What problem does this paper attempt to address?

The problem that this paper attempts to solve is how to achieve secure aggregation calculations among users without the server leaking any user input information in application scenarios such as federated learning. Specifically, the paper proposes a variant of the secure aggregation method, in which the server plays an "ignorant" role, that is, the server only serves as a communication intermediary to help users calculate the sum of inputs securely, but does not obtain any information about user inputs itself. The core of this problem lies in designing a communication protocol so that each user can ultimately only obtain the sum of all users' inputs, while the server does not learn any information about user inputs throughout the process. ### Main contributions of the paper 1. **Design of communication protocol**: The paper proposes a communication protocol, which involves users sending one round of messages to the server and the server sending one round of messages to each user. In this way, each user can ultimately calculate the sum of all inputs securely while ensuring that the server does not obtain any information about user inputs. 2. **Theoretical analysis**: The paper proves that in order to calculate the sum of 1 - bit securely, each user needs to send at least 1 - bit of message to the server, the server needs to send at least 1 - bit of message to each user, each user needs to hold at least 2 - bit keys, and all users collectively need to hold at least \( K \) - bit keys. In addition, when users are allowed to drop out halfway, these optimal performances remain unchanged, except that the key size held by each user increases to \( K \) - bit. 3. **Security and efficiency**: The paper analyzes in detail the information - theoretic optimality of this protocol, that is, it achieves information - theoretic security while ensuring communication efficiency and key consumption. ### Formula summary - **Communication rate**: - \( R_X \geq 1 \): The message sent by each user to the server contains at least 1 - bit. - \( R_Y \geq 1 \): The message sent by the server to each user contains at least 1 - bit. - \( R_Z \geq 2 \): The key held by each user contains at least 2 - bit. - \( R_{Z_\Sigma} \geq K \): The keys held collectively by all users contain at least \( K \) - bit. - **Case where users are allowed to drop out halfway**: - \( R_X \geq 1 \) - \( R_Y \geq 1 \) - \( R_Z \geq K \): The key held by each user contains at least \( K \) - bit. - \( R_{Z_\Sigma} \geq K \) ### Conclusion By introducing the concept of an "ignorant" server, the paper successfully solves the problem of how to achieve secure aggregation calculations while protecting user privacy in federated learning. This method is not only of great theoretical significance but also provides an effective solution for practical applications.