Paper 2023/1936

LERNA: Secure Single-Server Aggregation via Key-Homomorphic Masking

Hanjun Li, University of Washington
Huijia Lin, University of Washington
Antigoni Polychroniadou, J.P. Morgan AI Research, AlgoCRYPT CoE
Stefano Tessaro, University of Washington

This paper introduces LERNA, a new framework for single-server secure aggregation. Our protocols are tailored to the setting where multiple consecutive aggregation phases are performed with the same set of clients, a fraction of which can drop out in some of the phases. We rely on an initial secret sharing setup among the clients which is generated once-and-for-all, and reused in all following aggregation phases. Compared to prior works [Bonawitz et al. CCS’17, Bell et al. CCS’20], the reusable setup eliminates one round of communication between the server and clients per aggregation—i.e., we need two rounds for semi-honest security (instead of three), and three rounds (instead of four) in the malicious model. Our approach also significantly reduces the server’s computational costs by only requiring the reconstruction of a single secret-shared value (per aggregation). Prior work required reconstructing a secret-shared value for each client involved in the computation. We provide instantiations of LERNA based on both the Decisional Composite Residuosity (DCR) and (Ring) Learning with Rounding ((R)LWR) assumptions respectively and evaluate a version based on the latter assumption. In addition to savings in round-complexity (which result in reduced latency), our experiments show that the server computational costs are reduced by two orders of magnitude in comparison to the state-of-the-art. In settings with a large number of clients, we also reduce the computational costs up to twenty-fold for most clients, while a small set of “heavy clients” is subject to a workload that is still smaller than that of prior work.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2023
Secure AggregationReusable SetupPrivacy Preserving Machine Learning
Contact author(s)
hanjul @ cs washington edu
rachel @ cs washington edu
antigoni polychroniadou @ jpmorgan com
tessaro @ cs washington edu
2023-12-21: approved
2023-12-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hanjun Li and Huijia Lin and Antigoni Polychroniadou and Stefano Tessaro},
      title = {LERNA: Secure Single-Server Aggregation via Key-Homomorphic Masking},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1936},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.