In hierarchical secure aggregation (HSA), a server communicates with clustered users through an intermediate layer of relays to compute the sum of users' inputs under two security requirements -- server security and relay security. Server security requires that the server learns nothing beyond the desired sum even when colluding with a subset of users, while relay security requires that each relay remains oblivious to the users' inputs under collusion. Existing work on HSA enforces homogeneous security where \tit{all} inputs must be protected against \tit{any} subset of potential colluding users with sizes up to a predefined threshold. Such a \homo formulation cannot capture scenarios with \tit{\het} \secty \reqs where \diff users may demand various levels of protection. In this paper, we study hierarchical secure aggregation (HSA) with heterogeneous security requirements and arbitrary user collusion. Specifically, we consider scenarios where the inputs of certain groups of users must remain information-theoretically secure against inference by the server or any relay, even if the server or any relay colludes with an arbitrary subset of other users. Under server security, the server learns nothing about these protected inputs beyond the prescribed aggregate sum, despite any such collusion. Under relay security, each relay similarly obtains no information about the protected inputs under the same collusion model. We characterize the optimal communication rates achievable across all layers for all parameter regimes. Furthermore, we study the minimum source keys required at the users to ensure security. For this source key requirement, we provide tight characterizations in two broad regimes determined by the security and collusion constraints, and establish a general information-theoretic lower bound together with a bounded-gap achievable scheme for the remaining regime.

翻译：在分层安全聚合（HSA）中，服务器通过中继层与集群用户通信，以在满足两项安全要求——服务器安全性与中继安全性——的前提下计算用户输入之和。服务器安全性要求即使在与部分用户共谋时，服务器除所需聚合结果外无法获取任何额外信息；中继安全性则要求每个中继在共谋场景下对用户输入保持完全不可知。现有HSA研究均采用同构安全模型，即要求*所有*输入必须对规模不超过预设阈值的*任意*潜在共谋用户子集提供保护。此类*同构*框架无法刻画具有*异构*安全需求的场景，其中*不同*用户可能要求不同级别的保护。本文研究具有异构安全要求与任意用户共谋的分层安全聚合（HSA）。具体而言，我们考虑以下场景：特定用户组的输入必须满足信息论安全，即使服务器或任意中继与任意其他用户子集共谋，也无法推断这些受保护输入。在服务器安全性下，无论存在何种共谋，服务器除规定的聚合结果外无法获知任何受保护输入信息；在中继安全性下，每个中继在相同共谋模型下同样无法获取受保护输入的任何信息。我们刻画了所有参数范围内各通信层可达到的最优通信速率。此外，我们研究了确保安全性所需的最小用户源密钥规模。针对该源密钥需求，我们在由安全约束与共谋约束决定的两类广泛参数范围内给出了紧致刻画，并对剩余参数范围建立了普适的信息论下界及具有有限间隙的可达性方案。