Image
Abstract
Secure Aggregation allows an untrusted server to compute aggregate statistics over large populations of users, without ever learning individual-level data. State-of-the-art secure aggregation protocols allow the vast majority of clients to send a single message, by either splitting the computation between two or more servers, or by outsourcing trust to a small committee of clients. This talk will cover the Willow secure aggregation protocol (Crypto 2025), its recent improvement WillowFold (ePrint 2026/264), and practical considerations when deploying secure aggregation at scale.