Lab

Paillier homomorphic addition demo

A tiny, educational Paillier demo showing additively homomorphic encryption with toy parameters.

JavaScript Required

The FHE demo requires JavaScript to run in your browser. Please enable JavaScript to use this tool.

Educational only - not production crypto

This demo uses tiny numbers and a toy Paillier-like setup so you can see homomorphic addition in action. It is not secure and should never be used for real data.

What this is

A toy Paillier encryption demo that shows additively homomorphic computation: encrypted numbers can be combined without revealing plaintext. The math is intentionally tiny so you can inspect each step.

Who it's for

Engineers who want an intuition for encrypted computation.
Builders exploring privacy-preserving analytics ideas.
Students learning modern cryptography concepts.

Builder notes

This lab is intentionally practical: run one simple example, inspect the math, then change parameters and observe what moves.

Start with small values and confirm decrypted sums are correct.
Enable intermediate steps and map each line to the formulas below.
Randomize primes and compare how ciphertext values change.

Learning resources

These are background references; this lab stays toy-sized and browser-local.

Add two integers without revealing them

Your browser encrypts each value, a simulated server multiplies ciphertexts, and the browser decrypts the sum.

Value A Value B

Ciphertext A

Ciphertext B

Server sum (ciphertext)

Client decrypted sum

Homomorphic addition: the server multiplies ciphertext A and ciphertext B modulo n^2 to produce the ciphertext of (A + B). The browser then decrypts that sum.

How the math works

Encrypt: c = g^m * r^n mod n^2 (m is A or B, r is random so the same input encrypts differently each time).
Combine: c_sum = c_a * c_b mod n^2 (this corresponds to m_a + m_b).
Decrypt: m = L(c^lambda mod n^2) * mu mod n, where L(u) = (u - 1) / n.

Pick values and run the demo.

Toy key parameters

Random tiny primes and derived values used for the demo. These are intentionally small and not secure.

Prime p

Prime q

n = p × q

n^2

Lambda (lcm)

Mu (mod inverse)

Limitations

Uses tiny primes and BigInt math for clarity, not security.
Ciphertexts are much larger than plaintext inputs.
Performance does not scale; production homomorphic encryption is far heavier.

Security model (30 seconds)

This is a toy Paillier-style construction with tiny primes. It demonstrates additively homomorphic encryption but provides no real security. No server-side secrets and no user tracking are used. Do not use it for production data.