Secure Multiplicative Aggregation and Key-Reuse Optimization: Achieving Dropout Resilience with Amortized Efficiency

We present the first secure multiplicative aggregation protocol as a variant of secure aggregation. In this case, a server can compute the component-wise product of the input vectors of users while handling the possible dropout of users during protocol execution. Using pairwise masks, threshold secret sharing and the secure aggregation protocol itself, our construction is correct and secure against semi-honest adversaries. We also consider secure aggregation protocols for the case in which fixed users can reuse their private keys to do aggregation many times, and we propose key reusable secure aggregation protocols. Our protocols have an overhead polynomial in the number of users. We conduct a comprehensive evaluation of our proposed protocols. For multiplicative aggregation protocol, experiments varying the number of users (K) from 50 to 300 (with fixed input size Xu=100 KB) demonstrate that user computation scales monotonically with K and is largely insensitive to dropout rates. In contrast, server computation is highly dropout-sensitive and exhibits a steeper growth rate with respect to K. When varying the input size (10–250 KB) with a fixed K, both user and server communication overheads increase linearly, while server computation remains the primary bottleneck affected by dropouts. We compare reusable and non-reusable secure aggregation protocol over repeated interactions q∈1, …, 10 at Xu=100 KB and K=100, showing that reusing Round 1 reduces the cumulative user computation time by about 2. 5 times and reduces the cumulative server computation overhead by about 1. 2 times at q=10 while leaving the server communication overhead nearly unchanged, which indicates that the overall communication overhead is dominated by the non-reused rounds.