Secure Aggregation & Homomorphic Encryption
- Secure aggregation is a cryptographic framework that computes aggregate statistics without revealing individual inputs.
- Homomorphic encryption enables algebraic operations directly on encrypted data, ensuring valid aggregated results upon decryption.
- Hybrid protocols combine HE and masking to optimize efficiency, robustness, and resistance against collusion in distributed settings.
Secure aggregation and homomorphic encryption constitute the cryptographic foundation for privacy-preserving aggregation of distributed data, especially in federated learning and related multi-party computation settings. Secure aggregation ensures that only aggregate statistics (e.g., sums, averages) are revealed to an aggregator, while homomorphic encryption (HE) enables computation on encrypted data by supporting algebraic operations directly in the ciphertext domain. These techniques are vital for privacy, collusion resistance, and robustness in collaborative analytics, especially in adversarial or resource-constrained environments.
1. Secure Aggregation: Cryptographic Frameworks and Protocol Families
Secure aggregation protocols enable an untrusted server to compute a function (typically the sum) of values held by mutually distrustful clients without revealing the individual contributions. Core cryptographic primitives span:
- Mask-based protocols: Each client applies a random mask such that all masks sum to zero; correctness follows from the cancellation property, and privacy is maintained via secret sharing of masks (Zhang et al., 2023, Boer et al., 2020).
- Homomorphic encryption-based protocols: Clients encrypt updates using additively (sometimes multiplicatively) homomorphic encryption. The server aggregates ciphertexts, and decryption yields the sum (Zhao, 2022, Hosseini et al., 1 Mar 2025, Morona-Mínguez et al., 25 Feb 2026).
- Hybrid protocols: Combine additive masking (often via ECDH) with HE to achieve constant communication and non-interactive uploads, as in MK-CKKS+ECDH hybrids (Emmaka et al., 28 Nov 2025), or by leveraging efficient pseudorandom mask generators (Liu et al., 2022).
Robustness against dropouts, colluding adversaries, and noise management are achieved via secret sharing (e.g., Shamir), threshold or multi-key decryption, or committee-based key sharing (Hosseini et al., 1 Mar 2025, Bitzer et al., 19 Jan 2026).
2. Homomorphic Encryption Schemes and Secure Aggregation Variants
Additively homomorphic cryptosystems enable linear aggregation in the encrypted domain. The predominant schemes include:
- Lattice-based (RLWE/CKKS/BFV): Support large plaintext spaces and efficient polynomial operations. Collectively generated public keys enable threshold decryption (Hosseini et al., 1 Mar 2025, Morona-Mínguez et al., 25 Feb 2026). Additive homomorphism is induced via -style ciphertexts.
- Elliptic-curve and Paillier-style HE: Used for resource-constrained (WSN, IoT) scenarios or when compact key size is preferred (Jariwala et al., 2012, Yang et al., 2023).
- Code-based (LPN): Provide post-quantum security, featuring key- and message-additive properties. Aggregate decryption keys are reconstructed by a committee via secret sharing and CRT-based optimizations can reduce bandwidth (Bitzer et al., 19 Jan 2026).
- Caching and compression enhancements: Efficiently encode and re-use ciphertexts to mitigate HE encoding overhead, e.g., via radix-cache pools (CHEM (Zhao, 2022)) or super-increasing sequences (Yang et al., 2023) for gradient compression.
Homomorphic aggregation protocols are extended to general linear functions (arbitrary weighted sums), supporting linear model layers in federated models (Tian et al., 2021).
3. Advanced Secure Aggregation Protocols and Efficiency Trade-offs
Several innovations address the communication, computation, and robustness bottlenecks in real-world federated environments:
- Hybrid MK-CKKS + ECDH masking (“Hyb-Agg”): Achieves single-message client uploads, constant per-client communication, and sub-second runtimes even on IoT hardware. Security is based on RLWE, CDH, and PRF assumptions, with confidentiality preserved if up to clients and the server collude. The protocol eliminates the need for partial decryption exchanges and tolerates dropouts without trusted third parties (Emmaka et al., 28 Nov 2025).
- Multiparty HE with secret sharing: Allows threshold decryption with dropout resilience and new client onboarding by share reconstruction; gradient compression via linear sketching is compatible, maintaining statistical learning guarantees with minimal utility loss (Hosseini et al., 1 Mar 2025).
- AHSecAgg + TSKG: Mask-based schemes leveraging additive homomorphic masking offer computational scaling per client and at the server. TSKG leverages threshold BLS signatures to generate per-round mask seeds without the overhead of repeated key exchanges, and achieves robustness with optimal client dropout tolerance (Zhang et al., 2023).
- Doubly Homomorphic Secure Aggregation (DHSA): Uses MKHE for initial seed aggregation and a linear seed-homomorphic PRG (SHPRG) for main update masking, collapsing per-iteration overhead to that of lightweight PRG applications and providing up to computational speedup with strong collusion resilience (Liu et al., 2022).
Efficiency is parameterized by ciphertext expansion (often – plaintext), number of interaction rounds, and the scaling of cryptographic operations with (model dimension) and (participant count).
4. Collusion, Robustness, and Security Guarantees
Theoretical security analysis across protocols centers on confidentiality under standard assumptions—RLWE, LPN, DDH/CDH, and IND-CPA security. Key results include:
- Collusion resistance: State-of-the-art schemes tolerate up to 0 colluding clients with the server, ensured via pairwise ECDH secrets (for mask-based protocols) (Emmaka et al., 28 Nov 2025), multi-key encryption (Liu et al., 2022), or Shamir secret sharing (Hosseini et al., 1 Mar 2025, Bitzer et al., 19 Jan 2026).
- Adaptive dropout tolerance: Secret sharing enables threshold decryption and dynamic handling of client dropouts. Some constructions (e.g., (Hosseini et al., 1 Mar 2025)) allow late joiners to obtain key shares without re-running HE setup.
- Active adversary robustness: Additive-masking protocols augmented with active consistency checks (e.g., PKI signatures in (Zhang et al., 2023)) guarantee that malicious clients or servers cannot undermine aggregation correctness; blockchain contracts can further incentivize server honesty (Tian et al., 2021).
- HE-specific vulnerabilities: Restricted decryption oracle (1) attacks mandate the use of “smudging noise” in threshold RLWE-HE protocols, boosting noise variance to hide decryption errors and prevent noise-extraction key-recovery attacks (Morona-Mínguez et al., 25 Feb 2026).
- Post-quantum security: Code-based (LPN) secure aggregation achieves statistical security against quantum adversaries, under the Hint-LPN reduction, offering an alternative to LWE-based schemes for resistant deployment (Bitzer et al., 19 Jan 2026).
5. System Integration, Performance, and Optimization Techniques
Secure aggregation protocols are evaluated along several system dimensions:
| Protocol/Technique | Per-Client Upload | Rounds | Collusion Resilience | HE Scheme |
|---|---|---|---|---|
| Hyb-Agg (MK-CKKS+ECDH) (Emmaka et al., 28 Nov 2025) | 12×plaintext, O(1) | 1 (one-shot) | 2 | MK-CKKS + ECDH |
| CHEM Cache (Zhao, 2022) | Standard HE size | 1 per round | As underlying HE | BFV/CKKS + Caching |
| DHSA (Liu et al., 2022) | 1.5×plaintext | Amortized 3 | 4 | MK-BFV/SHPRG |
| Classic Secure Sum (Boer et al., 2020) | O(5)+mask exchange | 1 | Up to 6 | Mask-based |
| AHSecAgg+TSKG (Zhang et al., 2023) | O(7) | 4 (with Unmask) | 8 (threshold) | Mask + BLS TS |
| LPN-KAHE (Bitzer et al., 19 Jan 2026) | 9- 0) bits | 1 | 1 (committee, PQC) | LPN-based |
System-level accelerations include:
- Caching/encoding optimizations: Reduces time spent on HE encryptions by caching ciphertexts for radix components (e.g., CHEM (Zhao, 2022)).
- Gradient compression: HE bottlenecks are alleviated by compressing large model updates via sketching or super-increasing coding (Hosseini et al., 1 Mar 2025, Yang et al., 2023), maintaining statistical SLAs on learning.
- Noise and depth management: Full-homomorphic aggregation (e.g., NSHEDB (Jung et al., 27 Feb 2026)) leverages noise-aware query planning to avoid bootstrapping, accelerating database-scale secure aggregation.
- TEE/FHE hybridization: Trusted execution environments (Intel SGX) can be integrated for cryptographic acceleration, reducing bandwidth and computation relative to pure FHE at the cost of hardware trust assumptions (Laage et al., 11 Apr 2025).
6. Specializations: Linear Aggregation, Database Query, and Quantum Protocols
- Linear aggregation: Some schemes extend from “sum-only” to arbitrary linear transforms, enabling the server to compute 2 with privacy. DTAHE (lattice or EC-based) underlies these protocols, with security reductions to Decision-RLWE and concrete blockchain-based incentives for robustness (Tian et al., 2021).
- HE-based database aggregation: NSHEDB (Jung et al., 27 Feb 2026) employs leveled HE (BFV) to implement SQL SUM and GROUP BY in the encrypted domain, optimizing multiplicative depth and noise budget to eliminate bootstrapping, achieving order-of-magnitude runtime and storage savings in TPC-H benchmarks.
- Quantum secure aggregation: Perfectly-secure quantum homomorphic encryption (QHE) enables aggregation of quantum neural network (QNN) gradients from fully quantum-encrypted data using Clifford+3 circuits with teleportation-based key updates, providing information-theoretic guarantees (Ortega et al., 13 Feb 2026).
7. Future Directions and Open Challenges
Continued work addresses the following aspects:
- Improved compression and coding for high-dimensional models (Hosseini et al., 1 Mar 2025, Yang et al., 2023).
- Reduction of setup and interaction rounds, critical for resource-constrained or asynchronous deployments (Emmaka et al., 28 Nov 2025, Liu et al., 2022).
- Stronger adversary models, including active attacks, asynchronous faults, and more general linear or non-linear aggregation (Zhang et al., 2023, Tian et al., 2021).
- Quantum, post-quantum, and hardware-accelerated architectures, broadening the applicability of secure aggregation beyond classical lattice-based factorization (Bitzer et al., 19 Jan 2026, Ortega et al., 13 Feb 2026, Laage et al., 11 Apr 2025).
A plausible implication is that hybrid cryptographic architectures, parameter-optimized secret sharing, and continued efficiency advances will underpin deployments of federated learning and secure data science at scale across heterogeneous networks and adversarial environments.