Chapter 10: Secure Aggregation

Learning Objectives

• Formalize the threat model for aggregation in federated learning: honest-but-curious server, colluding users
• Construct the Bonawitz et al. pairwise-masking protocol that reveals only the aggregate $\sum_k \mathbf{g}_k$ to the server
• Quantify the $O(n^2)$ communication overhead of pairwise masking and identify its scaling bottleneck
• Handle user dropouts via secret-shared mask-cancellation protocols (pairwise keys + Shamir shares)
• State and prove the Caire et al. optimality theorem for secure aggregation with uncoded groupwise keys (CommIT contribution)
• Recognize when the optimality result applies and when tighter bounds are achievable