Optimal Rate Region for Multi-server Secure Aggregation with User Collusion

TL;DR

This paper characterizes the optimal communication and key rates for multi-server secure aggregation systems with user collusion, revealing fundamental tradeoffs and advantages of multi-server architectures over single-server setups.

Contribution

It provides a complete information-theoretic characterization of the optimal rate region for multi-server secure aggregation with collusion, including new bounds on key and communication rates.

Findings

Minimum communication and key rates are one symbol per input.

Optimal source key rate is min{U+V+T-2, UV-1}.

Multi-server setup reduces key randomness compared to single-server systems.

Abstract

Secure aggregation is a fundamental primitive in privacy-preserving distributed learning systems, where an aggregator aims to compute the sum of users' inputs without revealing individual data. In this paper, we study a multi-server secure aggregation problem in a two-hop network consisting of multiple aggregation servers and multiple users per server, under the presence of user collusion. Each user communicates only with its associated server, while the servers exchange messages to jointly recover the global sum. We adopt an information-theoretic security framework, allowing up to $T$ users to collude with any server. We characterize the complete optimal rate region in terms of user-to-server communication rate, server-to-server communication rate, individual key rate, and source key rate. Our main result shows that the minimum communication and individual key rates are all one symbol per input symbol, while the optimal source key rate is given by $\min\{U+V+T-2,\, UV-1\}$, where $U$ denotes the number of servers and $V$ the number of users per server. The achievability is established via a linear key construction that ensures correctness and security against colluding users, while the converse proof relies on tight entropy bounds derived from correctness and security constraints. The results reveal a fundamental tradeoff between security and key efficiency and demonstrate that the multi-server architecture can significantly reduce the required key randomness compared to single-server secure aggregation. Our findings provide a complete information-theoretic characterization of secure aggregation in multi-server systems with user collusion.