pith. sign in

arxiv: 2606.07277 · v1 · pith:SCS2VBP7new · submitted 2026-06-05 · 💻 cs.IT · cs.CR· cs.LG· math.IT

The Capacity of Information-Theoretic Secure Aggregation in Federated Learning

Pith reviewed 2026-06-27 20:36 UTC · model grok-4.3

classification 💻 cs.IT cs.CRcs.LGmath.IT
keywords secure aggregationfederated learninginformation-theoretic securitycapacity regionkey distributioncolluding usersfinite field constructionpairwise keys
0
0 comments X

The pith

The capacity region among randomness, key-distribution communication, and aggregation communication is completely characterized for information-theoretic secure aggregation with T colluding users.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper determines the exact tradeoffs among three resources in secure aggregation: the randomness needed for security, the communication cost of distributing keys among users, and the communication cost of aggregating model updates. It does so in a two-phase model where users first exchange keys directly with one another and then send masked updates to the server, without any trusted third party. Both an explicit achievable scheme and a matching information-theoretic converse are provided to establish the full capacity region. The construction is deterministic, works over any finite field whose size is at least the number of users, and requires only pairwise shared keys.

Core claim

In the T-colluding secure aggregation problem with N users under a general two-phase framework consisting of a key-distribution phase via user-to-user communication followed by an update-aggregation phase, the capacity region of the triple consisting of randomness rate, key-distribution communication rate, and aggregation communication rate is completely characterized by a novel secure aggregation scheme together with a matching information-theoretic converse. An explicit deterministic construction over any finite field of size at least N achieves the region and relies only on pairwise shared keys.

What carries the argument

The novel secure aggregation scheme that generates correlated masking keys through user-to-user communication to enable privacy-preserving aggregation while attaining the boundary of the three-resource capacity region.

If this is right

  • Optimal performance is attained using only pairwise shared keys, which can be realized via Diffie-Hellman key exchange.
  • The scheme uses fewer random masking keys than Google's secure aggregation protocol while keeping the same aggregation communication cost.
  • The construction is fully explicit and deterministic and works over finite fields of size at least N.
  • The capacity region applies to arbitrary user-generated key-distribution mechanisms without prescribed group structures or trusted third parties.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Allowing key distribution messages to be interleaved with aggregation messages could enlarge the achievable region beyond what the two-phase separation permits.
  • Replacing information-theoretic security with computational security could reduce the required randomness rate while preserving the same communication bounds.
  • Because only pairwise keys suffice, the scheme may extend directly to very large N without needing higher-order correlated randomness structures.

Load-bearing premise

Key distribution occurs in a dedicated first phase exclusively through user-to-user communication, after which aggregation proceeds, and security is defined information-theoretically against any set of T colluding users.

What would settle it

A protocol that achieves a point strictly inside the claimed capacity region for the triple of randomness rate, key-distribution communication rate, and aggregation communication rate under the same two-phase user-to-user model would falsify the converse.

read the original abstract

Secure aggregation allows a server to aggregate users' local updates while preserving update privacy. Existing information-theoretic problems typically assume that correlated random keys are provided by a trusted third party (TTP) or generated via prescribed groupwise structures, while the communication cost for establishing such correlated keys is often ignored. Consequently, the fundamental limits under general key-distribution mechanisms remain unknown. In this paper, we study the $T$-colluding information-theoretic secure aggregation problem with $N$ users under a general two-phase framework consisting of a key distribution phase and an update aggregation phase. Unlike prior work, we model key distribution through user-to-user communication and allow arbitrary user-generated key-distribution mechanisms, eliminating TTP or prescribed structures. This enables a joint characterization of three resources: randomness for security, key-distribution communication, and aggregation communication. We completely characterize the capacity region among these three resources by constructing a novel secure aggregation scheme together with a matching information-theoretic converse. In particular, we develop an explicit deterministic capacity-achieving construction over any finite field of size at least $N$, whereas most existing schemes either rely on TTP or employ randomized or existential constructions over sufficiently large finite fields. We further show that the optimal performance can be achieved using only pairwise shared keys, enabling implementation via Diffie--Hellman key exchange. Compared with Google's seminal secure aggregation scheme, the proposed scheme requires fewer random masking keys while preserving the same aggregation communication overhead.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The paper studies the T-colluding information-theoretic secure aggregation problem with N users under a general two-phase framework (user-to-user key distribution phase followed by update aggregation phase) without a trusted third party. It claims to completely characterize the capacity region among the three resources of randomness for security, key-distribution communication, and aggregation communication via an explicit deterministic construction over any finite field of size at least N together with a matching information-theoretic converse; it further shows that the optimum is achieved using only pairwise shared keys.

Significance. If the construction and converse are correct, the result is significant because it provides the first complete three-resource capacity characterization under arbitrary user-generated key distribution (eliminating TTP or prescribed structures) with an explicit deterministic scheme rather than randomized or existential ones. The observation that pairwise keys suffice (enabling Diffie-Hellman implementation) and the comparison showing fewer random masking keys than Google's scheme while preserving aggregation communication are concrete strengths.

minor comments (2)
  1. [Abstract] Abstract: the claim that the scheme 'requires fewer random masking keys' than Google's would benefit from a brief quantitative comparison (e.g., number of keys per user) already in the abstract or introduction.
  2. [Introduction] The manuscript should clarify in the introduction whether the two-phase separation (key distribution exclusively before aggregation) is a modeling choice or a fundamental requirement; if the latter, a short remark on why interleaving is not considered would help readers.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive review, the detailed summary of our contributions, and the recommendation to accept the manuscript.

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper derives its capacity region characterization via an explicit deterministic construction (achievability) over finite fields of size at least N together with a separate information-theoretic converse; these are independent arguments that do not reduce to self-referential definitions, fitted parameters renamed as predictions, or load-bearing self-citations. The two-phase model with user-to-user key distribution is stated as the problem setup rather than derived from the result itself, and the claim that pairwise keys suffice is shown constructively without circular reduction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The abstract relies on standard information-theoretic definitions of perfect security and capacity; no free parameters, invented entities, or ad-hoc axioms are indicated.

axioms (1)
  • standard math Standard properties of entropy, mutual information, and perfect secrecy in information theory
    Invoked to define security against T colluders and to derive the capacity region and converse bounds.

pith-pipeline@v0.9.1-grok · 5794 in / 1310 out tokens · 24886 ms · 2026-06-27T20:36:45.821865+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

39 extracted references · 8 canonical work pages · 1 internal anchor

  1. [1]

    Communication-efficient learning of deep networks from decentralized data,

    B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” inProc. 20th Int. Conf. Artif. Intell. Stat., pp. 1273–1282, Oct. 2017

  2. [2]

    Federated Learning: Strategies for Improving Communication Efficiency

    J. Kone ˇcn`y, H. B. McMahan, F. X. Yu, P. Richtárik, A. T. Suresh, and D. Bacon, “Federated learning: Strategies for improving communication efficiency,”arXiv preprint arXiv:1610.05492, 2016

  3. [3]

    Federated learning: Challenges, methods, and future directions,

    T. Li, A. K. Sahu, A. Talwalkar, and V . Smith, “Federated learning: Challenges, methods, and future directions,”IEEE signal processing magazine, vol. 37, no. 3, pp. 50–60, 2020

  4. [4]

    Federated machine learning: Concept and applications,

    Q. Yang, Y . Liu, T. Chen, and Y . Tong, “Federated machine learning: Concept and applications,”ACM Transactions on Intelligent Systems and Technology (TIST), vol. 10, no. 2, pp. 1–19, 2019

  5. [5]

    Model inversion attacks that exploit confidence information and basic countermeasures,

    M. Fredrikson, S. Jha, and T. Ristenpart, “Model inversion attacks that exploit confidence information and basic countermeasures,” in Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 1322–1333, 2015

  6. [6]

    Deep leakage from gradients,

    L. Zhu, Z. Liu, and S. Han, “Deep leakage from gradients,” inAdvances in neural information processing systems, pp. 14747–14756, 2019

  7. [7]

    Inverting gradients-how easy is it to break privacy in federated learning?,

    J. Geiping, H. Bauermeister, H. Dröge, and M. Moeller, “Inverting gradients-how easy is it to break privacy in federated learning?,” in Advances in neural information processing systems, pp. 16937–16947, 2020

  8. [8]

    Practical secure aggregation for privacy-preserving machine learning,

    K. Bonawitz, V . Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth, “Practical secure aggregation for privacy-preserving machine learning,” inproceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175–1191, 2017

  9. [9]

    Katz and Y

    J. Katz and Y . Lindell,Introduction to modern cryptography: principles and protocols. Chapman and hall/CRC, 2007

  10. [10]

    How to share a secret,

    A. Shamir, “How to share a secret,”Communications of the ACM, vol. 22, no. 11, pp. 612–613, 1979

  11. [11]

    Fastsecagg: Scalable secure aggregation for privacy-preserving federated learning,

    S. Kadhe, N. Rajaraman, O. O. Koyluoglu, and K. Ramchandran, “Fastsecagg: Scalable secure aggregation for privacy-preserving federated learning,”arXiv preprint arXiv:2009.11248, 2020

  12. [12]

    Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning,

    J. So, B. Güler, and A. S. Avestimehr, “Turbo-aggregate: Breaking the quadratic aggregation barrier in secure federated learning,”IEEE Journal on Selected Areas in Information Theory, vol. 2, no. 1, pp. 479–489, 2021

  13. [13]

    Swiftagg+: Achieving asymptotically optimal communication loads in secure aggregation for federated learning,

    T. Jahani-Nezhad, M. A. Maddah-Ali, S. Li, and G. Caire, “Swiftagg+: Achieving asymptotically optimal communication loads in secure aggregation for federated learning,”IEEE Journal on Selected Areas in Communications, vol. 41, no. 4, pp. 977–989, 2023

  14. [14]

    Secure single-server aggregation with (poly) logarithmic overhead,

    J. H. Bell, K. A. Bonawitz, A. Gascón, T. Lepoint, and M. Raykova, “Secure single-server aggregation with (poly) logarithmic overhead,” inProceedings of the 2020 ACM SIGSAC conference on computer and communications security, pp. 1253–1269, 2020

  15. [15]

    Communication-computation efficient secure aggregation for federated learning,

    B. Choi, J.-y. Sohn, D.-J. Han, and J. Moon, “Communication-computation efficient secure aggregation for federated learning,”arXiv preprint arXiv:2012.05433, 2020

  16. [16]

    Efficient dropout-resilient aggregation for privacy-preserving machine learning,

    Z. Liu, J. Guo, K.-Y . Lam, and J. Zhao, “Efficient dropout-resilient aggregation for privacy-preserving machine learning,”IEEE Transactions on Information Forensics and Security, vol. 18, pp. 1839–1854, 2022

  17. [17]

    Aggregation service for federated learning: An efficient, secure, and more resilient realization,

    Y . Zheng, S. Lai, Y . Liu, X. Yuan, X. Yi, and C. Wang, “Aggregation service for federated learning: An efficient, secure, and more resilient realization,”IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 2, pp. 988–1001, 2022

  18. [18]

    Federated learning with autotuned communication-efficient secure aggregation,

    K. Bonawitz, F. Salehi, J. Kone ˇcn`y, B. McMahan, and M. Gruteser, “Federated learning with autotuned communication-efficient secure aggregation,” in2019 53rd Asilomar Conference on Signals, Systems, and Computers, pp. 1222–1226, IEEE, 2019

  19. [19]

    Sparsified secure aggregation for privacy-preserving federated learning,

    I. Ergun, H. U. Sami, and B. Guler, “Sparsified secure aggregation for privacy-preserving federated learning,”arXiv preprint arXiv:2112.12872, 2021

  20. [20]

    Top-k sparsification with secure aggregation for privacy-preserving federated learning,

    S. Lu, R. Li, W. Liu, C. Guan, and X. Yang, “Top-k sparsification with secure aggregation for privacy-preserving federated learning,” Computers & Security, vol. 124, p. 102993, 2023

  21. [21]

    A survey on federated learning: challenges and applications,

    J. Wen, Z. Zhang, Y . Lan, Z. Cui, J. Cai, and W. Zhang, “A survey on federated learning: challenges and applications,”International journal of machine learning and cybernetics, vol. 14, no. 2, pp. 513–535, 2023

  22. [22]

    Privacy-preserving aggregation in federated learning: A survey,

    Z. Liu, J. Guo, W. Yang, J. Fan, K.-Y . Lam, and J. Zhao, “Privacy-preserving aggregation in federated learning: A survey,”IEEE Transactions on Big Data, pp. 1–20, 2022. 33

  23. [23]

    A survey of trustworthy federated learning: Issues, solutions, and challenges,

    Y . Zhang, D. Zeng, J. Luo, X. Fu, G. Chen, Z. Xu, and I. King, “A survey of trustworthy federated learning: Issues, solutions, and challenges,”ACM Transactions on Intelligent Systems and Technology, vol. 15, no. 6, pp. 1–47, 2024

  24. [24]

    Secure summation: Capacity region, groupwise key, and feasibility,

    Y . Zhao and H. Sun, “Secure summation: Capacity region, groupwise key, and feasibility,”IEEE Transactions on Information Theory, vol. 70, no. 2, pp. 1376–1387, 2023

  25. [25]

    Information theoretic secure aggregation with user dropouts,

    Y . Zhao and H. Sun, “Information theoretic secure aggregation with user dropouts,”IEEE Transactions on Information Theory, vol. 68, no. 11, pp. 7471–7484, 2022

  26. [26]

    Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning,

    J. So, C. He, C.-S. Yang, S. Li, Q. Yu, R. E Ali, B. Guler, and S. Avestimehr, “Lightsecagg: a lightweight and versatile design for secure aggregation in federated learning,” inProceedings of Machine Learning and Systems, pp. 694–720, 2022

  27. [27]

    On the information theoretic secure aggregation with uncoded groupwise keys,

    K. Wan, X. Yao, H. Sun, M. Ji, and G. Caire, “On the information theoretic secure aggregation with uncoded groupwise keys,”IEEE Transactions on Information Theory, vol. 70, no. 9, pp. 6596–6619, 2024

  28. [28]

    The capacity region of information theoretic secure aggregation with uncoded groupwise keys,

    K. Wan, H. Sun, M. Ji, T. Mi, and G. Caire, “The capacity region of information theoretic secure aggregation with uncoded groupwise keys,”IEEE Transactions on Information Theory, vol. 70, no. 10, pp. 6932–6949, 2024

  29. [29]

    On secure aggregation with uncoded groupwise keys against user dropouts and user collusion,

    Z. Zhang, J. Liu, K. Wan, H. Sun, M. Ji, and G. Caire, “On secure aggregation with uncoded groupwise keys against user dropouts and user collusion,”IEEE Transactions on Information Theory, vol. 71, no. 11, pp. 8391–8413, 2025

  30. [30]

    Optimal communication and key rate region for hierarchical secure aggregation with user collusion,

    X. Zhang, K. Wan, H. Sun, S. Wang, M. Ji, and G. Caire, “Optimal communication and key rate region for hierarchical secure aggregation with user collusion,”IEEE Transactions on Information Theory, vol. 72, no. 2, pp. 1030–1050, 2025

  31. [31]

    On the fundamental limits of hierarchical secure aggregation with dropout and collusion resilience,

    Z. Li, Y . Zhao, X. Zhang, and G. Caire, “On the fundamental limits of hierarchical secure aggregation with dropout and collusion resilience,” arXiv preprint arXiv:2603.19705, 2026

  32. [32]

    Vector linear secure aggregation,

    X. Yuan and H. Sun, “Vector linear secure aggregation,” in2025 IEEE International Symposium on Information Theory (ISIT), pp. 1–6, IEEE, 2025

  33. [33]

    On the capacity region of individual key rates in vector linear secure aggregation,

    L. Hu and S. Ulukus, “On the capacity region of individual key rates in vector linear secure aggregation,”arXiv preprint arXiv:2601.03241, 2026

  34. [34]

    Information-theoretic decentralized secure aggregation with passive collusion resilience,

    X. Zhang, Z. Li, S. Li, K. Wan, D. W. K. Ng, and G. Caire, “Information-theoretic decentralized secure aggregation with passive collusion resilience,”IEEE Journal on Selected Areas in Communications, vol. 44, pp. 4414–4428, 2026

  35. [35]

    The capacity of collusion-resilient decentralized secure aggregation with groupwise keys,

    Z. Li, X. Zhang, Y . Zhao, H. Chen, J. Fan, and G. Caire, “The capacity of collusion-resilient decentralized secure aggregation with groupwise keys,”arXiv preprint arXiv:2511.14444, 2025

  36. [36]

    Weakly secure summation with colluding users,

    Z. Li, Y . Zhao, and H. Sun, “Weakly secure summation with colluding users,”IEEE Transactions on Information Theory, vol. 71, no. 7, pp. 5672–5683, 2025

  37. [37]

    Hierarchical secure aggregation with heterogeneous security constraints and arbitrary user collusion,

    Z. Li, X. Zhang, J. Lv, J. Fan, H. Chen, and G. Caire, “Hierarchical secure aggregation with heterogeneous security constraints and arbitrary user collusion,”arXiv preprint arXiv:2507.14768, 2025

  38. [38]

    The security of practical quantum key distribution,

    V . Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,”Reviews of modern physics, vol. 81, no. 3, pp. 1301–1350, 2009

  39. [39]

    R. A. Horn and C. R. Johnson,Topics in matrix analysis. Cambridge university press, 1994