Information-Theoretic Secure Aggregation in Decentralized Networks
Xiang Zhang, Zhou Li, Shuangyang Li, Kai Wan, Derrick Wing Kwan Ng, Giuseppe Caire
TL;DR
This work analyzes information-theoretic decentralized secure aggregation (DSA) for a fully connected K-user network where each user holds a private input $W_k$ and aims to compute the sum $\sum_{k=1}^K W_k$ without revealing individual inputs, even under collusion of up to $T$ users. It proposes a linear aggregation scheme based on a source key $Z_{\Sigma}$ and individual keys $Z_k$, achieving per-user communication rate $R_X=1$, individual key rate $R_Z=1$, and source-key rate $R_{Z_{\Sigma}}=K-1$, and proves these rates are necessary via information-theoretic lower bounds. The main result shows the optimal rate region is ${\cal R}^* = { (R_X,R_Z,R_{Z_{\Sigma}}) : R_X \ge 1, R_Z \ge 1, R_{Z_{\Sigma}} \ge K-1 }$ for the nontrivial regime $K\ge 3$ and $T\le K-3$. The findings illuminate fundamental limits for secure and communication-efficient distributed learning in decentralized networks and guide design of provably secure aggregation protocols.
Abstract
Motivated by the increasing demand for data security in decentralized federated learning (FL) and stochastic optimization, we formulate and investigate the problem of information-theoretic \emph{decentralized secure aggregation} (DSA). Specifically, we consider a network of $K$ interconnected users, each holding a private input, representing, for example, local model updates in FL, who aim to simultaneously compute the sum of all inputs while satisfying the security requirement that no user, even when colluding with up to $T$ others, learns anything beyond the intended sum. We characterize the optimal rate region, which specifies the minimum achievable communication and secret key rates for DSA. In particular, we show that to securely compute one bit of the desired input sum, each user must (i) transmit at least one bit to all other users, (ii) hold at least one bit of secret key, and (iii) all users must collectively hold no fewer than $K - 1$ independent key bits. Our result establishes the fundamental performance limits of DSA and offers insights into the design of provably secure and communication-efficient protocols for distributed learning systems.
