An $(n,m,t)$-homomorphic secret sharing (HSS) scheme for a function family $\mathcal F$ allows $n$ clients to share their data $x_{1}, \ldots,x_{n}$ among $m$ servers and then distribute the computation of any function $f\in {\mathcal F}$ to the servers such that: (i) any $t$ colluding servers learn no information about the data; (ii) each server is able to compute a partial result and $f(x_{1}, \ldots,x_{n})$ can be reconstructed from the servers’ partial results. HSS schemes cannot guarantee correct reconstruction, if some servers are malicious and provide wrong partial results. Recently, verifiable HSS (VHSS) has been introduced to achieve an additional property: (iii) any $t$ colluding servers cannot persuade the client(s) to accept their partial results and reconstruct a wrong value. The property (iii) is usually achieved by the client verifying the servers’ partial results. A VHSS scheme is compact if the verification is substantially faster than locally computing $f(x_{1},\ldots,x_{n})$. Of the existing VHSS schemes for polynomials, some are not compact; the others are compact but impose very heavy workload on the servers, even for low degree polynomials (e.g., they are at least 4000× slower than the existing HSS schemes in order to evaluate polynomials of degree $\leq 5$, which have many applications such as privacy-preserving machine learning). In this paper, we propose both a single-client VHSS (SVHSS) model and a multi-client VHSS (MVHSS) model. Our SVHSS allows a client to use a secret key to share its data among servers; our MVHSS allows multiple clients to share their data with a public key. For any integers $m,t>0$, we constructed both an $(m,t)$-SVHSS scheme and an $(m,t)$-MVHSS scheme that satisfy the properties of (i)-(iii). Our constructions are based on level-$k$ homomorphic encryptions. The $(m,t)$-SVHSS and $(m,t)$-MVHSS are compact and allow the computations of degree-$d$ polynomials for $d\leq ((k+1)m-1)/t$ and $d\leq ((k+1)(m-t)-1)/t$, respe...