Threshold FHE with Efficient Asynchronous Decryption

Zvika Brakerski; Offir Friedman; Avichai Marmor; Dolev Mutzari; Yuval Spiizer; Ni Trieu

Paper 2025/712

Threshold FHE with Efficient Asynchronous Decryption

Zvika Brakerski

, Advisor to dWallet Labs

Offir Friedman, dWallet Labs

Avichai Marmor, dWallet Labs

Dolev Mutzari, dWallet Labs

Yuval Spiizer, dWallet Labs

Ni Trieu

, Advisor to dWallet Labs

Abstract

A Threshold Fully Homomorphic Encryption (ThFHE) scheme enables the generation of a global public key and secret key shares for multiple parties, allowing any threshold of these parties to collaboratively decrypt a ciphertext without revealing their individual secret keys. By leveraging the homomorphic properties of FHE, this scheme supports the distributed computation of arbitrary functions across multiple parties. As distributed execution of cryptographic tasks becomes popular, the demand for ThFHE schemes grows accordingly. We identify three major challenges with existing solutions. (i) They often take unrealistic assumptions with regards to the network model, assuming the threshold of parties to participate in decryption is known a-priori, available throughout multiple communication rounds, and is consistent between parties. (ii) They incur a super-linear overhead on the underlying FHE public parameters. Both issues pose challenges on scaling with the number of parties. (iii) The require heavyweight Zero-Knowledge Proofs (ZKPs) during decryption, thereby introducing a significant computational overhead in order to tolerate malicious behavior. In this work, we introduce a \thfhe scheme that faces the above three challenges simultaneously, and is designed to scale with the number of parties N. Our scheme operates within the well-established asynchronous communication model. At the same time, upon decryption, the ciphertext only incurs a linear 3/4N + t additive overhead on the ciphertext modulus size. Additionally, when allowed to rely on none Post Quantum (PQ)-secure additively homomorphic encryption schemes, we provide a method with an O(1) overhead, independent of N. Lastly, we propose a preprocessing technique, that allows the parties to batch and preprocess all necessary ZKPs in an offline phase, before the encrypted inputs and evaluation circuit are determined. In turn, this enables the system to effectively manage traffic spikes, by exploiting idle periods to preform the ZKPs. We build on a ring-based FHE scheme, specifically using the BGV scheme for clarity and concreteness. Nonetheless, the techniques also apply to BFV, CKKS, and TFHE schemes.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: Threshold FHE Decentralized Applications
Contact author(s): zvika @ mail bz-sci com
offir @ dwalletlabs com
avichai @ dwalletlabs com
dolev @ dwalletlabs com
yuval @ dwalletlabs com
ni @ dwalletlabs com
History: 2025-04-21: approved; 2025-04-20: received; See all versions
Short URL: https://ia.cr/2025/712
License: CC BY

BibTeX

@misc{cryptoeprint:2025/712,
      author = {Zvika Brakerski and Offir Friedman and Avichai Marmor and Dolev Mutzari and Yuval Spiizer and Ni Trieu},
      title = {Threshold {FHE} with Efficient Asynchronous Decryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/712},
      year = {2025},
      url = {https://eprint.iacr.org/2025/712}
}