About CKKS bootstrapping

JoeRaft · October 7, 2025, 8:52pm

Hello everyone, this is my first post over here and I would like to ask for a confirmation, hope it is not off-topic.

I know that – e.g. in FHEW-like – the bootstrapping requires an encryption of the secret key. Nevertheless, I am going through some CKKS bootstrapping papers and it seems like here such material is not required. Is my understanding correct that the setup of the bootstrapping run during the construction of the context simply generated the automorphism keys required for the CtoS and StoC procedures?

Is it also correct that Enc(sk) is not required in CKKS bootstrapping? I wonder that this happens as usually sk is required to get rid of the error, while in CKKS the error = the message. So I am just asking as a confirmation.

Thank you in advance

jdumezy · October 8, 2025, 12:42pm

Yes, your understanding is correct. Standard CKKS bootstrapping does not require an encryption of the secret key, unlike TFHE-like schemes. The fundamental difference is the goal of the bootstrapping procedure in each scheme:

In TFHE-like schemes, bootstrapping works by homomorphically evaluating the decryption function itself. The goal is to directly reduce the noise in the ciphertext. This operation fundamentally requires a bootstrapping key, which is an encrypted version of the secret key.
In standard CKKS, bootstrapping is a procedure to refresh a ciphertext to regain multiplicative depth. This process relies on a clever series of transformations, including \textsf{CtoS} and \textsf{StoC}, which are enabled by automorphism keys.

It’s worth noting that while an encryption of the secret key is not used for bootstrapping, standard CKKS operations (multiplication, rotation) do require other key material.

Finally, the SHIP paper has explored evaluating the decryption function in CKKS, which then does require special encryptions of the secret key. However, this is not the approach used in standard CKKS bootstrapping.

ypolyakov · October 8, 2025, 5:55pm

I do want to reiterate on what @jdumezy mentioned. While we do not explicitly evaluate the inner product involving the encryption of secret key during CKKS bootstrapping (this is done implicitly without using an encryption of the secret key), multiplications and rotations still require encryptions of transformed secret key, e.g., a square of the secret key or its automorphism. So the more comprehensive answer to you question is that while the encryption of the secret key is not needed, encryptions of related key material are still needed.

Topic		Replies	Views
Does CKKS support Key Dependent Messages? FHE Questions	2	359	November 21, 2022
What is the CKKS bootstrapping algorithm in openfhe? FHE Questions	1	116	January 10, 2025
[CKKS] Relations between bootstrapping, noise and precision FHE Questions questions , openfhe-help	5	271	August 15, 2024
Distributed / Multiparty Bootstrapping Library Questions	9	661	October 22, 2022
Transciphering with CKKS Library Questions	1	90	July 8, 2024

About CKKS bootstrapping

Related topics