Information-Theoretic Decentralized Secure Aggregation with User Dropouts

TL;DR

This paper characterizes the fundamental limits of decentralized secure aggregation with user dropouts, providing optimal rate regions and a robust scheme based on MDS matrices for privacy and dropout resilience.

Contribution

It introduces the first complete characterization of the optimal communication rates for decentralized secure aggregation with user dropouts and collusion resistance.

Findings

Optimal rate region fully characterized: R1 ≥ 1, R2 ≥ 1/(U−T−1).

Proposed scheme based on correlated secret keys from MDS matrices.

Proves infeasibility when U ≤ T+1 and establishes scheme optimality.

Abstract

This paper investigates the fundamental limits of information-theoretic decentralized secure aggregation (DSA) with user dropouts. We consider a fully decentralized network where $K$ users communicate over broadcast channels without a trusted aggregation server. Each user holds a private input and aims to recover the sum of the surviving users' inputs (users may drop) while ensuring that no additional information about individual inputs is revealed to that user, even if it can collude with other users. A two-round communication protocol is considered, where we assume at least $U$ users survive and each user can collude with at most $T$ other users. For this setting, the optimal communication rate region is fully characterized: we show that DSA is infeasible if $U\le T+1$; otherwise, the optimal rate region is given by $R_1\geq 1$ and $R_2\geq \frac{1}{U-T-1}$, where $R_1$ and $R_2$ denote the first- and second-round communication rates, respectively. The proposed aggregation scheme is based on correlated secret keys constructed from $(T+1)$-private maximum distance separable (MDS) matrices, which simultaneously provide robustness against user dropouts and security against collusion. We also derive tight converse bounds that establish the optimality of the proposed scheme. Our result shows that the optimal second-round communication rate depends only on the effective redundancy level $U-T-1$ regardless the total number of users.