Scooby: improved multi-party homomorphic secret sharing based on FHE

In this paper we present new constructions of multi-party homomorphic secret sharing (HSS) based on a new primitive that we call homomorphic encryption with decryption to shares (HEDS). Our first scheme, which we call Scooby, is based on many popular fully homomorphic encryption (FHE) schemes with a linear decryption property. Scooby achieves an n-party HSS for general circuits with complexity O(|F|+log⁡n), as opposed to O(n2⋅|F|) for the prior best construction based on multi-key FHE. Scooby relies on a trusted setup procedure, and can be based on (ring)-LWE with a super-polynomial modulus-to-noise ratio. In our second construction, Scrappy, assuming any generic FHE plus HSS for NC1-circuits, we obtain a HEDS scheme which does not require a super-polynomial modulus. While these schemes all require FHE, in another instantiation, Shaggy, we show how it is also possible to obtain multi-party HSS without FHE, instead relying on the DCR assumption to obtain 4-party HSS for constant-degree polynomials.