Paper 2018/419

Homomorphic Secret Sharing: Optimizations and Applications

Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, and Michele Orrù


We continue the study of Homomorphic Secret Sharing (HSS), recently introduced by Boyle et al. (Crypto 2016, Eurocrypt 2017). A (2-party) HSS scheme splits an input x into shares (x0, x1) such that (1) each share computationally hides x, and (2) there exists an efficient homomorphic evaluation algorithm Eval such that for any function (or “program”) P from a given class it holds that Eval(x0,P)+Eval(x1,P) = P(x). Boyle et al. show how to construct an HSS scheme for branching programs, with an inverse polynomial error, using discrete-log type assumptions such as DDH. We make two types of contributions. Optimizations. We introduce new optimizations that speed up the previous optimized implementation of Boyle et al. by more than a factor of 30, significantly reduce the share size, and reduce the rate of leakage induced by selective failure. Applications. Our optimizations are motivated by the observation that there are natural application scenarios in which HSS is useful even when applied to simple computations on short inputs. We demonstrate the practical feasibility of our HSS implementation in the context of such applications.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Homomorphic secret sharingsecure computationapplications
Contact author(s)
geoffroy couteau @ kit edu
2018-05-11: revised
2018-05-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Elette Boyle and Geoffroy Couteau and Niv Gilboa and Yuval Ishai and Michele Orrù},
      title = {Homomorphic Secret Sharing: Optimizations and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2018/419},
      year = {2018},
      doi = {10.1145/3133956.3134107},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.