The next step in homomorphic encryption for Linux on IBM Z and LinuxONE

By and Rohit Panjala | 3 minute read | October 5, 2021

101 billion. That’s the number of data records compromised in 20201. This made 2020 a record-breaking year for data breaches – the cost per breach also hitting a record high with an average of $4.24 million per incident2.

Modern cryptography has enabled sensitive data to be encrypted at rest and in transit – table stakes for the encryption world. The more challenging area to address is encrypting data while it is in use or being processed in memory. Whether it’s a third party, like a cloud service provider, or your own employee that is processing the data, data in this state can be particularly vulnerable because it must be decrypted to be processed. This missing link of end-to-end encryption can create a window of vulnerability for hackers to exploit and steal data.

Fully Homomorphic Encryption (FHE) is an emerging security technology that allows computations to be performed directly on encrypted data without decrypting it, marking a new paradigm shift for data security. FHE can help support a zero trust strategy by keeping your data, the models that process the data (typically hosted in a cloud or third-party environment) and the results generated encrypted; only the data owner has access to the private key and has the privilege to decrypt. This advanced security approach can help protect your data against external attacks, insider threats stealing intellectual property intentionally or inadvertently and can help provide long-term data protection against quantum attacks.

What’s new?

Last year, we introduced FHE to Linux on Z with our FHE Toolkit. Today, we are announcing the availability of the next evolution of the FHE Toolkit called IBM HElayers3, a software development kit (SDK) for the practical and efficient execution of encrypted workloads using fully homomorphic encrypted data. HElayers is designed to enable application developers and data scientists to seamlessly apply advanced privacy preserving techniques without requiring specialized skills in cryptography – all while working in newly integrated Python and C++ environments. The images for the Python and C++ kits are provided under a community edition license for non-commercial use. Customers who want to access advanced features and plan for commercial-grade deployment using HElayers can engage through the Premium Edition Program by contacting the IBM FHE team at

HElayers is engineered to support a wide selection of analytics such as linear regression, logistic regression, and neural networks so that application developers and data scientists can use the power of FHE. It is delivered as an open platform that is capable of using the latest FHE schemes and libraries and ships with a multitude of tutorials and sample applications that highlight the basics of FHE and how to use this technology in a practical way. Sample applications include credit card fraud detection, encrypted database search, text classification, and various examples from the healthcare industry.

Try it for yourself

It seems daily that we see news about data breaches and inadvertent disclosures of information. In a real sense, data privacy has gone from something discussed in a company boardroom to something that is now discussed at the dinner table with family and friends. Today, our goal is to make HElayers accessible to anyone with an internet connection. Try HElayers for yourself including tutorials, sample applications and documentation for Linux on Z by downloading the images from Docker Hub using the following links:

Take a look at our in-depth walkthrough video on how to download and get started with HElayers.

>> To help us create the best possible offering tailored to your needs, please provide feedback by taking the HElayers Experience Survey.

[1] Canalys Cybersecurity Investment 2020 Link:
[2] The 2021 Cost of a Data Breach Report, Sponsored by IBM
[3] FHE requires the IBM HElayers software development kit for the software-based execution of encrypted demos and tutorials on multiple architectures including Linux on IBM Z, IBM LinuxONE and x86. IBM HElayers is recommended for non-production use on IBM Z and IBM LinuxONE until performance is improved to suit production-ready use cases.