Paper 2025/1579
TACITA: Threshold Aggregation without Client Interaction
Abstract
Secure aggregation enables a central server to compute the sum of client inputs without learning any individual input, even in the presence of dropouts or partial participation. This primitive is fundamental to privacy-preserving applications such as federated learning, where clients collaboratively train models without revealing raw data. We present a new secure aggregation protocol, TACITA, in the single-server setting that satisfies four critical properties simultaneously: (1) one-shot communication from clients with no per-instance setup, (2) input-soundness, i.e. the server cannot manipulate the ciphertexts, (3) constant-size communication per client, independent of the number of participants per-instance, and (4) robustness to client dropouts Previous works on secure aggregation - Willow and OPA (CRYPTO'25) that achieve one-shot communication do not provide input soundness, and allow the server to manipulate the aggregation. They consequently do not achieve full privacy and only achieve Differential Privacy guarantees at best. We achieve full privacy at the cost of assuming a PKI. Specifically, TACITA relies on a novel cryptographic primitive we introduce and realize: succinct multi-key linearly homomorphic threshold signatures (MKLHTS), which enables verifiable aggregation of client-signed inputs with constant-size signatures. To encrypt client inputs, we adapt the Silent Threshold Encryption (STE) scheme of Garg et al. (CRYPTO 2024) to support ciphertext-specific decryption and additive homomorphism. We formally prove security in the Universal Composability framework and demonstrate practicality through an open-source proof-of-concept implementation, showing our protocol achieves scalability without sacrificing efficiency or requiring new trust assumptions.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- Secure AggregationPrivacy-preserving Federated Learning
- Contact author(s)
-
varun madathil @ yale edu
arthur lazzaretti @ yale edu
zeyu liu @ yale edu
charalampos papamanthou @ yale edu - History
- 2025-11-25: last of 4 revisions
- 2025-09-02: received
- See all versions
- Short URL
- https://ia.cr/2025/1579
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/1579,
author = {Varun Madathil and Arthur Lazzaretti and Zeyu Liu and Charalampos Papamanthou},
title = {{TACITA}: Threshold Aggregation without Client Interaction},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/1579},
year = {2025},
url = {https://eprint.iacr.org/2025/1579}
}