On the Download Rate of Homomorphic Secret Sharing

Authors Ingerid Fosli, Yuval Ishai, Victor I. Kolobov, Mary Wootters

Thumbnail PDF


  • Filesize: 0.81 MB
  • 22 pages

Document Identifiers

Author Details

Ingerid Fosli
  • Google, Houston, TX, USA
Yuval Ishai
  • Technion, Haifa, Israel
Victor I. Kolobov
  • Technion, Haifa, Israel
Mary Wootters
  • Stanford University, CA, USA


We thank Elette Boyle and Tsachy Weissman for helpful conversations and the ITCS reviewers for useful comments.

Cite AsGet BibTex

Ingerid Fosli, Yuval Ishai, Victor I. Kolobov, and Mary Wootters. On the Download Rate of Homomorphic Secret Sharing. In 13th Innovations in Theoretical Computer Science Conference (ITCS 2022). Leibniz International Proceedings in Informatics (LIPIcs), Volume 215, pp. 71:1-71:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)


A homomorphic secret sharing (HSS) scheme is a secret sharing scheme that supports evaluating functions on shared secrets by means of a local mapping from input shares to output shares. We initiate the study of the download rate of HSS, namely, the achievable ratio between the length of the output shares and the output length when amortized over 𝓁 function evaluations. We obtain the following results. - In the case of linear information-theoretic HSS schemes for degree-d multivariate polynomials, we characterize the optimal download rate in terms of the optimal minimal distance of a linear code with related parameters. We further show that for sufficiently large 𝓁 (polynomial in all problem parameters), the optimal rate can be realized using Shamir’s scheme, even with secrets over 𝔽₂. - We present a general rate-amplification technique for HSS that improves the download rate at the cost of requiring more shares. As a corollary, we get high-rate variants of computationally secure HSS schemes and efficient private information retrieval protocols from the literature. - We show that, in some cases, one can beat the best download rate of linear HSS by allowing nonlinear output reconstruction and 2^{-Ω(𝓁)} error probability.

Subject Classification

ACM Subject Classification
  • Theory of computation → Cryptographic primitives
  • Information-theoretic cryptography
  • homomorphic secret sharing
  • private information retrieval
  • secure multiparty computation
  • regenerating codes


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Mark Abspoel, Ronald Cramer, Daniel Escudero, Ivan Damgård, and Chaoping Xing. Improved single-round secure multiplication using regenerating codes. IACR Cryptol. ePrint Arch., 2021:253, 2021. URL: https://eprint.iacr.org/2021/253.
  2. Donald Beaver and Joan Feigenbaum. Hiding instances in multioracle queries. In STACS 90, pages 37-48, 1990. Google Scholar
  3. Donald Beaver, Joan Feigenbaum, Joe Kilian, and Phillip Rogaway. Security with low communication overhead. In CRYPTO '90, pages 62-76, 1990. Google Scholar
  4. Amos Beimel, Yuval Ishai, Eyal Kushilevitz, and Ilan Orlov. Share conversion and private information retrieval. In CCC 2012, pages 258-268, 2012. Google Scholar
  5. Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In STOC, 1988. Google Scholar
  6. Josh Cohen Benaloh. Secret sharing homomorphisms: Keeping shares of A secret sharing. In Andrew M. Odlyzko, editor, CRYPTO '86, pages 251-260, 1986. Google Scholar
  7. Rawad Bitar and Salim El Rouayheb. Staircase codes for secret sharing with optimal communication and read overheads. IEEE Transactions on Information Theory, 64(2):933-943, 2017. Google Scholar
  8. Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, and Peter Scholl. Efficient pseudorandom correlation generators: Silent OT extension and more. In CRYPTO, pages 489-518, 2019. Google Scholar
  9. Elette Boyle, Niv Gilboa, and Yuval Ishai. Function secret sharing. In EUROCRYPT 2015, Part II, pages 337-367, 2015. Google Scholar
  10. Elette Boyle, Niv Gilboa, and Yuval Ishai. Breaking the circuit size barrier for secure computation under DDH. In Matthew Robshaw and Jonathan Katz, editors, Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I, volume 9814 of Lecture Notes in Computer Science, pages 509-539. Springer, 2016. URL: https://doi.org/10.1007/978-3-662-53018-4_19.
  11. Elette Boyle, Niv Gilboa, and Yuval Ishai. Function secret sharing: Improvements and extensions. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 1292-1303. ACM, 2016. URL: https://doi.org/10.1145/2976749.2978429.
  12. Elette Boyle, Niv Gilboa, Yuval Ishai, Huijia Lin, and Stefano Tessaro. Foundations of homomorphic secret sharing. In Anna R. Karlin, editor, 9th Innovations in Theoretical Computer Science Conference, ITCS 2018, January 11-14, 2018, Cambridge, MA, USA, volume 94 of LIPIcs, pages 21:1-21:21. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018. URL: https://doi.org/10.4230/LIPIcs.ITCS.2018.21.
  13. Elette Boyle, Lisa Kohl, and Peter Scholl. Homomorphic secret sharing from lattices without FHE. In EUROCRYPT 2019, Part II, pages 3-33, 2019. Google Scholar
  14. Zvika Brakerski, Nico Döttling, Sanjam Garg, and Giulio Malavolta. Leveraging linear decryption: Rate-1 fully-homomorphic encryption and time-lock puzzles. In TCC, 2019. Google Scholar
  15. David Chaum, Claude Crépeau, and Ivan Damgard. Multiparty unconditionally secure protocols (extended abstract). In STOC, 1988. Google Scholar
  16. Hao Chen, Ronald Cramer, Shafi Goldwasser, Robbert de Haan, and Vinod Vaikuntanathan. Secure computation from random error correcting codes. In Moni Naor, editor, Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings, volume 4515 of Lecture Notes in Computer Science, pages 291-310. Springer, 2007. URL: https://doi.org/10.1007/978-3-540-72540-4_17.
  17. Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Private information retrieval. J. ACM, 1998. Google Scholar
  18. Geoffroy Couteau and Pierre Meyer. Breaking the circuit size barrier for secure computation under quasi-polynomial LPN. In EUROCRYPT 2021, Part II, pages 842-870, 2021. Google Scholar
  19. Thomas Cover and Joy Thomas. Elements of Information Theory, 2nd Edition. Wiley, 2006. Google Scholar
  20. Ronald Cramer, Ivan Damgård, and Yuval Ishai. Share conversion, pseudorandom secret-sharing and applications to secure computation. In Joe Kilian, editor, Theory of Cryptography, Second Theory of Cryptography Conference, TCC 2005, Cambridge, MA, USA, February 10-12, 2005, Proceedings, volume 3378 of Lecture Notes in Computer Science, pages 342-362. Springer, 2005. URL: https://doi.org/10.1007/978-3-540-30576-7_19.
  21. Ronald Cramer, Ivan Damgård, and Ueli M. Maurer. General secure multi-party computation from any linear secret-sharing scheme. In EUROCRYPT, 2000. Google Scholar
  22. Alexandros G Dimakis, P Brighten Godfrey, Yunnan Wu, Martin J Wainwright, and Kannan Ramchandran. Network coding for distributed storage systems. IEEE transactions on information theory, 56(9):4539-4551, 2010. Google Scholar
  23. Alexandros G Dimakis, Kannan Ramchandran, Yunnan Wu, and Changho Suh. A survey on network codes for distributed storage. Proceedings of the IEEE, 99(3):476-489, 2011. Google Scholar
  24. Yevgeniy Dodis, Shai Halevi, Ron D. Rothblum, and Daniel Wichs. Spooky encryption and its applications. In Matthew Robshaw and Jonathan Katz, editors, Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part III, volume 9816 of Lecture Notes in Computer Science, pages 93-122. Springer, 2016. URL: https://doi.org/10.1007/978-3-662-53015-3_4.
  25. Nico Döttling, Sanjam Garg, Yuval Ishai, Giulio Malavolta, Tamer Mour, and Rafail Ostrovsky. Trapdoor hash functions and their applications. In CRYPTO 2019, Part III, pages 3-32, 2019. Google Scholar
  26. Klim Efremenko. 3-query locally decodable codes of subexponential length. In STOC, 2009. Google Scholar
  27. Karim Eldefrawy, Nicholas Genise, Rutuja Kshirsagar, and Moti Yung. On regenerating codes and proactive secret sharing: Relationships and implications. In Colette Johnen, Elad Michael Schiller, and Stefan Schmid, editors, Stabilization, Safety, and Security of Distributed Systems - 23rd International Symposium, SSS 2021, Virtual Event, November 17-20, 2021, Proceedings, volume 13046 of Lecture Notes in Computer Science, pages 350-364. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-91081-5_23.
  28. Paul Erdős and Haim Hanini. On a limit theorem in combinatorical analysis. Publ. Math. Debrecen, 10:10-13, 1963. Google Scholar
  29. Nelly Fazio, Rosario Gennaro, Tahereh Jafarikhah, and William E. Skeith III. Homomorphic secret sharing from Paillier encryption. In Provable Security, 2017. Google Scholar
  30. Ingerid Fosli, Yuval Ishai, Victor I. Kolobov, and Mary Wootters. On the download rate of homomorphic secret sharing. IACR Cryptol. ePrint Arch., 2021:1532, 2021. Full version of this paper. URL: https://eprint.iacr.org/2021/1532.
  31. Matthew K. Franklin and Moti Yung. Communication complexity of secure computation (extended abstract). In S. Rao Kosaraju, Mike Fellows, Avi Wigderson, and John A. Ellis, editors, Proceedings of the 24th Annual ACM Symposium on Theory of Computing, May 4-6, 1992, Victoria, British Columbia, Canada, pages 699-710. ACM, 1992. URL: https://doi.org/10.1145/129712.129780.
  32. Berndt M Gammel and Stefan Mangard. On the duality of probing and fault attacks. Journal of electronic testing, 26(4):483-493, 2010. Google Scholar
  33. Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google Scholar
  34. Craig Gentry and Shai Halevi. Compressible FHE with applications to PIR. In TCC, 2019. Google Scholar
  35. Yael Gertner, Yuval Ishai, Eyal Kushilevitz, and Tal Malkin. Protecting data privacy in private information retrieval schemes. In Jeffrey Scott Vitter, editor, Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, Dallas, Texas, USA, May 23-26, 1998, pages 151-160. ACM, 1998. URL: https://doi.org/10.1145/276698.276723.
  36. Niv Gilboa and Yuval Ishai. Compressing cryptographic resources. In Michael J. Wiener, editor, Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 591-608. Springer, 1999. URL: https://doi.org/10.1007/3-540-48405-1_37.
  37. Venkatesan Guruswami and Mary Wootters. Repairing reed-solomon codes. In Daniel Wichs and Yishay Mansour, editors, Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, June 18-21, 2016, pages 216-226. ACM, 2016. URL: https://doi.org/10.1145/2897518.2897525.
  38. Wentao Huang and Jehoshua Bruck. Secret sharing with optimal decoding and repair bandwidth. In 2017 IEEE International Symposium on Information Theory, ISIT 2017, Aachen, Germany, June 25-30, 2017, pages 1813-1817. IEEE, 2017. URL: https://doi.org/10.1109/ISIT.2017.8006842.
  39. Wentao Huang, Michael Langberg, Jörg Kliewer, and Jehoshua Bruck. Communication efficient secret sharing. IEEE Trans. Inf. Theory, 62(12):7195-7206, 2016. URL: https://doi.org/10.1109/TIT.2016.2616144.
  40. Yuval Ishai, Russell W. F. Lai, and Giulio Malavolta. A geometric approach to homomorphic secret sharing. In PKC 2021, Part II, pages 92-119, 2021. Google Scholar
  41. Mitsuru Ito, Akira Saito, and Takao Nishizeki. Secret sharing scheme realizing general access structure. Electronics and Communications in Japan (Part III: Fundamental Electronic Science), 72(9):56-64, 1989. Google Scholar
  42. Russell W. F. Lai, Giulio Malavolta, and Dominique Schröder. Homomorphic secret sharing for low degree polynomials. In ASIACRYPT, 2018. Google Scholar
  43. James L Massey. Some applications of coding theory in cryptography. Codes and Ciphers: Cryptography and Coding IV, pages 33-47, 1995. Google Scholar
  44. Claudio Orlandi, Peter Scholl, and Sophia Yakoubov. The rise of Paillier: Homomorphic secret sharing and public-key silent OT. In EUROCRYPT 2021, Part I, pages 678-708, 2021. Google Scholar
  45. Ankit Singh Rawat, Onur Ozan Koyluoglu, and Sriram Vishwanath. Centralized repair of multiple node failures with applications to communication efficient secret sharing. IEEE Transactions on Information Theory, 64(12):7529-7550, 2018. Google Scholar
  46. Ronald L. Rivest, Len Adleman, and Michael L. Dertouzos. On data banks and privacy homomorphisms. In Richard A. DeMillo, David P. Dobkin, Anita K. Jones, and Richard J. Lipton, editors, Foundations of Secure Computation, pages 165-179. Academic Press, 1978. Google Scholar
  47. Lawrence Roy and Jaspal Singh. Large message homomorphic secret sharing from DCR and applications. In CRYPTO 2021, Part III, pages 687-717, 2021. Google Scholar
  48. Nihar B. Shah, K. V. Rashmi, and Kannan Ramchandran. One extra bit of download ensures perfectly private information retrieval. In 2014 IEEE International Symposium on Information Theory, Honolulu, HI, USA, June 29 - July 4, 2014, pages 856-860. IEEE, 2014. URL: https://doi.org/10.1109/ISIT.2014.6874954.
  49. Adi Shamir. How to share a secret. Communications of the Association for Computing Machinery, 1979. Google Scholar
  50. Karthikeyan Shanmugam, Dimitris S Papailiopoulos, Alexandros G Dimakis, and Giuseppe Caire. A repair framework for scalar mds codes. IEEE Journal on Selected Areas in Communications, 32(5):998-1007, 2014. Google Scholar
  51. Noah Shutty and Mary Wootters. Low-bandwidth recovery of linear functions of reed-solomon-encoded data. arXiv preprint arXiv:2107.11847, 2021. Google Scholar
  52. Hua Sun and Syed Ali Jafar. The capacity of private information retrieval. In 2016 IEEE Global Communications Conference, GLOBECOM 2016, Washington, DC, USA, December 4-8, 2016, pages 1-6. IEEE, 2016. URL: https://doi.org/10.1109/GLOCOM.2016.7842315.
  53. Hua Sun and Syed Ali Jafar. Optimal download cost of private information retrieval for arbitrary message length. IEEE Trans. Inf. Forensics Secur., 12(12):2920-2932, 2017. URL: https://doi.org/10.1109/TIFS.2017.2725225.
  54. Itzhak Tamo, Min Ye, and Alexander Barg. Optimal repair of reed-solomon codes: Achieving the cut-set bound. In Chris Umans, editor, 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, Berkeley, CA, USA, October 15-17, 2017, pages 216-227. IEEE Computer Society, 2017. URL: https://doi.org/10.1109/FOCS.2017.28.
  55. Sergey Yekhanin. Towards 3-query locally decodable codes of subexponential length. In STOC, 2007. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail