On the Capacity of Hierarchical Secure Aggregation with Groupwise Keys

TL;DR

This paper characterizes the optimal rate region for hierarchical secure aggregation with groupwise keys, establishing security constraints, minimum transmission rates, and explicit coding schemes.

Contribution

It provides a complete characterization of the feasible regime, minimum key rates, and explicit coding schemes for hierarchical secure aggregation with groupwise keys.

Findings

Feasibility is impossible when G=1.

Both users and relays must transmit at least one symbol per input symbol.

The minimum groupwise key rate is explicitly characterized.

Abstract

We study the hierarchical secure aggregation problem with groupwise keys. The problem consists of an aggregation server, $U$ relays, and $UV$ users, where each relay serves $V$ disjoint users, and each subset of $G$ users shares an independent groupwise key. Two security requirements are imposed: relay security and server security. Specifically, each relay must not learn any information about the users' inputs, and the server must not learn any additional information beyond the recovered sum of all inputs. We first show that the problem is infeasible when $G = 1$. For the feasible regime $1 < G \le UV$, we fully characterize the optimal rate region. In particular, we prove that both each user and each relay must transmit at least one symbol per input symbol. Furthermore, we characterize the minimum required groupwise key rate as $\max\left\{\frac{V}{\binom{UV}{G} - \binom{(U-1)V}{G}},\; \frac{U - 1}{\binom{UV}{G} - U \binom{V}{G}}\right\},$ where the two terms correspond to the constraints imposed by relay security and server security, respectively. For achievability, we propose an explicit linear coding scheme based on structured precoding matrices, and show that it satisfies both correctness and security requirements. The construction avoids permutation-based symmetrization by leveraging sufficiently generic matrix designs over large fields. Finally, we establish a matching converse, thereby characterizing the optimal rate region.