encrypted data, producing encrypted results that only you can decrypt. The compute provider never sees your values, your schema, or your results. Privcompute makes this practical by wrapping the complexity of FHE into a simple CLI.

How It Works

The workflow maps directly to the FHE lifecycle:

  1. priv init — generate BFV keypairs (public key for encryption, private key for decryption, evaluation key for homomorphic ops)
  2. priv encrypt — read a CSV file and encrypt integer columns into ciphertexts, packaged as .priv artifacts
  3. priv run — perform homomorphic addition on the encrypted data, without ever decrypting
  4. priv decrypt — decrypt the results using your private key
  5. priv explain — get a human-readable summary of what happened

Each .priv artifact is a ZIP file containing a manifest.json and serialized ciphertext binaries — portable, inspectable, and machine-readable.

Multi-Backend Architecture

Privcompute abstracts over multiple FHE libraries through a unified interface. The same commands work regardless of which backend is active:

  • OpenFHE — the reference C++ implementation with Python bindings via pybind11. Maximum control over parameters and noise budgets.
  • TenSEAL — pip-installable Python library built on Microsoft SEAL. Easier to set up, slightly different performance characteristics.

The router picks the right backend based on configuration, and cross-backend parity tests ensure consistent results. This matters because FHE parameter selection is notoriously finicky — different libraries handle noise growth differently, and privcompute shields you from those details.

Performance

On an Apple M3 Pro, encrypting and summing 100 rows across 4 integer columns takes approximately 69ms end-to-end. The BFV scheme (used exclusively in v1) handles exact integer arithmetic — no floating-point approximation errors. CKKS support for approximate arithmetic is planned.

Tech Stack

Built with Python and Click for the CLI, Pydantic for schema validation, and PyYAML for configuration. All output supports --json for machine consumption, with structured error codes for programmatic handling.