_%20How%20They%20Work%20and%20Why%20They%20Matter.png)
%20Public%20Testnet%20and%20Incentivized%20Testnets.png)
Ready to build with us?
Explore our docs and start building with Ika
Threshold FHE with Efficient Asynchronous Decryption
April 22, 2025
Zvika Brakerski, Advisor to dWallet Labs
Offir Friedman, dWallet Labs
Avichai Marmor, dWallet Labs
Dolev Mutzari, dWallet Labs
Yuval Spiizer, dWallet Labs
Ni Trieu, Advisor to dWallet Labs
Abstract
A Threshold Fully Homomorphic Encryption (ThFHE) scheme enables the generation of a global public key and secret key shares for multiple parties, allowing any threshold of these parties to collaboratively decrypt a ciphertext without revealing their individual secret keys. By leveraging the homomorphic properties of FHE, this scheme supports the distributed computation of arbitrary functions across multiple parties. As distributed execution of cryptographic tasks
becomes popular, the demand for ThFHE schemes grows accordingly. We identify three major challenges with existing solutions. (i) They often take unrealistic assumptions with regards to the network model, assuming the threshold of parties to participate in decryption is known a-priori, available throughout multiple communication rounds, and is consistent between parties. (ii) They incur a super-linear overhead on the underlying FHE public parameters. Both issues pose challenges on scaling with the number of parties. (iii) The require heavyweight Zero-Knowledge Proofs (ZKPs) during decryption, thereby introducing a significant computational overhead in order to tolerate malicious behavior.
In this work, we introduce a ThFHE scheme that faces the above three challenges simultaneously, and is designed to scale with the number of parties N.
Our scheme operates within the well-established asynchronous communication model. At the same time, upon decryption, the ciphertext only incurs a linear 3/4N + t additive overhead on the ciphertext modulus size. Additionally, when allowed to rely on none Post Quantum (PQ)-secure additively homomorphic encryption schemes, we provide a method with an O(1) overhead, independent of N. Lastly, we propose a preprocessing technique, that allows the parties to batch and preprocess all necessary ZKPs in an offline phase, before the encrypted inputs and evaluation circuit are determined. In turn, this enables the system to effectively manage traffic spikes, by exploiting idle periods to preform the ZKPs.
We build on a ring-based FHE scheme, specifically using the BGV scheme for clarity and concreteness. Nonetheless, the techniques also apply to BFV, CKKS, and TFHE schemes.
.png)
