FHE Standardization: The Enterprise Guide to ISO and NIST

Introduction: From Mathematical Theory to Industry Consensus

To better understand the evolving landscape of Fully Homomorphic Encryption (FHE) standardization, we spoke with Dr. Damien Ligier and Dr. Ilaria Chillotti, FHE researchers at DESILO who are actively involved in the ongoing ISO standardization efforts. Notably, Dr. Chillotti is a co-author of the widely adopted TFHE scheme—one of the foundational cryptographic frameworks currently being standardized globally, and Dr. Ligier is a dedicated cryptography researcher with a background in FHE who has focused extensively on bridging research with industry implementation and FHE standardization.

In this interview, they share their perspective on the current state of FHE standardization, providing an overview of the work underway at ISO and NIST and discussing how these initiatives contribute to the growing maturity and adoption of privacy-preserving technologies.

Standardizing a technology is often perceived as a milestone - a signal that it has reached sufficient maturity and consensus within the community. But, as Chillotti points out, "standardization is not about declaring a technology perfect. It's about reaching a level of clarity and consensus where the community agrees on definitions, security models and how systems should interoperate." In that sense, standardization reflects the collective agreement of experts from academia and industry on precise specifications and interoperable frameworks. While it does not guarantee absolute security or optimal performance, it significantly strengthens trust and paves the way for large-scale adoption.

The standardization journey of FHE illustrates this evolution particularly well. First realized in 2009, early constructions were groundbreaking yet largely impractical. "The community first needed years of consolidation - better schemes, better parameters, better implementations before it made sense to formalize anything," Ligier notes. Over the following decade, major advances in lattice-based cryptography and FHE research dramatically improved efficiency, robustness and usability. Collaboration between industry and academia, notably through initiatives such as HomomorphicEncryption.org, helped define security levels and best practices, laying the technical foundations for formal standardization. Today, the interest shown by organizations such as ISO and NIST reflects not only the growing maturity of FHE, but also its increasing strategic importance in the broader cryptographic landscape.

Why Standardization Matters for the Enterprise

Before tracking the timelines, it is crucial to understand the business impact. "As soon as different vendors start implementing the same schemes, interoperability becomes critical," explains Chillotti. The standardization of FHE within ISO provides consistent definitions, security models, high-level parameter selection guidance and common data formats, enabling interoperable implementations across vendors and platforms.

For enterprise context, this delivers critical guarantees:

• Interoperability: Rather than prescribing exhaustive parameter choices for every deployment scenario, the standard establishes agreed security levels and general criteria to assist implementers in making informed decisions.
• Regulatory Confidence: This is particularly important for deployment in regulated and high-assurance environments such as cloud computing, confidential analytics and privacy-preserving data processing.
• Market Acceleration: As with other cryptographic standards, ISO's work does not eliminate the need for careful implementation, security analysis and context-specific evaluation, but it significantly reduces uncertainty by establishing shared technical foundations. In doing so, it strengthens trust and supports the broader industrial adoption of Fully Homomorphic Encryption.

FHE at ISO: The Road to Global Consensus

Building on the foundational work carried out by the research community and industry consortia, ISO started to consider standardizing Fully Homomorphic Encryption back in 2020. This effort evolved into the ISO/IEC 28033 series, developed under ISO/IEC JTC 1/SC 27, the subcommittee responsible for information security, cybersecurity and privacy protection.

Although ISO standards are voluntary by nature, they are often adopted by regulators and industry frameworks, giving them significant practical influence. As Ligier explains, "When ISO takes on a topic, it signals that the technology has moved beyond research curiosity and into something that industries around the world may rely on."

Within this framework, experts agreed to standardize the three principal LWE-based FHE families used in practice today: BGV/BFV, CKKS, and DM/CGGI (commonly referred to as FHEW/TFHE). In addition to scheme-specific parts, the ISO/IEC 28033 series includes a general part introducing core FHE concepts and security models. These components are currently in the final stages prior to publication, expected around the end of 2026. Further work, including scheme switching techniques and additional satellite mechanisms, is under active study for future extensions of the standard. The development of these documents has involved contributions from experts across multiple continents, reflecting the global interest in the technology. "The goal was not to pick a winner," notes Ligier, "but to provide a clear and interoperable framework for the main families that are already widely used."

Understanding the ISO Standardization Process

ISO standards are developed through a rigorous, consensus-based international process involving national delegations and technical experts from academia, industry and government. To help track the progress of FHE, here is a reference guide to the phases every ISO standard must pass through:

• PWI (Preliminary Work Item): An initial exploratory phase where a PWI is presented.
• NWIP (New Work Item Proposal): A new standard begins with an NWIP, which must be formally approved before work can proceed.
• WD (Working Draft): A working group prepares one or more drafts that progressively refine the technical content.
• CD (Committee Draft): These drafts evolve into CDs, which are circulated among participating national bodies for detailed review and comment.
• DIS (Draft International Standard): Once sufficient consensus is reached, the text is issued as a DIS for a broader formal vote and public comment.
• FDIS (Final Draft International Standard): If required, an FDIS is circulated for a final approval vote before publication.
• IS (International Standard): After approval, the document is published as an IS. Even after publication, the standard remains subject to periodic review and revision to reflect technological advances and operational feedback.

As Chillotti explains, "Each step is designed to ensure that every technical choice is openly discussed, challenged and agreed upon at an international level."

As of today, the status of ISO/IEC 28033 series are as follows:

• ISO/IEC 28033-1 Part 1: General
  • Specifies the general concepts and principles of FHE.
  • Status: DIS
• ISO/IEC 28033-2 Part 2: Mechanisms for exact arithmetic on modular integers
  • Specifies BGV/BFV schemes.
  • Status: DIS
• ISO/IEC 28033-3 Part 3: Mechanisms for arithmetic on approximate numbers
  • Specifies CKKS scheme.
  • Status: DIS
• ISO/IEC 28033-4 Part 4: Mechanisms for arithmetic based on look-up table evaluation
  • Specifies DM/CGGI schemes.
  • Status: DIS
• ISO/IEC 28033-5 Part 5: Mechanisms for scheme switching
  • Specifies scheme switching between FHE schemes from parts 2, 3 and 4.
  • Status: WD

FHE at NIST: The Quantum-Safe Validation and Threshold Cryptography

While ISO has moved forward with formal standardization, NIST is not currently standardizing Fully Homomorphic Encryption. However, NIST has played a major role in shaping the broader cryptographic landscape. NIST's standardization efforts are typically structured as open, transparent, multi-year evaluation processes involving public submissions, workshops, reports and iterative analysis. As Ligier notes, "NIST's approach encourages extensive public evaluation and discussion. Even when FHE is not directly in scope, the broader cryptographic ecosystem benefits from that openness and depth of analysis."

NIST’s indirect impact on FHE falls into two major initiatives:

• Post-Quantum Cryptography (PQC) Validation: Launched in 2016, this process recently published its first post-quantum standards in 2023-2024 as Federal Information Processing Standards (FIPS), including FIPS 203 (ML-KEM, formerly Kyber) and FIPS 204 (ML-DSA, formerly Dilithium). Both are based on Learning With Errors (LWE), the same hardness assumption underlying most modern FHE schemes. Although this does not constitute a standardization of FHE itself, NIST's endorsement of LWE-based constructions reinforces confidence in the mathematical foundations on which FHE relies. As Chillotti notes, "When NIST standardized LWE-based schemes, it indirectly strengthened trust in the hardness assumptions that FHE is built upon."
• Multi-Party Threshold Cryptography (MPTC) Project: Although NIST has not issued a dedicated call to standardize FHE, it has launched initiatives that are relevant to the technology. In particular, the NIST First Call for Multi-Party Threshold Schemes (NIST IR 8214C) explicitly covers a wide range of primitives and techniques, including those that may incorporate or relate to FHE. The objective is to build a structured body of reference materials to inform research, interoperability and potential future standards. Chillotti observes that this initiative "creates the foundations for future standardization, even if that is not the immediate goal." The process includes a preview phase (including workshops such as MPTS 2026), followed by a full submission phase. These submissions require comprehensive, open-source technical packages backed by experimental evaluation results. "What NIST is building here is not a competition, but a structured knowledge base for the community," Ligier explains. An extended public analysis phase will then evaluate and characterize the submissions, with reports expected in subsequent years.

Taken together, while NIST has not yet initiated formal FHE standardization, its endorsement of LWE-based cryptography and its active exploration of advanced primitives - including threshold techniques that may integrate FHE - signal institutional interest in the broader ecosystem. As with ISO, such engagement contributes to building confidence and technical maturity, even when it does not immediately result in a dedicated standard.

Conclusion

The standardization of Fully Homomorphic Encryption is still unfolding, but the momentum is clear. With ISO advancing formal specifications and NIST strengthening the broader cryptographic foundations particularly around LWE-based constructions and threshold techniques - FHE is steadily moving from research innovation toward industrial-grade infrastructure. These parallel efforts reflect both the growing technical maturity of the field and its increasing strategic relevance for privacy-preserving technologies. We will continue this series with follow-up blog posts offering deeper insights and updates on the progress of FHE standardization, including developments around ISO/IEC 28033 and related initiatives.

Bios

Ilaria Chillotti is a cryptography researcher at DESILO Inc (South Korea). Her main research focus is Fully Homomorphic Encryption (FHE), and more generally Privacy Enhancing Technologies and their applications. She defended her PhD in 2018 at University Paris-Saclay (France). Before joining DESILO, she worked at Microsoft Research (Redmond, USA), KU Leuven (Leuven, Belgium) and Zama (Paris, France). At Zama she was Director of Research. She is notably one of the authors of the scheme TFHE, which is one of the most studied FHE schemes nowadays. Ilaria has been involved in the standardization of FHE at ISO since its early stages in 2020.

Damien Ligier is a cryptography researcher at DESILO Inc (South Korea), where he works on Fully Homomorphic Encryption (FHE) and broader Privacy-Enhancing Technologies (PET). He completed his PhD in Computer Science in 2018 at CEA and IMT Atlantique (France), with research centered on functional encryption and its practical applications. Prior to joining DESILO, Before joining DESILO, he worked in the industry at Zama and Wallix (Paris, France). His work has ranged from cryptographic research and implementation of secure primitives to coordinating engineers and researchers, and contributing to internal knowledge dissemination. He has also been involved in the international standardization efforts on FHE.