Secure Summation: Capacity Region, Groupwise Key, and Feasibility
share
The secure summation problem is considered, where K users, each holds an input, wish to compute the sum of their inputs at a server securely, i.e., without revealing any information beyond the sum even if the server may collude with any set of up to T users. First, we prove a folklore result for secure summation - to compute 1 bit of the sum securely, each user needs to send at least 1 bit to the server, each user needs to hold a key of at least 1 bit, and all users need to hold collectively some key variables of at least K-1 bits. Next, we focus on the symmetric groupwise key setting, where every group of G users share an independent key. We show that for symmetric groupwise keys with group size G, when G > K-T, the secure summation problem is not feasible; when G ≤ K-T, to compute 1 bit of the sum securely, each user needs to send at least 1 bit to the server and the size of each groupwise key is at least (K-T-1)/K-TG bits. Finally, we relax the symmetry assumption on the groupwise keys and the colluding user sets; we allow any arbitrary group of users to share an independent key and any arbitrary group of users to collude with the server. For such a general groupwise key and colluding user setting, we show that secure summation is feasible if and only if the hypergraph, where each node is a user and each edge is a group of users sharing the same key, is connected after removing the nodes corresponding to any colluding set of users and their incident edges.
READ FULL TEXT