The Capacity of Information-Theoretic Secure Aggregation in Federated Learning
Pith reviewed 2026-06-27 20:36 UTC · model grok-4.3
The pith
The capacity region among randomness, key-distribution communication, and aggregation communication is completely characterized for information-theoretic secure aggregation with T colluding users.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
In the T-colluding secure aggregation problem with N users under a general two-phase framework consisting of a key-distribution phase via user-to-user communication followed by an update-aggregation phase, the capacity region of the triple consisting of randomness rate, key-distribution communication rate, and aggregation communication rate is completely characterized by a novel secure aggregation scheme together with a matching information-theoretic converse. An explicit deterministic construction over any finite field of size at least N achieves the region and relies only on pairwise shared keys.
What carries the argument
The novel secure aggregation scheme that generates correlated masking keys through user-to-user communication to enable privacy-preserving aggregation while attaining the boundary of the three-resource capacity region.
If this is right
- Optimal performance is attained using only pairwise shared keys, which can be realized via Diffie-Hellman key exchange.
- The scheme uses fewer random masking keys than Google's secure aggregation protocol while keeping the same aggregation communication cost.
- The construction is fully explicit and deterministic and works over finite fields of size at least N.
- The capacity region applies to arbitrary user-generated key-distribution mechanisms without prescribed group structures or trusted third parties.
Where Pith is reading between the lines
- Allowing key distribution messages to be interleaved with aggregation messages could enlarge the achievable region beyond what the two-phase separation permits.
- Replacing information-theoretic security with computational security could reduce the required randomness rate while preserving the same communication bounds.
- Because only pairwise keys suffice, the scheme may extend directly to very large N without needing higher-order correlated randomness structures.
Load-bearing premise
Key distribution occurs in a dedicated first phase exclusively through user-to-user communication, after which aggregation proceeds, and security is defined information-theoretically against any set of T colluding users.
What would settle it
A protocol that achieves a point strictly inside the claimed capacity region for the triple of randomness rate, key-distribution communication rate, and aggregation communication rate under the same two-phase user-to-user model would falsify the converse.
read the original abstract
Secure aggregation allows a server to aggregate users' local updates while preserving update privacy. Existing information-theoretic problems typically assume that correlated random keys are provided by a trusted third party (TTP) or generated via prescribed groupwise structures, while the communication cost for establishing such correlated keys is often ignored. Consequently, the fundamental limits under general key-distribution mechanisms remain unknown. In this paper, we study the $T$-colluding information-theoretic secure aggregation problem with $N$ users under a general two-phase framework consisting of a key distribution phase and an update aggregation phase. Unlike prior work, we model key distribution through user-to-user communication and allow arbitrary user-generated key-distribution mechanisms, eliminating TTP or prescribed structures. This enables a joint characterization of three resources: randomness for security, key-distribution communication, and aggregation communication. We completely characterize the capacity region among these three resources by constructing a novel secure aggregation scheme together with a matching information-theoretic converse. In particular, we develop an explicit deterministic capacity-achieving construction over any finite field of size at least $N$, whereas most existing schemes either rely on TTP or employ randomized or existential constructions over sufficiently large finite fields. We further show that the optimal performance can be achieved using only pairwise shared keys, enabling implementation via Diffie--Hellman key exchange. Compared with Google's seminal secure aggregation scheme, the proposed scheme requires fewer random masking keys while preserving the same aggregation communication overhead.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper studies the T-colluding information-theoretic secure aggregation problem with N users under a general two-phase framework (user-to-user key distribution phase followed by update aggregation phase) without a trusted third party. It claims to completely characterize the capacity region among the three resources of randomness for security, key-distribution communication, and aggregation communication via an explicit deterministic construction over any finite field of size at least N together with a matching information-theoretic converse; it further shows that the optimum is achieved using only pairwise shared keys.
Significance. If the construction and converse are correct, the result is significant because it provides the first complete three-resource capacity characterization under arbitrary user-generated key distribution (eliminating TTP or prescribed structures) with an explicit deterministic scheme rather than randomized or existential ones. The observation that pairwise keys suffice (enabling Diffie-Hellman implementation) and the comparison showing fewer random masking keys than Google's scheme while preserving aggregation communication are concrete strengths.
minor comments (2)
- [Abstract] Abstract: the claim that the scheme 'requires fewer random masking keys' than Google's would benefit from a brief quantitative comparison (e.g., number of keys per user) already in the abstract or introduction.
- [Introduction] The manuscript should clarify in the introduction whether the two-phase separation (key distribution exclusively before aggregation) is a modeling choice or a fundamental requirement; if the latter, a short remark on why interleaving is not considered would help readers.
Simulated Author's Rebuttal
We thank the referee for the positive review, the detailed summary of our contributions, and the recommendation to accept the manuscript.
Circularity Check
No significant circularity
full rationale
The paper derives its capacity region characterization via an explicit deterministic construction (achievability) over finite fields of size at least N together with a separate information-theoretic converse; these are independent arguments that do not reduce to self-referential definitions, fitted parameters renamed as predictions, or load-bearing self-citations. The two-phase model with user-to-user key distribution is stated as the problem setup rather than derived from the result itself, and the claim that pairwise keys suffice is shown constructively without circular reduction.
Axiom & Free-Parameter Ledger
axioms (1)
- standard math Standard properties of entropy, mutual information, and perfect secrecy in information theory
Reference graph
Works this paper leans on
-
[1]
Communication-efficient learning of deep networks from decentralized data,
B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” inProc. 20th Int. Conf. Artif. Intell. Stat., pp. 1273–1282, Oct. 2017
2017
-
[2]
Federated Learning: Strategies for Improving Communication Efficiency
J. Kone ˇcn`y, H. B. McMahan, F. X. Yu, P. Richtárik, A. T. Suresh, and D. Bacon, “Federated learning: Strategies for improving communication efficiency,”arXiv preprint arXiv:1610.05492, 2016
work page internal anchor Pith review Pith/arXiv arXiv 2016
-
[3]
Federated learning: Challenges, methods, and future directions,
T. Li, A. K. Sahu, A. Talwalkar, and V . Smith, “Federated learning: Challenges, methods, and future directions,”IEEE signal processing magazine, vol. 37, no. 3, pp. 50–60, 2020
2020
-
[4]
Federated machine learning: Concept and applications,
Q. Yang, Y . Liu, T. Chen, and Y . Tong, “Federated machine learning: Concept and applications,”ACM Transactions on Intelligent Systems and Technology (TIST), vol. 10, no. 2, pp. 1–19, 2019
2019
-
[5]
Model inversion attacks that exploit confidence information and basic countermeasures,
M. Fredrikson, S. Jha, and T. Ristenpart, “Model inversion attacks that exploit confidence information and basic countermeasures,” in Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 1322–1333, 2015
2015
-
[6]
Deep leakage from gradients,
L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” inAdvances in neural information processing systems, pp. 14747–14756, 2019
2019
-
[7]
Inverting gradients-how easy is it to break privacy in federated learning?,
J. Geiping, H. Bauermeister, H. Dröge, and M. Moeller, “Inverting gradients-how easy is it to break privacy in federated learning?,” in Advances in neural information processing systems, pp. 16937–16947, 2020
2020
-
[8]
Practical secure aggregation for privacy-preserving machine learning,
K. Bonawitz, V . Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth, “Practical secure aggregation for privacy-preserving machine learning,” inproceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175–1191, 2017
2017
-
[9]
Katz and Y
J. Katz and Y . Lindell,Introduction to modern cryptography: principles and protocols. Chapman and hall/CRC, 2007
2007
-
[10]
How to share a secret,
A. Shamir, “How to share a secret,”Communications of the ACM, vol. 22, no. 11, pp. 612–613, 1979
1979
-
[11]
Fastsecagg: Scalable secure aggregation for privacy-preserving federated learning,
S. Kadhe, N. Rajaraman, O. O. Koyluoglu, and K. Ramchandran, “Fastsecagg: Scalable secure aggregation for privacy-preserving federated learning,”arXiv preprint arXiv:2009.11248, 2020
-
[12]
Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning,
J. So, B. Güler, and A. S. Avestimehr, “Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning,”IEEE Journal on Selected Areas in Information Theory, vol. 2, no. 1, pp. 479–489, 2021
2021
-
[13]
Swiftagg+: Achieving asymptotically optimal communication loads in secure aggregation for federated learning,
T. Jahani-Nezhad, M. A. Maddah-Ali, S. Li, and G. Caire, “Swiftagg+: Achieving asymptotically optimal communication loads in secure aggregation for federated learning,”IEEE Journal on Selected Areas in Communications, vol. 41, no. 4, pp. 977–989, 2023
2023
-
[14]
Secure single-server aggregation with (poly) logarithmic overhead,
J. H. Bell, K. A. Bonawitz, A. Gascón, T. Lepoint, and M. Raykova, “Secure single-server aggregation with (poly) logarithmic overhead,” inProceedings of the 2020 ACM SIGSAC conference on computer and communications security, pp. 1253–1269, 2020
2020
-
[15]
Communication-computation efficient secure aggregation for federated learning,
B. Choi, J.-y. Sohn, D.-J. Han, and J. Moon, “Communication-computation efficient secure aggregation for federated learning,”arXiv preprint arXiv:2012.05433, 2020
-
[16]
Efficient dropout-resilient aggregation for privacy-preserving machine learning,
Z. Liu, J. Guo, K.-Y . Lam, and J. Zhao, “Efficient dropout-resilient aggregation for privacy-preserving machine learning,”IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1839–1854, 2022
2022
-
[17]
Aggregation service for federated learning: An efficient, secure, and more resilient realization,
Y . Zheng, S. Lai, Y . Liu, X. Yuan, X. Yi, and C. Wang, “Aggregation service for federated learning: An efficient, secure, and more resilient realization,”IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 2, pp. 988–1001, 2022
2022
-
[18]
Federated learning with autotuned communication-efficient secure aggregation,
K. Bonawitz, F. Salehi, J. Kone ˇcn`y, B. McMahan, and M. Gruteser, “Federated learning with autotuned communication-efficient secure aggregation,” in2019 53rd Asilomar Conference on Signals, Systems, and Computers, pp. 1222–1226, IEEE, 2019
2019
-
[19]
Sparsified secure aggregation for privacy-preserving federated learning,
I. Ergun, H. U. Sami, and B. Guler, “Sparsified secure aggregation for privacy-preserving federated learning,”arXiv preprint arXiv:2112.12872, 2021
-
[20]
Top-k sparsification with secure aggregation for privacy-preserving federated learning,
S. Lu, R. Li, W. Liu, C. Guan, and X. Yang, “Top-k sparsification with secure aggregation for privacy-preserving federated learning,” Computers & Security, vol. 124, p. 102993, 2023
2023
-
[21]
A survey on federated learning: challenges and applications,
J. Wen, Z. Zhang, Y . Lan, Z. Cui, J. Cai, and W. Zhang, “A survey on federated learning: challenges and applications,”International journal of machine learning and cybernetics, vol. 14, no. 2, pp. 513–535, 2023
2023
-
[22]
Privacy-preserving aggregation in federated learning: A survey,
Z. Liu, J. Guo, W. Yang, J. Fan, K.-Y . Lam, and J. Zhao, “Privacy-preserving aggregation in federated learning: A survey,”IEEE Transactions on Big Data, pp. 1–20, 2022. 33
2022
-
[23]
A survey of trustworthy federated learning: Issues, solutions, and challenges,
Y . Zhang, D. Zeng, J. Luo, X. Fu, G. Chen, Z. Xu, and I. King, “A survey of trustworthy federated learning: Issues, solutions, and challenges,”ACM Transactions on Intelligent Systems and Technology, vol. 15, no. 6, pp. 1–47, 2024
2024
-
[24]
Secure summation: Capacity region, groupwise key, and feasibility,
Y . Zhao and H. Sun, “Secure summation: Capacity region, groupwise key, and feasibility,”IEEE Transactions on Information Theory, vol. 70, no. 2, pp. 1376–1387, 2023
2023
-
[25]
Information theoretic secure aggregation with user dropouts,
Y . Zhao and H. Sun, “Information theoretic secure aggregation with user dropouts,”IEEE Transactions on Information Theory, vol. 68, no. 11, pp. 7471–7484, 2022
2022
-
[26]
Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning,
J. So, C. He, C.-S. Yang, S. Li, Q. Yu, R. E Ali, B. Guler, and S. Avestimehr, “Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning,” inProceedings of Machine Learning and Systems, pp. 694–720, 2022
2022
-
[27]
On the information theoretic secure aggregation with uncoded groupwise keys,
K. Wan, X. Yao, H. Sun, M. Ji, and G. Caire, “On the information theoretic secure aggregation with uncoded groupwise keys,”IEEE Transactions on Information Theory, vol. 70, no. 9, pp. 6596–6619, 2024
2024
-
[28]
The capacity region of information theoretic secure aggregation with uncoded groupwise keys,
K. Wan, H. Sun, M. Ji, T. Mi, and G. Caire, “The capacity region of information theoretic secure aggregation with uncoded groupwise keys,”IEEE Transactions on Information Theory, vol. 70, no. 10, pp. 6932–6949, 2024
2024
-
[29]
On secure aggregation with uncoded groupwise keys against user dropouts and user collusion,
Z. Zhang, J. Liu, K. Wan, H. Sun, M. Ji, and G. Caire, “On secure aggregation with uncoded groupwise keys against user dropouts and user collusion,”IEEE Transactions on Information Theory, vol. 71, no. 11, pp. 8391–8413, 2025
2025
-
[30]
Optimal communication and key rate region for hierarchical secure aggregation with user collusion,
X. Zhang, K. Wan, H. Sun, S. Wang, M. Ji, and G. Caire, “Optimal communication and key rate region for hierarchical secure aggregation with user collusion,”IEEE Transactions on Information Theory, vol. 72, no. 2, pp. 1030–1050, 2025
2025
-
[31]
On the fundamental limits of hierarchical secure aggregation with dropout and collusion resilience,
Z. Li, Y . Zhao, X. Zhang, and G. Caire, “On the fundamental limits of hierarchical secure aggregation with dropout and collusion resilience,” arXiv preprint arXiv:2603.19705, 2026
-
[32]
Vector linear secure aggregation,
X. Yuan and H. Sun, “Vector linear secure aggregation,” in2025 IEEE International Symposium on Information Theory (ISIT), pp. 1–6, IEEE, 2025
2025
-
[33]
On the capacity region of individual key rates in vector linear secure aggregation,
L. Hu and S. Ulukus, “On the capacity region of individual key rates in vector linear secure aggregation,”arXiv preprint arXiv:2601.03241, 2026
-
[34]
Information-theoretic decentralized secure aggregation with passive collusion resilience,
X. Zhang, Z. Li, S. Li, K. Wan, D. W. K. Ng, and G. Caire, “Information-theoretic decentralized secure aggregation with passive collusion resilience,”IEEE Journal on Selected Areas in Communications, vol. 44, pp. 4414–4428, 2026
2026
-
[35]
The capacity of collusion-resilient decentralized secure aggregation with groupwise keys,
Z. Li, X. Zhang, Y . Zhao, H. Chen, J. Fan, and G. Caire, “The capacity of collusion-resilient decentralized secure aggregation with groupwise keys,”arXiv preprint arXiv:2511.14444, 2025
-
[36]
Weakly secure summation with colluding users,
Z. Li, Y . Zhao, and H. Sun, “Weakly secure summation with colluding users,”IEEE Transactions on Information Theory, vol. 71, no. 7, pp. 5672–5683, 2025
2025
-
[37]
Z. Li, X. Zhang, J. Lv, J. Fan, H. Chen, and G. Caire, “Hierarchical secure aggregation with heterogeneous security constraints and arbitrary user collusion,”arXiv preprint arXiv:2507.14768, 2025
-
[38]
The security of practical quantum key distribution,
V . Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,”Reviews of modern physics, vol. 81, no. 3, pp. 1301–1350, 2009
2009
-
[39]
R. A. Horn and C. R. Johnson,Topics in matrix analysis. Cambridge university press, 1994
1994
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.