Communication-Efficient Secure Aggregation

Updated 24 December 2025

Communication-efficient secure aggregation is a class of protocols for privacy-preserving model aggregation that minimizes per-user and server communication using cryptographic and network-coding methods.
CESA leverages sparse secret-sharing graphs, hierarchical relay models, and one-shot communication schemes to significantly reduce communication costs in large-scale federated learning.
These protocols offer dropout resilience and robust security against collusions while integrating compression and quantization techniques for efficient high-dimensional data aggregation.

Communication-efficient secure aggregation (CESA) encompasses a class of protocols and constructions for privacy-preserving model aggregation in federated and distributed learning, with an explicit focus on minimizing communication overhead per participant and per server. These protocols combine cryptographic, information-theoretic, and network-coding tools to allow aggregation of user-supplied updates (e.g., stochastic gradients or model weights) without exposing any individual’s contribution—while sharply reducing per-user and system bandwidth relative to classic secure aggregation such as SecAgg. CESA is of particular importance in large-scale cross-device federated learning, resource-constrained edge environments, and high-dimensional learning scenarios.

1. Architectural Principles and Models

Communication-efficient secure aggregation protocols are motivated by the scaling bottlenecks of classic solutions such as Bonawitz et al.’s SecAgg, where per-user communication and computation grow linearly in the number of participants $N$ , and server-side costs can increase quadratically. CESA minimizes these costs via the following key design patterns:

Sparse or Pairwise Secret-Sharing Graphs: Instead of all-to-all secret sharing, clients only establish key agreements and/or exchange Shamir shares with a logarithmic or constant number of other clients, e.g., as in sparse Erdős–Rényi graphs (Choi et al., 2020) or ring/chain topologies (Nazemi et al., 3 Sep 2024).
Hierarchical or Two-tier Aggregation: Many methods exploit a user–relay–server architecture, where user updates are masked and aggregated at relay nodes before reaching the server. This supports key pre-aggregation and reduces bottleneck hop traffic (Xu et al., 25 Nov 2025, Li et al., 19 Jul 2025).
One-Shot or Single-Round Communication: Certain hybrid and homomorphic schemes achieve a single upload per client per round, independent of the number of users and rounds (Emmaka et al., 28 Nov 2025, Behnia et al., 2023).
Minimal Masking Complexity: Some protocols dispense with double-masking, Shamir secret sharing, and auxiliary user-to-user communication, relying instead on only two shared secrets per client per round (Nazemi et al., 3 Sep 2024, Nazemi et al., 2 May 2024).
Communication-Optimized Compression: Quantization, pruning, and product quantization are used under secure aggregation constraints to compress vector updates before secure summation (Yang et al., 21 Apr 2024, Prasad et al., 2022, Bonawitz et al., 2019).

2. Fundamental Information-Theoretic and Cryptographic Limits

Theoretical performance limits of secure aggregation are characterized both for centralized (server-based) and decentralized (peer-to-peer) models:

Decentralized Secure Aggregation: For a fully connected $K$ -user network with $T$ -collusion resilience, the optimal rates are: per-user communication rate $R_X\geq1$ , independent key rate $R_Z\geq1$ , system-wide entropy $R_\Sigma\geq K-1$ . This is achievable by masking each input with a unique key such that only the sum of all inputs is revealed upon aggregate decoding (Zhang et al., 1 Aug 2025).
Hierarchical/Relay Models: In $N$ -user, $K$ -relay structures with $n$ user-to-relay links per user and $m$ users per relay ( $Nn=Km$ ), the cut-set lower bounds on the minimum per-user and per-relay communication are $(1/n, 1/n)$ . Collusion thresholds for users and relays dictate matching lower bounds on key entropy per user (Xu et al., 25 Nov 2025). Extensions permit heterogeneous security policies with minimized total key-generation rate (Li et al., 19 Jul 2025).
Group-Based and Two-Level Sharing: Partitioned ramp sharing or group-based secret sharing (“sharding”) can further push per-user communication down to sublinear in $N$ , typically $O(d\log N)$ for $d$ -dimensional vectors (Stevens et al., 2022).

These results specify tight trade-offs between privacy, robustness (dropout-resilience), and communication for broad classes of aggregation networks.

3. Protocol Mechanisms and Optimizations

3.1 Key Agreement and Masking

Approaches include:

Sparse Graph Masking: Each client establishes shared secrets only with $O(\log N)$ or $O(1)$ other clients, and masks its vector with two or a logarithmic number of PRG-generated masks. Mask cancellation is ensured by symmetric mask assignment (Nazemi et al., 3 Sep 2024, Nazemi et al., 2 May 2024).
In-network Aggregation: Programmable network devices (e.g., Tofino switches) serve as aggregation “gateways” that sum client’s random seeds “on-the-wire” (Ren et al., 2 Jan 2025).
Additive Secret Sharing and Ramp Codes: Techniques based on Shamir and ramp secret sharing (over blocks/partitions of the update vector) minimize share size and allow communication down to per-block or per-group rates (Stevens et al., 2022, Luo et al., 2023).

3.2 Compression and Quantization

Secure Compression: Scalar quantization, product quantization (PQ), and pruning operate under linear decompression constraints so that quantized updates can be securely summed under any secure aggregation primitive (Prasad et al., 2022, Yang et al., 21 Apr 2024).
Auto-tuning of Quantization: Combining rotation (Walsh–Hadamard plus dithering) and quantization allows for reduced per-weight bitwidth, with bin-width determined via a wrapped-normal fit of the compressed update sum (Bonawitz et al., 2019).
Secure Indexing (for PQ): Secure histogramming over assignment indices of PQ, enabled by TEE or secure aggregation of masked code indices, yields extreme compression (up to 40×) without violating privacy (Prasad et al., 2022).

3.3 One-Round and Single-Message Schemes

One-Shot Homomorphic Protocols: Multi-key CKKS (MK-CKKS) homomorphic encryption, combined with ECDH additive masking, supports single-message aggregation per round, achieving a near-constant per-client communication expansion (e.g., ≈12× over plaintext) and removing the need for decryption-share exchange (Emmaka et al., 28 Nov 2025).
Verifiable Aggregation: Cryptographic commitments or authenticated vector commitments (APVC) allow the server to prove correctness of aggregation to clients, typically at minimal extra communication (Behnia et al., 2023).

4. Dropout Resilience, Robustness, and Security Guarantees

Dropout Handling: The ability to tolerate random or adversarial user dropout without re-invoking expensive key or mask recomputation is achieved via group-based sharing (Stevens et al., 2022), network-coding-based secret sharing (Kadhe et al., 2020), or direct switch aggregation (Ren et al., 2 Jan 2025).
Adaptive/Aggregator-Adversary Robustness: Some protocols are designed for honest-but-curious servers (e.g., CESA, ACCESS-FL, NET-SA) (Nazemi et al., 3 Sep 2024, Ren et al., 2 Jan 2025, Nazemi et al., 2 May 2024), while others guarantee information-theoretic security even under collusions and Byzantine faults [(Zhang et al., 1 Aug 2025, Jahani-Nezhad et al., 2023, Jahani-Nezhad et al., 2022)