There are currently FHE implementation for
Except for speed testing, amortized or not, one meaningful usage is mitigating form side channel analysis. Intel, AMD, or ARM can implement this algorithms secured from known side channel attacks and even from cache attacks and , actually, we can have such software versions, too.
Are there any other meaningful usage for FHE block ciphers?
The main advantage I have heard is reducing the amount of data the client has to send to the cloud.
As said in A Comparison of the Homomorphic Encryption Schemes FV and YASHE:
[...] ciphertext expansion (i.e. the ciphertext size divided by the plaintext size) of current FHE schemes is prohibitive (thousands to millions). For example using techniques in [CNT12] (for 72 bits of claimed security), sending 4MB of data on which the cloud is allowed to operate, would require to send more than 73TB of encrypted data over the network.
And to solve this issue, clients could encrypt their data with some block cipher instead of encrypting with a homomorphic encryption scheme.
Then, clients would just send their FHE public keys with the encrypted data.
On the other hand, the cloud would have to encrypt with the FHE scheme the ciphertexts received (using the clients' public key) and homomorphically decrypt them (running the block cipher's decryption function homomorphically) before they are processed.
Since block ciphers have very small ciphertext expansion, sending the data encrypted with AES (for instance) plus sending the public key means sending much less data then sending only the data encrypted with a FHE scheme.
This is also the application commented in Homomorphic Evaluation of the AES Circuit.
