arxiv: 2604.26344 · v1 · submitted 2026-04-29 · 💻 cs.IT · math.IT

Recognition: unknown

On the Capacity of Hierarchical Secure Aggregation with Groupwise Keys

Minyang Lu , Zhou Li , Haiqiang Chen , Min Xie

Authors on Pith no claims yet

Pith reviewed 2026-05-07 12:52 UTC · model grok-4.3

classification 💻 cs.IT math.IT

keywords secure aggregationgroupwise keysrate regionlinear codingrelay securityserver securityhierarchical networksinformation theoretic security

0 comments

The pith

For hierarchical secure aggregation with groupwise keys shared among every G users, the optimal rate region is fully characterized when G exceeds 1, requiring each user and relay to transmit at rate 1 with a minimum key rate given by a max-

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper studies secure aggregation in a hierarchical network with an aggregation server, U relays each connected to V users, and independent keys shared by every group of G users. It proves the problem is impossible when G equals 1 but feasible for larger G, where both users and relays must each send one symbol per input symbol to meet the security constraints against relays and the server. The minimum groupwise key rate is the maximum of two expressions involving binomial coefficients that count the ways groups can be chosen to enforce the respective security conditions. An explicit linear coding construction using structured precoding matrices over large fields achieves the bound, and a matching converse shows it is optimal.

Core claim

In the hierarchical secure aggregation problem with groupwise keys, when 1 < G ≤ UV, the optimal rate region is achieved when each user transmits at rate 1, each relay transmits at rate 1, and the groupwise key rate is at least max{V / (binomial(UV,G) - binomial((U-1)V,G)), (U-1) / (binomial(UV,G) - U binomial(V,G))}. This is realized by a linear coding scheme with structured precoding matrices over sufficiently large fields that ensures both relay security (no info to relays) and server security (only the sum to the server), with a matching information-theoretic converse proving optimality.

What carries the argument

Groupwise keys shared among every subset of G users, combined with a linear coding scheme that uses structured precoding matrices over large fields to enforce correctness and the two security conditions.

Load-bearing premise

The achievability relies on sufficiently generic matrix designs over large fields to satisfy security without permutation-based symmetrization.

What would settle it

For G=1, check whether any scheme with finite rates can satisfy both relay security and server security; or, for small parameters such as U=2, V=2, G=2, verify whether any scheme achieves a groupwise key rate below the predicted max value of 2/5.

Figures

Figures reproduced from arXiv: 2604.26344 by Haiqiang Chen, Min Xie, Minyang Lu, Zhou Li.

**Figure 1.** Figure 1: The hierarchical secure aggregation method with (U, V, G) = (2, 2, 2). In this figure, there is a aggregation server and two relays. Each relay is connected to two users. G = 2 means that every 2 users share an equal-sized independent key. Notation: Bold capital letters, bold lowercase letters, and calligraphic fonts will be used to denote arrays, vectors, and sets, respectively. For positive integers K1, … view at source ↗

read the original abstract

We study the hierarchical secure aggregation problem with groupwise keys. The problem consists of an aggregation server, $U$ relays, and $UV$ users, where each relay serves $V$ disjoint users, and each subset of $G$ users shares an independent groupwise key. Two security requirements are imposed: relay security and server security. Specifically, each relay must not learn any information about the users' inputs, and the server must not learn any additional information beyond the recovered sum of all inputs. We first show that the problem is infeasible when $G = 1$. For the feasible regime $1 < G \le UV$, we fully characterize the optimal rate region. In particular, we prove that both each user and each relay must transmit at least one symbol per input symbol. Furthermore, we characterize the minimum required groupwise key rate as $\max\left\{\frac{V}{\binom{UV}{G} - \binom{(U-1)V}{G}},\; \frac{U - 1}{\binom{UV}{G} - U \binom{V}{G}}\right\},$ where the two terms correspond to the constraints imposed by relay security and server security, respectively. For achievability, we propose an explicit linear coding scheme based on structured precoding matrices, and show that it satisfies both correctness and security requirements. The construction avoids permutation-based symmetrization by leveraging sufficiently generic matrix designs over large fields. Finally, we establish a matching converse, thereby characterizing the optimal rate region.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper pins down the full rate region for hierarchical secure aggregation once groupwise keys are added, with matching linear scheme and converse, though the generic-matrix construction for security is the part that needs the most checking.

read the letter

The main thing here is a clean capacity result for this hierarchical setup with groupwise keys. For G > 1 the authors show that users and relays each transmit at least one symbol per input symbol and that the minimum groupwise key rate is exactly the max of those two binomial expressions, one from relay security and one from server security. They also prove the problem is impossible when G = 1. That gives a tight characterization rather than just bounds.

Referee Report

2 major / 2 minor

Summary. The manuscript studies the hierarchical secure aggregation problem with groupwise keys, consisting of an aggregation server, U relays each serving V disjoint users, and independent groupwise keys shared by every subset of G users. It shows the problem is infeasible for G=1. For the regime 1 < G ≤ UV, it fully characterizes the optimal rate region: each user and each relay must transmit at least one symbol per input symbol, and the minimum groupwise key rate is max{V / (binomial(UV,G) - binomial((U-1)V,G)), (U-1) / (binomial(UV,G) - U binomial(V,G))}. Achievability is via an explicit linear coding scheme with structured precoding matrices over large fields that avoids permutation symmetrization, and a matching converse is established.

Significance. If the results hold, the work delivers a complete capacity characterization for this hierarchical secure aggregation setting with partial key sharing, which is a meaningful advance in secure distributed computation over networks. The explicit linear scheme and matching converse, together with the combinatorial derivation of the key-rate bound, constitute clear strengths that provide both constructive and optimality insights.

major comments (2)

[Achievability] Achievability section: the claim that sufficiently generic structured precoding matrices over large fields exist and enforce exact security (no information leakage to relays about individual inputs; server learns only the sum) for every G-subset relies on linear-independence conditions across all binomial(UV,G) groups. This is load-bearing for matching the converse and the claimed optimality, yet the manuscript provides no explicit field-size bound or constructive verification that such matrices exist for arbitrary (U,V,G) in the feasible regime without the field size growing with the number of groups.
[Converse] Converse section: the lower bound on the groupwise key rate is derived from combinatorial counting of the security constraints imposed by the two terms in the max expression. This counting must be shown to be tight against the specific linear dependence relations enforced by the structured precoding matrices in the achievability scheme; otherwise the claimed equality between achievable and converse rates does not hold.

minor comments (2)

[Preliminaries] The notation for the rate region (user rate, relay rate, key rate) and the precise definition of 'symbol per input symbol' should be stated once in a dedicated preliminary section to avoid repeated implicit references.
[System Model] Figure captions and the description of the hierarchical topology would benefit from an explicit small-scale example (e.g., U=2, V=2, G=2) to illustrate the groupwise key sharing pattern.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the thorough review and valuable feedback on our manuscript. We address each major comment point by point below. We will revise the manuscript to incorporate additional details and clarifications where needed to strengthen the presentation.

read point-by-point responses

Referee: [Achievability] Achievability section: the claim that sufficiently generic structured precoding matrices over large fields exist and enforce exact security (no information leakage to relays about individual inputs; server learns only the sum) for every G-subset relies on linear-independence conditions across all binomial(UV,G) groups. This is load-bearing for matching the converse and the claimed optimality, yet the manuscript provides no explicit field-size bound or constructive verification that such matrices exist for arbitrary (U,V,G) in the feasible regime without the field size growing with the number of groups.

Authors: We agree that an explicit field-size bound would strengthen the achievability result. In the manuscript, existence is shown via the probabilistic method over sufficiently large fields, where the bad events (failure of linear independence for each G-subset) have probability that can be union-bounded. We will revise the paper to derive and state an explicit bound on the field size q, specifically q larger than a polynomial in the parameters (U,V,G) derived from the union bound over binom(UV,G) conditions. This ensures existence for any fixed U,V,G without exponential growth in the number of groups. The revision will make this bound explicit. revision: yes
Referee: [Converse] Converse section: the lower bound on the groupwise key rate is derived from combinatorial counting of the security constraints imposed by the two terms in the max expression. This counting must be shown to be tight against the specific linear dependence relations enforced by the structured precoding matrices in the achievability scheme; otherwise the claimed equality between achievable and converse rates does not hold.

Authors: The converse bound is derived from general mutual information inequalities that hold for arbitrary coding schemes (linear or nonlinear) satisfying the relay and server security constraints. The two combinatorial terms count the minimum number of independent groupwise key symbols needed to satisfy all security conditions. Our structured linear scheme is explicitly constructed to meet every security condition with a groupwise key rate exactly equal to the max of these terms. Since the scheme achieves the information-theoretic lower bound, the rates match and the equality holds. The precoding matrices are designed so their linear dependencies do not permit a lower key rate (which would contradict the converse). We will add a clarifying remark in the revision to explicitly link the achievability construction to the converse counting. revision: partial

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained.

full rationale

The paper establishes the optimal rate region via an independent converse (information-theoretic lower bounds on user/relay rates plus combinatorial counting for the groupwise key rate expression) and a separate achievability proof (explicit linear scheme with generic matrices over large fields). The key-rate formula arises directly from counting the number of G-subsets that impose independent security constraints for relays versus the server; it does not reduce to any fitted parameter, self-definition, or self-citation chain. No load-bearing step equates a claimed result to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper relies on standard finite-field linear algebra and the existence of sufficiently generic matrices over large fields; no free parameters or invented entities are introduced in the abstract.

axioms (1)

domain assumption Existence of sufficiently generic matrices over large enough fields that satisfy the required security properties without explicit permutation symmetrization.
Invoked in the achievability construction to ensure both correctness and security.

pith-pipeline@v0.9.0 · 5573 in / 1183 out tokens · 203185 ms · 2026-05-07T12:52:21.246496+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

22 extracted references · 8 canonical work pages · 1 internal anchor

[1]

MDS Array Codes with Independent Parity Symbols,

M. Blaum, J. Bruck, and A. Vardy, “MDS Array Codes with Independent Parity Symbols,”IEEE Transactions on Information Theory, vol. 42, no. 2, pp. 529–542, 1996

1996
[2]

A Survey on Network Codes for Distributed Storage,

A. G. Dimakis, K. Ramchandran, Y . Wu, and C. Suh, “A Survey on Network Codes for Distributed Storage,”Proceedings of the IEEE, vol. 99, pp. 476–489, 2011

2011
[3]

Codes for Distributed Storage,

V . Ramkumar, M. Vajha, S. B. Balaji, M. N. Krishnan, B. Sasidharan, and P. V . Kumar, “Codes for Distributed Storage,” inConcise Encyclo- pedia of Coding Theory. Chapman and Hall/CRC, 2021, pp. 735–762

2021
[4]

Federated Learning: Strategies for Improving Communication Efficiency

J. Konecn `y, H. B. McMahan, F. X. Yu, P. Richt ´arik, A. T. Suresh, and D. Bacon, “Federated learning: Strategies for improving communication efficiency,”arXiv preprint arXiv:1610.05492, vol. 8, 2016

work page internal anchor Pith review arXiv 2016
[5]

Advances and open problems in federated learning,

P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. N. Bhagoji, K. Bonawitz, Z. Charles, G. Cormode, R. Cummingset al., “Advances and open problems in federated learning,”Foundations and trends® in machine learning, vol. 14, no. 1–2, pp. 1–210, 2021

2021
[6]

The future of digital health with federated learning,

N. Rieke, J. Hancox, W. Li, F. Milletari, H. R. Roth, S. Albarqouni, S. Bakas, M. N. Galtier, B. A. Landman, K. Maier-Heinet al., “The future of digital health with federated learning,”NPJ digital medicine, vol. 3, no. 1, pp. 1–7, 2020

2020
[7]

Information theoretic secure aggregation with user dropouts,

Y . Zhao and H. Sun, “Information theoretic secure aggregation with user dropouts,”IEEE Transactions on Information Theory, vol. 68, no. 11, pp. 7471–7484, 2022

2022
[8]

Secure summation: Capacity region, groupwise key, and feasi- bility,

——, “Secure summation: Capacity region, groupwise key, and feasi- bility,”IEEE Transactions on Information Theory, 2023

2023
[9]

Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning,

J. So, C. He, C.-S. Yang, S. Li, Q. Yu, R. E Ali, B. Guler, and S. Avestimehr, “Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning,”Proceedings of Machine Learning and Systems, vol. 4, pp. 694–720, 2022

2022
[10]

On the information theoretic secure aggregation with uncoded groupwise keys,

K. Wan, X. Yao, H. Sun, M. Ji, and G. Caire, “On the information theoretic secure aggregation with uncoded groupwise keys,”IEEE Trans- actions on Information Theory, 2024

2024
[11]

The capacity region of information theoretic secure aggregation with uncoded groupwise keys,

K. Wan, H. Sun, M. Ji, T. Mi, and G. Caire, “The capacity region of information theoretic secure aggregation with uncoded groupwise keys,” IEEE Transactions on Information Theory, 2024

2024
[12]

The capacity of collusion-resilient decentralized secure aggregation with groupwise keys,

Z. Li, X. Zhang, Y . Zhao, H. Chen, J. Fan, and G. Caire, “The capacity of collusion-resilient decentralized secure aggregation with groupwise keys,”arXiv preprint arXiv:2511.14444, 2025

work page arXiv 2025
[13]

Information-theoretic decentralized secure aggregation with collusion resilience,

X. Zhang, Z. Li, S. Li, K. Wan, D. W. K. Ng, and G. Caire, “Information- theoretic decentralized secure aggregation with collusion resilience,” arXiv preprint arXiv:2508.00596, 2025

work page arXiv 2025
[14]

Optimal key rates for decentralized secure aggregation with arbitrary collusion and heterogeneous security constraints,

Z. Li, X. Zhang, and G. Caire, “Optimal key rates for decentralized secure aggregation with arbitrary collusion and heterogeneous security constraints,”arXiv preprint arXiv:2512.16112, 2025

work page arXiv 2025
[15]

Optimal communication and key rate region for hierarchical secure aggregation with user collusion,

X. Zhang, K. Wan, H. Sun, S. Wang, M. Ji, and G. Caire, “Optimal communication and key rate region for hierarchical secure aggregation with user collusion,”arXiv preprint arXiv:2410.14035, 2024

work page arXiv 2024
[16]

Optimal rate region for key efficient hierarchical secure aggrega- tion with user collusion,

——, “Optimal rate region for key efficient hierarchical secure aggrega- tion with user collusion,” in2024 IEEE Information Theory Workshop (ITW), 2024, pp. 573–578

2024
[17]

Private aggregation in hierarchical wireless federated learning with partial and full collusion,

M. Egger, C. Hofmeister, A. Wachter-Zeh, and R. Bitar, “Private aggregation in hierarchical wireless federated learning with partial and full collusion,” 2024. [Online]. Available: https://arxiv.org/abs/2306. 14088

2024
[18]

2025 , journal =

X. Zhang, Z. Li, K. Wan, H. Sun, M. Ji, and G. Caire, “Fundamental limits of hierarchical secure aggregation with cyclic user association,” arXiv preprint arXiv:2503.04564, 2025

work page arXiv 2025
[19]

Communication-efficient hierarchical secure aggregation with cyclic user association,

——, “Communication-efficient hierarchical secure aggregation with cyclic user association,” in2025 IEEE International Symposium on Information Theory (ISIT), 2025, pp. 1–6

2025
[21]

Private aggregation in wireless federated learning with heterogeneous clusters,

M. Egger, C. Hofmeister, A. Wachter-Zeh, and R. Bitar, “Private aggregation in wireless federated learning with heterogeneous clusters,” in2023 IEEE International Symposium on Information Theory (ISIT). IEEE, 2023, pp. 54–59

2023
[22]

Capacity of hierarchical secure coded gradient aggregation with straggling communication links,

Q. Lu, J. Cheng, W. Kang, and N. Liu, “Capacity of hierarchical secure coded gradient aggregation with straggling communication links,”arXiv preprint arXiv:2412.11496, 2024

work page arXiv 2024
[23]

Hierarchical secure aggregation with heterogeneous security constraints and arbitrary user collusion,

Z. Li, X. Zhang, J. Lv, H. Chen, J. Fan, and G. Caire, “Hierarchical secure aggregation with heterogeneous security constraints and arbitrary user collusion,”arXiv preprint arXiv:2507.14768, 2025

work page arXiv 2025