The paper proposes a fully homomorphic encryption (FHE) scheme, which allows evaluating circuits over encrypted data without decrypting it. The solution is divided into three steps: first, a general result is provided that constructing an FHE scheme is equivalent to constructing one that can evaluate its own decryption circuit, known as a bootstrappable scheme. Next, a public key encryption scheme using ideal lattices is described, which is almost bootstrappable but has a decryption circuit with a depth that is logarithmic in the lattice dimension. Finally, a technique is presented to modify the scheme to reduce the depth of the decryption circuit, making it bootstrappable without increasing the depth of the circuit that can be evaluated. The paper also discusses the security and correctness of the scheme, including semantic security and the correctness of decryption for permitted circuits. The scheme is semantically secure against chosen plaintext attacks but not against adaptive chosen ciphertext attacks due to its malleability. The paper concludes with a discussion of related work and the challenges of achieving CCA2 security for FHE schemes.The paper proposes a fully homomorphic encryption (FHE) scheme, which allows evaluating circuits over encrypted data without decrypting it. The solution is divided into three steps: first, a general result is provided that constructing an FHE scheme is equivalent to constructing one that can evaluate its own decryption circuit, known as a bootstrappable scheme. Next, a public key encryption scheme using ideal lattices is described, which is almost bootstrappable but has a decryption circuit with a depth that is logarithmic in the lattice dimension. Finally, a technique is presented to modify the scheme to reduce the depth of the decryption circuit, making it bootstrappable without increasing the depth of the circuit that can be evaluated. The paper also discusses the security and correctness of the scheme, including semantic security and the correctness of decryption for permitted circuits. The scheme is semantically secure against chosen plaintext attacks but not against adaptive chosen ciphertext attacks due to its malleability. The paper concludes with a discussion of related work and the challenges of achieving CCA2 security for FHE schemes.