TAPAS: Efficient Two-Server Asymmetric Private Aggregation Beyond Prio(+)

TL;DR

TAPAS introduces an efficient, asymmetric two-server private aggregation protocol that reduces communication costs, enhances robustness, and is secure against quantum attacks, suitable for high-dimensional federated learning tasks.

Contribution

It presents the first lattice-based, post-quantum secure two-server aggregation scheme with asymmetric workload distribution and identifiable abort, improving efficiency and robustness over prior symmetric protocols.

Findings

Server-side communication independent of input dimension L

Achieves post-quantum security based on lattice assumptions

Supports identifiable abort and malicious security for servers

Abstract

Privacy-preserving aggregation is a cornerstone for AI systems that learn from distributed data without exposing individual records, especially in federated learning and telemetry. Existing two-server protocols (e.g., Prio and successors) set a practical baseline by validating inputs while preventing any single party from learning users' values, but they impose symmetric costs on both servers and communication that scales with the per-client input dimension $L$. Modern learning tasks routinely involve dimensionalities $L$ in the tens to hundreds of millions of model parameters. We present TAPAS, a two-server asymmetric private aggregation scheme that addresses these limitations along four dimensions: (i) no trusted setup or preprocessing, (ii) server-side communication that is independent of $L$ (iii) post-quantum security based solely on standard lattice assumptions (LWE, SIS), and (iv) stronger robustness with identifiable abort and full malicious security for the servers. A key design choice is intentional asymmetry: one server bears the $O(L)$ aggregation and verification work, while the other operates as a lightweight facilitator with computation independent of $L$. This reduces total cost, enables the secondary server to run on commodity hardware, and strengthens the non-collusion assumption of the servers. One of our main contributions is a suite of new and efficient lattice-based zero-knowledge proofs; to our knowledge, we are the first to establish privacy and correctness with identifiable abort in the two-server setting.