Evaluating Homomorphic Encryption Schemes for Privacy and Security in Healthcare Data Management

Abstract

Ensuring data privacy and security in sensitive domains such as healthcare remains a critical challenge. Homomorphic Encryption (HE) offers a promising approach by enabling computations directly on encrypted data, but the diversity of available schemes requires careful evaluation before practical adoption. This work conducts a comparative study of six representative HE schemes: BGV, TFHE, Paillier, RSA without padding, BFV, and CKKS. It is adopted a five-step strategy, encompassing preprocessing, cryptographic setup, encryption, homomorphic execution, and decryption, applied to a healthcare dataset. Overall, the comparative analysis underscores that no single scheme is universally optimal. The choice of an HE scheme must be guided by the nature of the required operations, acceptable precision levels, and computational constraints of the target healthcare scenario.

1. Introduction

Data security has established itself as a critical priority, driven by the exponential growth of digital information resulting from the digitization of services and the large-scale migration to cloud computing environments [1]. Simultaneously, the rise in cyber threats has intensified the need to implement robust information protection solutions, highlighting the importance of adopting innovative technological standards.

Homomorphic Encryption (HE) [2] emerges as a promising technology that enables computational operations to be performed directly on encrypted data, eliminating the need for prior decryption [3]. This approach ensures data confidentiality during processing while preserving system functionality, making it especially relevant in healthcare, finance, and public administration [4]. Alongside HE, other emerging cryptographic approaches, such as schemes based on Learning with Errors (LWE) and optimization techniques for distributed systems, play a key role in promoting data privacy, scalability, and integrity in digital environments [5].

Unlike conventional encryption, exemplified by algorithms such as the Advanced Encryption Standard (AES) [6] and Rivest–Shamir–Adleman (RSA) [7], which require data to be decrypted before processing, thereby exposing it to potential vulnerabilities [5], HE enhances security by avoiding this critical step [4]. Furthermore, HE aligns with data protection regulations and directives such as the General Data Protection Regulation (GDPR) [8] and the Networks and Information Systems (NIS2) Directive [9], positioning itself as an innovative alternative to meet the growing security and privacy demands in digital environments [10].

By enabling arithmetic and logical operations to be performed directly on encrypted data, HE ensures confidentiality throughout the entire processing cycle [11], allowing for advanced analytics and the secure use of external computing resources without compromising information privacy [12,13].

Table 1. Classification of homomorphic encryption schemes.

Classification	Schemes
FHE	Gentry, CKKS, BGV, TFHE
PHE	RSA, Paillier, ElGamal
SWHE	BFV, BGN, BV, FV

presents the three main classifications of HE, accompanied by examples of the schemes associated with each of them:

Since the proposal of the first Fully Homomorphic Encryption (FHE) scheme by Craig Gentry in 2009 [14], several variants have been developed to balance security, efficiency, and usability. Currently, schemes such as Brakerski–Fan-Vercauteren (BFV) [15], Cheon–Kim–Kim–Song (CKKS) [16], Brakerski–Gentry–Vaikuntanathan (BGV) [17,18], and Fast Fully Homomorphic Encryption over the Torus (TFHE) [19,20], among others, are available in widely used libraries such as Microsoft SEAL [21], HElib [22,23], PALISADE [24], and TenSEAL [25,26].

This paper aims to contribute with a comparative analysis of the primary current HE implementations in terms of capabilities and performance, providing a foundation for informed decisions regarding their adoption in real-world scenarios. In this regard, we evaluated FHE [14], Partially Homomorphic Encryption (PHE) [7], and Somewhat Homomorphic Encryption (SWHE) [27] schemes. The analysis considers criteria such as the underlying mathematical model, support for arithmetic operations, computational performance, implementation complexity, and accessibility through open-source libraries.

Beyond this introductory section, this paper is organized as follows. Section 2 presents the state of the art. Section 3 describes the adopted methodology. Section 4 reports the achieved results and discusses them. Finally, Section 5 concludes the paper and presents future venues.

2. State of the Art

The application of HE techniques in healthcare systems has emerged as one of the most promising solutions for protecting sensitive medical data, enabling advanced analyses without compromising patient privacy [28,29,30]. This research area has experienced substantial growth in recent years, driven by the increasing need for compliance with data protection regulations such as the GDPR and the Health Insurance Portability and Accountability Act (HIPAA), as well as the demand for solutions that enable secure inter-institutional collaboration [31,32,33].

The recent literature reveals a clear trend toward integrating HE with other emerging technologies in the context of digital health. The authors of [28] proposed an innovative approach that combines Federated Learning (FL) with HE in Internet of Things (IoT)-based healthcare systems, demonstrating how cryptographic primitives, including masking and HE, can protect local models against reconstruction and inversion attacks. This approach proved particularly effective in the classification of skin lesions using the HAM10000 medical dataset (“Human Against Machine with 10,000 training images”) [28,34].

The work presented in [29] marks a significant advancement by employing the CKKS FHE scheme in combination with the IOTA Tangle and the Masked Authenticated Messaging (MAM) protocol to enable secure communication between patients and physicians. The results show that this approach outperforms other relevant schemes regarding overall computation time and performance, offering resistance to passive and active attacks [29].

The combination of Blockchain (BC) and HE represents one of the most significant trends in healthcare data protection. The authors of [30] proposed the HealthLock system, which uses smart contracts within the BC network to enforce access control and define data-sharing policies, allowing only authorized entities to access and utilize encrypted data. This approach generates an audit trail of all data transactions, improving both accountability and transparency [30].

The study in [35] introduced an FL framework that minimizes the role of the central server, enabling collaborative model training among healthcare organizations. At the same time, BC ensures the integrity and transparency of the process. This solution proved particularly effective in predicting heart disease, maintaining patient privacy through integrating HE with FL [35].

The CKKS scheme has gained considerable attention due to its ability to perform computations on approximate real numbers. The authors of [36] demonstrated the applicability of the CKKS scheme for mobile data security in healthcare, presenting a comprehensive analysis of parameter selection, encryption, homomorphic operations, and performance optimization techniques tailored to resource-constrained mobile devices. The study highlights the feasibility and effectiveness of the proposed approach without compromising computational efficiency [36].

The authors of [37] proposed a secure data adjustment scheme based on HE CKKS for medical IoT, achieving a 96.7% recognition accuracy on the KAGGLE-HDP dataset [38] with only three iterations, demonstrating high recognition performance and enhanced privacy protection compared to other schemes [37]. Recent research by [39] introduced FedSHE, an FL scheme with adaptive segmented CKKS-based HE, which surpasses existing HE-based research efforts in terms of model accuracy, computational efficiency, communication cost, and security level [39].

More recently, FIDESlib was introduced as an open-source library, enabling the efficient execution of the CKKS scheme, fully accelerated by Graphics Processing Units (GPU) [40]. FIDESlib supports all server-side operations (including bootstrapping) with optimization for multi-GPU environments, delivering substantially higher performance than existing alternatives. Its interoperability with the OpenFHE library facilitates adoption into existing workflows, promoting flexible integration. Tests demonstrate more than 70× acceleration in critical operations such as bootstrapping compared to prior implementations, making the practical use of HE feasible in cloud applications and performance- and privacy-sensitive services [40].

Several studies have explored the application of the BGV scheme in healthcare systems. The work presented in [41] proposed a BGV-based HE mechanism integrated with BC to ensure the confidentiality and integrity of Internet of Medical Things (IoMT) data, demonstrating both practical applicability and effectiveness in protecting sensitive health information. The BGV scheme enables efficient and secure computation on encrypted data, preserving patient privacy throughout the entire data analysis process [41].

Implementations of the BFV scheme have shown significant performance improvements through hardware acceleration. The authors of [42] presented two optimized hardware architectures designed to accelerate the encryption and decryption operations of the BFV scheme, achieving speedups of nearly 12× and 7× for encryption and decryption, respectively [42]. Similarly, the authors of [43] implemented and evaluated Residue Number System (RNS) variants of the BFV scheme, discovering that the Halevi–Polyakov–Shoup (HPS) variant [44] scales significantly better (typically 15–30%) with increasing multiplicative depth of the computation circuit compared to the Bajard–Eynard–Hasan–Zucca (BEHZ) variant [43,45].

The integration of FL with HE has emerged as a robust solution for collaborative medical data analysis. The authors of [46] examined various cryptographic techniques that enable computation on encrypted data, exploring multiple frameworks for Collaborative Learning (CL) and highlighting their potential for decentralized model training. The study presents a practical use case evaluating different Machine Learning (ML) algorithms, including K-Nearest Neighbors (KNN), Random Forest (RF), Support Vector Machine (SVM), and Logistic Regression (LR), for secure analysis of healthcare data [46].

The work in [47] explores contemporary privacy-preserving medical image analysis methods, combining big data analytics, BC technology, and advanced ML and Deep Learning (DL) models. The research emphasizes the promising role of hybrid optimization algorithms in enhancing accuracy, scalability, and system security through integrating multiple techniques [47].

The authors of [48] proposed an FL framework for medical image analysis in decentralized healthcare systems, utilizing differential privacy mechanisms, secure communication protocols, and advanced encryption techniques. Experimental results demonstrate that the method can achieve performance levels comparable to centralized models while maintaining data privacy and security, with 98.6% accuracy [48].

Effective management of cryptographic noise remains one of the main challenges in the practical implementation of HE schemes. Recent research has focused on developing optimization techniques that minimize noise accumulation while maintaining computational accuracy [49,50]. Bootstrapping, a critical noise removal process enabling arbitrary-depth computations, continues to be an active area of research due to its high computational cost [51].

Adapting HE algorithms to exploit the massive parallelism of modern GPUs has been key to making their practical application viable. In this direction, the authors of [52] introduced a GPU-accelerated and parallelized implementation of the BFV scheme by porting and optimizing core operations for CUDA execution. Their approach achieved substantial performance improvements over the Central Processing Unit (CPU)-based Simple Encrypted Arithmetic Library (SEAL) version 3.6.6, with speedups of 13.39×, 47.01×, 39.6×, and 33.71× for addition, multiplication, relinearization, and rotation, respectively [52].

The authors of [31] introduced a pipeline for Privacy-Preserving Entity Resolution (PPER) based on the Abstract Machine for Privacy-Preserving Entity Resolution Evaluation (AMPPERE) model [53], utilizing cryptographic tools such as HE to identify identical patient entities across databases from different healthcare organizations while preserving data privacy. The approach incorporates comprehensive parallelization techniques and parameters specifically optimized for patient datasets [31].

In another study, the authors of [54] presented a comprehensive framework that enables researchers to perform collaborative statistical analysis on health records while preserving privacy and ensuring security. The framework integrates privacy-preserving techniques, including secret sharing, secure multiparty computation (SMPC), and HE, within a BC based healthcare ecosystem [54].

Recent literature indicates several promising directions for future research, including the development of hybrid schemes that combine different types of HE to optimize performance for specific applications [55], the integration with Edge Computing (EC) technologies to reduce latency and improve scalability [56], and the design of frameworks that support real-time medical data analysis while maintaining strict privacy guarantees [57,58].

The growing adoption of differential privacy in conjunction with HE also represents an active area of research, offering formal privacy guarantees that complement the properties of HE [59,60]. This convergence of techniques promises more robust and practical solutions for protecting sensitive medical data in collaborative research environments.

3. Methodology

This section describes the methodology adopted to apply HE techniques to sensitive data, with the goal of evaluating their practical applicability, as well as the main challenges inherent to their implementation. All arithmetic operations were performed directly on encrypted data, ensuring complete confidentiality during processing and enabling the evaluation of performance, security, and usability across different HE schemes.

To circumvent the legal and ethical restrictions imposed by the GDPR on the use of real clinical data, a synthetic dataset representative of the healthcare domain, designated the Healthcare Dataset [61] (CSV file), was used. It was made available on the Kaggle platform [62] by Prasad Patil [63]. This dataset contains 55,500 records, each with multiple attributes relevant to the hospital context, including Name, Age, Gender, Blood Type, Medical Condition, Date of Admission, Doctor, Hospital, Insurance Provider, Billing Amount, Room Number, Admission Type, Discharge Date, Medication and Test Results.

Although the dataset is synthetic, it preserves the structure and variability of a realistic clinical dataset, ensuring representativeness for experimental evaluation purposes without compromising privacy.

Data preprocessing was carried out in Python using the Pandas library [64], version 2.3.2, and included the following steps:

• Data Loading: Importing the CSV file into a DataFrame.
• Name Normalization: Standardizing the Name column to ensure the capitalization of the first letter of each word.
• Age Validation: Verifying the consistency of the Age column.

Due to the high computational complexity associated with running HE, it was necessary to limit the sample size. Thus, only the first 100 records from the Age column were selected and exported to an unencrypted CSV file. This reduction allowed for performance and accuracy comparison tests in a controlled environment within the available computational limitations. It is important to note that in terms of representativeness, the first 100 selected records from the original dataset show good diversity and balance in the Age column, indicating an adequate distribution of the data.

For the practical experimentation, the following libraries specialized in HE were used: HElib [22,23], TFHE [19,20], PHE [65,66], PyCryptodome [67,68], and TenSEAL [25,26]. Each of these libraries supports different cryptographic schemes and offers implementations in various programming languages, as detailed in

Table 2. Homomorphic encryption libraries used.

Library Implemented Schemes	Version	Language
HElib	2.3.0	C++
BGV
TFHE	1.0.1	C++
TFHE
PHE	1.5.0	Python
Paillier
PyCryptodome	3.23.0	Python
RSA
TenSEAL	0.3.16	Python
BFV, CKKS

.

The Age column was selected because it contains integer data, making it the most suitable for performing homomorphic operations, as the employed schemes are optimized for working with integer values. The Room Number column, also consisting of integer data, would also be eligible for homomorphic operations, although it was not chosen. In contrast, the Billing Amount column, which stores floating-point values, is only compatible with homomorphic operations through the CKKS scheme, the only one analyzed that supports operations on real numbers.

All implementations were conducted in a homogeneous environment to ensure consistency in the results.

Table 3. Specifications of the experimental environment used.

Parameter	Value
Operating System	Debian GNU/Linux 12.11
Kernel	6.1.0.38-amd64
Processor	8 cores
RAM	8 GB
Storage	100 GB
C++ Version	12.2.0
Python Version	3.11.2
SQLite Version	3.40.1

shows the specifications of the experimental system used.

The experimental process was conducted uniformly across all schemes, following five common steps:

• Data Preprocessing: Selection and validation of the 100 records from the Age column.
• Cryptographic Setup: Initialization of scheme parameters (polynomial degree, modulus size, scale, etc.) and generation of the necessary keys (public, private, rotation, and relinearization, when applicable).
• Data Encryption: Conversion of the numerical values from the Age column to the format supported by each scheme and subsequent encryption.
• Execution of Homomorphic Operations: Applying the arithmetic operations supported by each library directly on the encrypted domain (addition, subtraction, multiplication, and, when possible, division).
• Decryption and Validation: Decrypting the results and comparing them with the expected plaintext results, ensuring the correctness of the operations and measuring any precision loss (particularly relevant in CKKS).

All schemes were configured to provide a security level equivalent to 128 bits, which is considered suitable for medium- to long-term sensitive applications. The choice of an intermediate value aims to balance security, avoiding a level too low that it would compromise protection, while also preventing an excessively high value that could impair the efficiency of encryption and decryption processes.

Table 4. Configuration procedure for homomorphic encryption schemes.

Scheme	Configuration Procedure
BGV	Setting the cryptographic context with security parameters; generate the secret key; prepare the auxiliary matrices for homomorphic operations.
TFHE	Set the bootstrapping parameters according to the desired security level; initialize the random number generator; generate the secret key for bootstrapping.
Paillier	Generate public and private key pair with secure key length.
RSA	Generate RSA key pair with appropriate length; extract public and private keys.
BFV	Create context with polynomial degree and modulus for plain text; generate auxiliary keys for rotation and relinearization operations.
CKKS	Create a BFV-like context by defining coefficient sizes and global scale; generate keys for rotation and relinearization.

presents the configuration procedures for the various HE schemes adopted:

Each scheme was evaluated based on the homomorphic arithmetic operations it supports. The key aspects are described below:

• BGV: Supports addition, subtraction, negation, and multiplication (both ciphertext-ciphertext and ciphertext-plaintext). It allows for rotations and level management. Division between ciphertexts is not supported.
• TFHE: Operates at the binary level, supporting NOT, AND, OR, XOR, MUX, COPY, and CONSTANT operations. Arithmetic is simulated through logical circuits on encrypted bits.
• Paillier: Supports homomorphic addition (ciphertext–ciphertext), addition with constants, and multiplication by integer constants. Multiplication between ciphertexts is not supported.
• RSA: Strictly multiplicative, allowing only for multiplication between ciphertext–ciphertext and ciphertext–constant. It does not support addition, subtraction, or division.
• BFV: Supports addition, subtraction, and multiplication (both ciphertext–ciphertext and ciphertext–constant). Division is not directly supported, except through approximations using modular inverses.
• CKKS: Supports operations with approximate real numbers, including addition, subtraction, and multiplication. Division between ciphertexts is not supported but can be achieved by multiplying by $1/k$, where k is the inverse constant.

The arithmetic operations of addition, subtraction, multiplication, and division by integer or floating-point constants were applied to the values in the Age column in accordance with the operational capabilities supported by each cryptographic scheme.

Table 5. Supported homomorphic operations by scheme.

Scheme	Addition	Subtraction	Multiplication	Division
BGV	Yes	Yes (1)	Yes	No
TFHE	Yes	Yes (1)	Yes	No (2)
Paillier	Yes	Yes (1)	No	No
RSA	No	No	Yes	No
BFV	Yes	Yes	Yes	No (3)
CKKS	Yes	Yes	Yes	No (4)

⁽¹⁾ Subtraction is implemented by adding the negation of the value. ⁽²⁾ TFHE supports approximate division via multiplication by modular inverses. ⁽³⁾ Division is not directly supported, but approximate division can be achieved using modular inverses. ⁽⁴⁾ Division between ciphertexts is not supported, but division by constants can be performed by multiplying by $1/k$.

provides a summary of the supported homomorphic operations.

The encrypted data were stored in SQLite databases in binary format (BLOB). Access to and reconstruction of the data were performed using C++ for the HElib and TFHE libraries, and Python for the remaining libraries, aiming to optimize the workflow. This included the storage and reading of encrypted data, as well as the execution of arithmetic operations on the encrypted values.

4. Results and Discussion

This section presents the achieved results from the evaluation to the HE schemes, including BGV, TFHE, Paillier, RSA without padding, BFV, and CKKS, applied to synthetic healthcare data. Key findings regarding performance and supported operations are highlighted using comparative tables.

Schemes were evaluated in terms of performance and applicability aspects. Regarding performance evaluation, average execution latency was evaluated (ms) over five independent runs for each phase (encryption, homomorphic operation, decryption), as shown in

Table 6. Average performance for 100 encrypted records.

Scheme	Encryption (ms)	Operations (ms)	Decryption (ms)	Observations
BGV	337.8	860.6	44,656.2	Scalable; suitable for integers
TFHE	29.1	2,308,697.2	1.8	Low latency; bit-wise operations
Paillier	32,408.4	1333.2	43,434.8	Lightweight; additive over integers
RSA	119.2	58.2	13,690.4	Simple; only supports multiplication
BFV	1707.5	921.2	900.4	Robust; accurate integer arithmetic
CKKS	3344.8	915.1	1182.1	Real numbers; precision error of ${10}^{-6}$

.

The first observation concerns the imbalance between the different schemes’ encryption, operation, and decryption phases. Some, such as BGV and Paillier, denoted the highest computational cost in the decryption phase, whereas others, like TFHE, perform decryption almost instantly but incur extremely high costs during intermediate operations. This behavior highlights that selecting a cryptographic scheme should not rely solely on the speed of a specific phase, but rather on the overall balance across the full usage cycle.

Another critical point is temporal consistency. BFV and CKKS, although more demanding in terms of memory usage and encryption time when compared to RSA or TFHE, demonstrate relatively stable execution times across encryption, computation, and decryption phases. This stability translates into predictability, a critical feature for clinical systems that require precise computational resource planning and guarantees of timely responses.

Based on the achieved results, the main characteristics of each scheme are presented:

• BGV supports complex operations with high precision over integers and proves scalable for large data volumes. However, it incurs significant decryption costs, representing a notable limitation in overall performance.
• TFHE is distinguished by its low latency in encryption and decryption processes and its efficient support for binary-level logical operations. Nonetheless, the computational cost of arithmetic operations is exceptionally high, limiting their use primarily to logical contexts.
• Paillier offers good efficiency for additive operations and features a relatively simple implementation, making it suitable for computations involving successive additions. Even so, the high encryption and decryption times, combined with the large ciphertext size, pose a significant constraint.
• RSA without padding is characterized by simplicity of implementation and relatively fast encryption times. However, it is limited to only supporting homomorphic multiplications, without the ability to perform additions or subtractions, significantly reducing its applicability.
• BFV ensures exact arithmetic over integers and robustly supports complex operations, providing consistent results. Nevertheless, it does not support homomorphic divisions and involves higher computational costs, particularly regarding overall performance.
• CKKS enables efficient operations on real numbers, allowing for controlled approximation results with an error margin around ${10}^{-6}$. This scheme stands out for its flexibility in handling decimal values, although results are not exact and require careful precision management.

Table 7. Schemes’ advantages and limitations.

Scheme	Advantages	Limitations
BGV	Supports complex operations; accurate integer computation	High decryption cost; requires careful selection of parameters
TFHE	Fast logical operations; efficient bootstrapping	Inefficient for extensive arithmetic (e.g. repeated multiplications)
Paillier	Efficient homomorphic addition; simple implementation	Limited to positive integers; large ciphertext size
RSA	Lightweight homomorphic multiplication; fast encryption	Does not support homomorphic addition or subtraction
BFV	Exact arithmetic on integers; supports complex operations	No homomorphic division; high computational overhead
CKKS	Efficient approximate real-number operations; controlled error	Inexact results; requires precision management

highlights the proposed homomorphic operations’ practical advantages and limitations.

Comparative evaluation of HE schemes shows that there is no universal solution. The selection of an appropriate scheme always depends on the specific requirements of the application context, particularly regarding the types of arithmetic operations supported, the expected performance, the acceptable level of precision, and the required security guarantees. These aspects are the main criteria for analysis and provide the foundation for discussing the observed trends and the challenges associated with the practical adoption of each scheme. According to the achieved results, the following features are discussed:

• Performance:

  –

  BGV and BFV show relatively balanced operation times, but BGV suffers from an extremely costly decryption phase.

  –

  CKKS demonstrates good efficiency for approximate numerical operations, with moderate times across encryption, operations, and decryption.

  –

  TFHE stands out with near-instant encryption and decryption, but its homomorphic operations are by far the most expensive, exceeding 2 million ms, which severely limits practical scalability.

  –

  Paillier suffers from very slow encryption and decryption, although additive operations are faster than BGV’s.

  –

  RSA achieves extremely fast operations and efficient encryption, yet its high decryption cost restricts applicability in large-scale workloads.

• Precision:

  –

  BGV, BFV, and Paillier offer exact precision over integers, making them suitable for scenarios where numerical accuracy cannot be compromised.

  –

  CKKS operates on real numbers through approximations, with a controlled error of ${10}^{-6}$, providing a trade-off between performance and flexibility but requiring careful precision management.

  –

  TFHE works at the binary level, ensuring exactness for logical operations, although the high computational overhead limits scalability.

  –

  RSA, due to its restriction to integer multiplications, also guarantees exactness, but with minimal functional scope.

• Integration Complexity:

  –

  Libraries such as HElib (BGV), TenSEAL (BFV/CKKS), and TFHE provide robust APIs, but integration remains demanding, especially regarding proper parameterization to control noise and balance performance.

  –

  Paillier and RSA stand out for their implementation simplicity and lower learning curve, though this comes at the cost of functional limitations.

  –

  Key management and parameter tuning remain significant technical barriers, particularly for noise-based schemes (BGV, BFV, CKKS).

• Security:

  –

  The modern schemes evaluated (BGV, BFV, CKKS, TFHE, Paillier) demonstrated in the tests the ability to preserve data confidentiality throughout the entire encryption, processing, and decryption cycle, in line with what is reported in the literature.

  –

  RSA without padding, on the other hand, although included for comparative purposes, presents well-known security limitations and should therefore be considered only in academic or experimental contexts.

Supported by the experimental results and literature review, the operational limitations regarding the applicability of HE schemes on scenarios involving sensitive data are now discussed.

• BGV should be considered in scenarios requiring exact arithmetic operations on integers, such as financial calculations or categorical data processing. While it provides efficient support for this type of computation, its decryption cost makes it more suitable for scenarios where results can be processed in batches, rather than interactive or real-time applications.
• TFHE is recommended for systems that rely on conditional decisions, secure authentication, or fast logical checks, such as access control to encrypted databases, policy validation, or authorization mechanisms. However, its inefficiency in extensive arithmetic computations limits its applicability in statistical analysis or machine learning contexts.
• Paillier is well suited to applications dominated by frequent additive operations, such as aggregation of financial metrics, service usage statistics, or administrative records totals. Nevertheless, its high initial encryption overhead can be prohibitive in scenarios involving continuous data flows or real-time encryption demands.
• RSA without padding should be reserved for academic or proof-of-concept contexts, given its limited functional scope and known security risks. Although it can be efficient and straightforward in certain phases, its deployment in production is not recommended, except in highly controlled or experimental environments.
• BFV is a robust choice for applications requiring exact integer arithmetic, such as validating critical financial calculations, resource management, or compliance audits, where error cannot be tolerated. However, its computational overhead must be carefully considered in scenarios involving high transaction volumes or real-time response requirements.
• CKKS is well-suited for applications involving operations on real numbers, such as statistical analysis, machine learning, and continuous data processing, where a controlled margin of error is acceptable. It is particularly recommended for large-scale data exploration tasks, enabling approximate analyses without compromising the confidentiality of sensitive data.

5. Conclusions

This work evaluated different HE schemes aiming to protect data privacy over computations. The main contribution resulted in a comparative and practical analysis of libraries implementing HE schemes, helping engineers and practitioners. The schemes considered, including BGV, TFHE, Paillier, RSA without padding, BFV, and CKKS, were evaluated in terms of their advantages and limitations regarding supported operations, computational costs, and integration complexity.

The results highlight the trade-offs between performance and suitability for different operations. BFV and CKKS denoted consistency across distinct scenarios. BFV proved to be robust for arithmetic operations requiring exact computation on integers. CKKS showed greater suitability for processing real numbers, where controlled approximation with limited error is acceptable. BGV also excelled in exact integer computation, but its more costly decryption and the need for careful parameterization limit its practical applicability. TFHE exhibited low encryption and decryption latency and high efficiency in logical operations and comparisons, although the computational overhead in arithmetic operations restricts its scalability. Paillier emerged as a simple and effective solution for additive operations, but it suffers from high encryption and decryption latency. RSA, limited to multiplications, proved quite restrictive and only suitable for specific or experimental use cases. Results illustrate that different HE schemes have distinct strengths and limitations, confirming the technology’s potential while highlighting relevant challenges related to performance optimization, noise management, and streamlining parameterization.

In the future, we aim to overcome the limitations of this work by offering more robust guidelines for practical HE adoption across different scenarios. In this regard, the length and complexity of the dataset and homomorphic operations can be increased. For example, extending experiments to larger datasets (e.g., ranging from 100 to 1k, 10k, and 100k records) will allow for the assessment of scheme scalability. Also, considering other dataset attributes in the dataset can contribute to understanding the applicability of HE in more complex scenarios. Increasing computational resources will help assess schemes performance and scalability in the future. Finally, future work can consider evaluating parameter sensitivity regarding noise growth and cost models for bootstrapping.