$\mathsf{OPA}$: One-shot Private Aggregation with Single Client Interaction and its Applications to Federated Learning

TL;DR

This work introduces One-shot Private Aggregation (OPA), a secure aggregation primitive enabling a single server to compute sums of client inputs with only one communication round per participant by leveraging ephemeral, stateless committees. It provides two primary construction paths, based on seed-homomorphic PRGs (LWR and LWE) and an alternative threshold KHPRF/the CL framework, along with a non-leakage variant (OPA') and malicious-security with abort. The paper demonstrates substantial asymptotic and practical gains over prior multi-round schemes in Federated Learning, including reduced round complexity, logarithmic user communication, and dynamic participation without offline setup, backed by extensive experiments on logistic regression and multi-dataset MLP training. It also discusses integrating OPA with FL techniques like FedOpt and bRSA to handle data heterogeneity and poisoning, and provides a detailed security/verification framework using lattice-based primitives and SCRAPE-like input-validation techniques. The results suggest OPA enables scalable, privacy-preserving FL with minimal interaction, offering meaningful improvements in real-world privacy-preserving analytics and ML applications.

Abstract

Our work aims to minimize interaction in secure computation due to the high cost and challenges associated with communication rounds, particularly in scenarios with many clients. In this work, we revisit the problem of secure aggregation in the single-server setting where a single evaluation server can securely aggregate client-held individual inputs. Our key contribution is the introduction of One-shot Private Aggregation ($\mathsf{OPA}$) where clients speak only once (or even choose not to speak) per aggregation evaluation. Since each client communicates only once per aggregation, this simplifies managing dropouts and dynamic participation, contrasting with multi-round protocols and aligning with plaintext secure aggregation, where clients interact only once. We construct $\mathsf{OPA}$ based on LWR, LWE, class groups, DCR and demonstrate applications to privacy-preserving Federated Learning (FL) where clients \emph{speak once}. This is a sharp departure from prior multi-round FL protocols whose study was initiated by Bonawitz et al. (CCS, 2017). Moreover, unlike the YOSO (You Only Speak Once) model for general secure computation, $\mathsf{OPA}$ eliminates complex committee selection protocols to achieve adaptive security. Beyond asymptotic improvements, $\mathsf{OPA}$ is practical, outperforming state-of-the-art solutions. We benchmark logistic regression classifiers for two datasets, while also building an MLP classifier to train on MNIST, CIFAR-10, and CIFAR-100 datasets. We build two flavors of $\caps$ (1) from (threshold) key homomorphic PRF and (2) from seed homomorphic PRG and secret sharing.

Figures (11)

• Figure 1: $\mathsf{OPA}$ communication model and summarized contributions.
• Figure 2: Our Construction of $\mathsf{OPA}$ built from $\mathsf{PRG}=(\mathsf{PRG}.\mathsf{Gen},\mathsf{PRG}.\mathsf{Expand})$ with key space $\mathcal{K}=\mathbb{Z}_q^\lambda$ (Construction \ref{['cons:shprg-lwr']}) and the $(\mathsf{t},\mathsf{r},\mathsf{m})$-secret sharing scheme $\mathsf{SS}=(\mathsf{SS}.\mathsf{Share}, \mathsf{SS}.\mathsf{Reconstruct})$ (Construction \ref{['cons:pssf']}). Here, $\mathsf{Encode}(\boldsymbol{\mathsf{x}}_{i,\mathsf{\ell}}):=\Delta\cdot \boldsymbol{\mathsf{x}}_{i,\mathsf{\ell}}+{\hbox{\bf r}}_i+2^{\kappa_s}$ and $\mathsf{Decode} (X_i):=\lceil{X_i/\Delta}\rceil-1$ with $\Delta=2^{\kappa_s}\cdot n$ and ${\hbox{\bf r}}_i{\:{\leftarrow{\space\raisebox{.75pt}{$\$$}}}\:} \left\{ 0,\ldots,2^{\kappa_s}-1 \right\}^L$ for statistical security parameter $\kappa_s$ and $\delta$ is the protocol's dropout parameter. The lines are for security against an active server. The second mask $\boldsymbol{\mathsf{mask}}_{i,\mathsf{\ell}}'$, as the output of a $\texttt{H}$ is for simulation proof, for an active server. We will model $\texttt{H}$ as a programmable random oracle.
• Figure 3: We plot the total client and server running time as a function of client count across various protocols. Our running time includes both computation and communication time. Here, $\delta$ indicates the offline rate and $\mathsf{m}$ is used to parametrize the number of parties each client has to communicate with (i.e., number of neighbors or committee size). In all our experiments on MicroSecAgg GPSBB22, the clients' maximum input is $10^4$. The running time of the committee members are added to the Client's running time in $\mathsf{OPA}_\texttt{LWR}$.
• Figure 4: Client and Server Computation Time as a function of client count across different algorithms.
• Figure 5: We plot the total client and server running time as a function of client count across various protocols. Our running time includes both computation and communication time. Here, $\delta=0$ indicates the offline rate and $\mathsf{m}$ is used to parametrize the number of parties each client has to communicate with (i.e., number of neighbors or committee size) and $L=1000$. In all our experiments on MicroSecAgg GPSBB22, the clients' maximum input is $10^4$. The running time of the committee members are added to the Client's running time in $\mathsf{OPA}_\texttt{LWR}$.

Theorems & Definitions (42)

• Definition 1: Hypergeometric Distribution
• Definition 2: Learning with Rounding
• Definition 3: Learning with Errors Assumption (LWE)
• Definition 4: Hint-LWE ACISP:CKKLSS21EC:DKLLMR23
• Definition 5: Seed Homomorphic PRG (SHPRG)
• Theorem 1: PRG Security of Construction \ref{['cons:shprg-lwr']}
• Theorem 2: Leakage Resilience of Construction \ref{['cons:shprg-lwr']}
• proof
• Remark 1: Construction based on Ring-LWE
• Theorem 3