Arbitrary-Threshold Fully Homomorphic Encryption with Lower Complexity

TL;DR

The paper tackles the practicality of arbitrary-threshold fully homomorphic encryption (AThFHE) by reducing ThFHE construction to an approximate secret sharing (ApproxSS) primitive. It introduces ATASSES, a BFV-based, encrypted-share ApproxSS that achieves major efficiency gains over existing schemes, reducing computation from $O(N^2K)$ and communication from $O(NK)$ to $O(N^2+NK)$ and $O(N+K)$ respectively. The construction supports robust non-participant tolerance without requiring prior knowledge of the participant set and provides formal correctness and security guarantees under RLWE assumptions. Experimental results on up to 1000 parties show substantial speedups (3.83x–15.4x) over baselines, highlighting strong practical potential for large-scale privacy-preserving federated computation. The work also contributes foundational insights into ApproxSS and lays groundwork for broader applications in secure multi-party computation and differential privacy.

Abstract

Threshold fully homomorphic encryption (ThFHE) enables multiple parties to compute functions over their sensitive data without leaking data privacy. Most of existing ThFHE schemes are restricted to full threshold and require the participation of \textit{all} parties to output computing results. Compared with these full-threshold schemes, arbitrary threshold (ATh)-FHE schemes are robust to non-participants and can be a promising solution to many real-world applications. However, existing AThFHE schemes are either inefficient to be applied with a large number of parties $N$ and a large data size $K$, or insufficient to tolerate all types of non-participants. In this paper, we propose an AThFHE scheme to handle all types of non-participants with lower complexity over existing schemes. At the core of our scheme is the reduction from AThFHE construction to the design of a new primitive called \textit{approximate secret sharing} (ApproxSS). Particularly, we formulate ApproxSS and prove the correctness and security of AThFHE on top of arbitrary-threshold (ATh)-ApproxSS's properties. Such a reduction reveals that existing AThFHE schemes implicitly design ATh-ApproxSS following a similar idea called ``noisy share''. Nonetheless, their ATh-ApproxSS design has high complexity and become the performance bottleneck. By developing ATASSES, an ATh-ApproxSS scheme based on a novel ``encrypted share'' idea, we reduce the computation (resp. communication) complexity from $\mathcal{O}(N^2K)$ to $\mathcal{O}(N^2+K)$ (resp. from $\mathcal{O}(NK)$ to $\mathcal{O}(N+K)$). We not only theoretically prove the (approximate) correctness and security of ATASSES, but also empirically evaluate its efficiency against existing baselines. Particularly, when applying to a system with one thousand parties, ATASSES achieves a speedup of $3.83\times$ -- $15.4\times$ over baselines.

Figures (7)

• Figure 1: An overview of our main results.
• Figure 2: System model with three types of parties.
• Figure 3: An illustration of approximate secret sharing.
• Figure 4: Description of $\mathsf{Expt}_{\mathcal{A},\mathsf{Real}}(\chi)$ and $\mathsf{Expt}_{\mathcal{A},\mathsf{Ideal}}(\chi)$. Their differences are highlighted by red, underlined parts.
• Figure 5: Illustration of Our ThFHE construction

Theorems & Definitions (12)

• Definition 1: Vanilla Secret Sharing
• Definition 2: Approximate Secret Sharing
• Definition 3: Approximate Security
• Definition 4: Approximate Correctness
• Lemma 1: Noise Smudging
• Theorem 1: Correctness of ThFHE
• Theorem 2: Security of ThFHE
• Theorem 3: ATASSES's Properties
• Theorem \ref{theo:MPHE-correctness}: Correctness of ThFHE, Restated
• Theorem \ref{theo:MPHE-security}: Security of ThFHE, Restated