A Guide to Fully Homomorphic Encryption
I've spent one year at 0xPARC building a performant, production-grade fully homomorphic encryption (FHE) library from the ground up. As a way to wrap up my time at 0xPARC and pass on what I've learned to the next generation of FHE builders (LLMs included!), I made this guide. It's written with a variety of archetypes in mind, from founders who want to build with our library and engineers who want a deeper understanding of the underlying mathematics, to interns, researchers, and cryptographers who will work on the system itself — or, more broadly, anyone curious about what 0xPARC does.
Depending on what you're here for, different parts will be more useful:
- If you want to know what 0xPARC is about or what FHE is at a high level, read Part 1.
- If you want to use our system to build something, read Part 2.
- If you want to know every last detail of how CKKS (a specific instantiation of FHE) works at a technical level, read Part 3.
- If you like compilers or GPU engineering, read Part 4.
- If you're a security engineer wondering whether our system is secure, read Part 5.
- If you want to know how 0xPARC is thinking about FHE, read Part 6.
Today, the technical content on FHE is scattered across ePrint papers and GitHub codebases. What writing exists tends toward two extremes: high-level surveys that don't explain any details, or deep dives into a single optimization. This guide aims to fill the gap: it is the first full-stack explanation of how FHE works end-to-end, and how the resulting system manages to be genuinely fast. I hope it plays some part in bringing more people into the FHE world.
How to read this guide
Two conventions show up throughout this guide: lies and exercises.
Lies: for ease of understanding, the text occasionally tells little lies. Lies are marked with a dotted underline like this; hover (or tap on mobile) to see the real story.
Exercises: the text also drops in short exercises, rendered inline as tinted boxes like the one below. They're designed to slow you down and make sure you're understanding the material.
Contents
Note: CKKS is just one specific instantiation of FHE; Section 1.2 surveys the broader landscape of FHE schemes, and Part 2 explains why we chose to build CKKS.
Other resources
In addition to this guide, here are some existing resources for learning about CKKS.
- OpenMined's “CKKS explained” series (2020) covers CKKS specifically and is great for beginners: it implements the basic operations from scratch, but doesn't cover any optimizations or bootstrapping.
- Ronny Ko's The Beginner's Textbook for Fully Homomorphic Encryption (2025) is a general FHE textbook, very thorough on the mathematics. It assumes little background, building up modular arithmetic and rings from scratch, and covers many schemes, but it does not get into any optimizations.
- Jeremy Kun's high-level technical overview (2024) is a general survey of FHE, but it mostly stays at the API level and does not cover how the pieces are implemented.
- Marcolla et al.'s survey (2022) is a thorough but theory-heavy survey of FHE in general.
- OpenFHE's documentation (2022) is a good place to learn by reading a production FHE library that covers CKKS among other schemes, though it reads like codebase documentation rather than an exposition.
Each of these is great, and each strikes its own balance between depth and breadth. This guide is meant to complement them by doing three things that none of the above do: explain CKKS with all of its optimizations in mind, show how everything is actually built in practice, and explain how real programs are built with CKKS. The goal of this guide is to convince you not just that CKKS is possible, but that it is performant.
Please email hello@holdenmui.com for comments and/or corrections!