For example, if n parties participate and n-1 private key is leaked, can the ciphertext still not be decrypted?
I assume the question is about threshold FHE. If n-1 parties collude, the ciphertext still cannot be decrypted. So as long as the last party does not learn the secret shares of other n-1 parties, the ciphertext cannot be decrypted.
ok,I have a few more questions. The first question is whether in threshold homomorphic encryption, the computing and analyzing parties can be considered as a whole, such as whether a server can simultaneously play both roles. The second question is whether I can decrypt the final aggregation result without an analyzer. For example, after the server aggregates, the ciphertext is sent to various clients, and then each client decrypts it with its own private key. The decrypted content is then sent to the server, so that the server aggregates again to obtain the plaintext result. Is this okay
The first question is whether in threshold homomorphic encryption, the computing and analyzing parties can be considered as a whole, such as whether a server can simultaneously play both roles.
So you are saying, this merged party would have a secret key share and it can also perform the homomorphic computation, right? Yes, it should be theoretically possible. This party will not be able to learn the other secret share.
The second question is whether I can decrypt the final aggregation result without an analyzer. For example, after the server aggregates, the ciphertext is sent to various clients, and then each client decrypts it with its own private key. The decrypted content is then sent to the server, so that the server aggregates again to obtain the plaintext result. Is this okay
Theoretically this is possible, though not sure whether it is practically reasonable. I assume by the first aggregation you are referring to a homomorphic computation (addition). The second aggregation is the summation of partial decryptions. If flooding is properly done by each decrypting party, then this should still be mostly secure. There might be some data leakage because the aggregator will get to see the final results + she will know the actual computation. It may help in reconstructing the plaintext inputs.
ok,I also want to ask a question, which is that after the server aggregates the ciphertext, it needs to be decrypted. However, I do not want a third-party analyst to participate in decryption. Is decryption possible between the server and the client? The server sends the aggregated ciphertext back to the client, and the client decrypts a portion with their own private key. The client then sends the decrypted content back to the server, and the server aggregates it into plaintext. Is this feasible, Does the client’s return involve verification?Does the decryption of client feedback involve verification here? The verification client uses ciphertext transmitted from the server for decryption, rather than using their own forged decryption and uploading it to the server. Is there such verification.