TY - GEN
T1 - Threshold Homomorphic Secret Sharing
T2 - 31st Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2025
AU - Wang, Xinzhou
AU - Sun, Shi Feng
AU - Yang, Rupeng
AU - Gong, Junqing
AU - Gu, Dawu
AU - Luo, Yuan
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2026.
PY - 2026
Y1 - 2026
N2 - Homomorphic Secret Sharing (HSS) allows clients to split their inputs among several servers, and supports the servers to homomorphically evaluate public functions over their local shares, such that the function value of the inputs can be efficiently reconstructed from the output shares of the servers. For all existing schemes, all servers are required to participate in the reconstruction process, and the reconstruction will fail even if one server is missing. In this work, we study HSS that supports threshold reconstruction, where the reconstruction still works even if a few servers fail. We first formalize the syntax and security notions of threshold HSS in the public-key setup model, which is a popular model in the literature. Then we present a new generic construction of HSS, which is the first construction that enjoys both threshold reconstruction and public reconstruction. To this end, we introduce a refined version of functional encryption, named HSS-friendly functional encryption. Furthermore, we instantiate our construction with quadratic functional encryption schemes modified from existing works. Compared with the state-of-the-art, our concrete scheme achieves the threshold reconstruction at the expense of slightly increasing the communication complexity.
AB - Homomorphic Secret Sharing (HSS) allows clients to split their inputs among several servers, and supports the servers to homomorphically evaluate public functions over their local shares, such that the function value of the inputs can be efficiently reconstructed from the output shares of the servers. For all existing schemes, all servers are required to participate in the reconstruction process, and the reconstruction will fail even if one server is missing. In this work, we study HSS that supports threshold reconstruction, where the reconstruction still works even if a few servers fail. We first formalize the syntax and security notions of threshold HSS in the public-key setup model, which is a popular model in the literature. Then we present a new generic construction of HSS, which is the first construction that enjoys both threshold reconstruction and public reconstruction. To this end, we introduce a refined version of functional encryption, named HSS-friendly functional encryption. Furthermore, we instantiate our construction with quadratic functional encryption schemes modified from existing works. Compared with the state-of-the-art, our concrete scheme achieves the threshold reconstruction at the expense of slightly increasing the communication complexity.
KW - Functional Encryption
KW - Homomorphic Secret Sharing
KW - Threshold Cryptosystem
UR - https://www.scopus.com/pages/publications/105024759259
U2 - 10.1007/978-981-95-5119-4_18
DO - 10.1007/978-981-95-5119-4_18
M3 - 会议稿件
AN - SCOPUS:105024759259
SN - 9789819551187
T3 - Lecture Notes in Computer Science
SP - 570
EP - 600
BT - Advances in Cryptology - ASIACRYPT 2025 - 31st International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
A2 - Hanaoka, Goichiro
A2 - Yang, Bo-Yin
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 8 December 2025 through 12 December 2025
ER -