Paper 2024/936

Willow: Secure Aggregation with One-Shot Clients

James Bell-Clark, Google (United Kingdom)
Adrià Gascón, Google (United States)
Baiyu Li, Google (United States)
Mariana Raykova, Google (United States)
Phillipp Schoppmann, Google (United States)
Abstract

A common drawback of secure vector summation protocols in the single-server model is that they impose at least one synchronization point between all clients contributing to the aggregation. This results in clients waiting on each other to advance through the rounds of the protocol, leading to large latency (or failures due to too many dropouts) even if the protocol is computationally efficient. In this paper we propose protocols in the single-server model where clients contributing data to the aggregation (i) send a single message to the server and (ii) can join aggregation sessions dynamically whenever they have resources, i.e., without the need for synchronizing their reporting time with any other clients. Our approach is based on a committee of parties that aid in the computation by running a setup phase before data collection starts, and a verification/decryption phase once it ends. Unlike existing committee-based protocols such as Flamingo (S\&P 2023), the cost for committee members can be made sub-linear in the number of clients, and does not depend on the size of the input client vectors. Our experimental evaluation shows that our protocol, even while allowing dynamic client participation, is competitive with the state of the art protocols that do not have that feature in both computation and communication.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Secure aggregationOne-shotHomomorphic PRFAdditive homomorphic encryptioncommittee based
Contact author(s)
jhbell @ google com
adriag @ google com
baiyuli @ google com
marianar @ google com
schoppmann @ google com
History
2024-10-16: last of 2 revisions
2024-06-11: received
See all versions
Short URL
https://ia.cr/2024/936
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/936,
      author = {James Bell-Clark and Adrià Gascón and Baiyu Li and Mariana Raykova and Phillipp Schoppmann},
      title = {Willow: Secure Aggregation with One-Shot Clients},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/936},
      year = {2024},
      url = {https://eprint.iacr.org/2024/936}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.