Secure aggregation is a foundational building block of privacy-preserving learning, yet achieving robustness under adversarial behavior remains challenging. Modern systems increasingly adopt the shuffle model of differential privacy (Shuffle-DP) to locally perturb client updates and globally anonymize them via shuffling for enhanced privacy protection. However, these perturbations and anonymization distort gradient geometry and remove identity linkage, leaving systems vulnerable to adversarial poisoning attacks. Moreover, the shuffler, typically a third party, can be compromised, undermining security against malicious adversaries. To address these challenges, we present Robust Aggregation in Noise (RAIN), a unified framework that reconciles privacy, robustness, and verifiability under Shuffle-DP. At its core, RAIN adopts sign-space aggregation to robustly measure update consistency and limit malicious influence under noise and anonymization. Specifically, we design two novel secret-shared protocols for shuffling and aggregation that operate directly on additive shares and preserve Shuffle-DP's tight privacy guarantee. In each round, the aggregated result is verified to ensure correct aggregation and detect any selective dropping, achieving malicious security with minimal overhead. Extensive experiments across comprehensive benchmarks show that RAIN maintains strong privacy guarantees under Shuffle-DP and remains robust to poisoning attacks with negligible degradation in accuracy and convergence. It further provides real-time integrity verification with complete tampering detection, while achieving up to 90x lower communication cost and 10x faster aggregation compared with prior work.

翻译：安全聚合是隐私保护学习的基础构建模块，然而在对抗行为下实现鲁棒性仍具挑战性。现代系统日益采用差分隐私混洗模型（Shuffle-DP），通过对客户端更新进行本地扰动，并通过混洗实现全局匿名化以增强隐私保护。然而，这些扰动与匿名化操作会扭曲梯度几何结构并移除身份关联，使系统易受对抗性投毒攻击。此外，通常作为第三方的混洗器可能被攻破，从而削弱针对恶意敌手的安全性。为应对这些挑战，我们提出噪声环境下的鲁棒聚合框架RAIN，该统一框架在Shuffle-DP下实现了隐私性、鲁棒性与可验证性的协同。RAIN的核心是采用符号空间聚合，在噪声和匿名化条件下鲁棒地度量更新一致性并限制恶意影响。具体而言，我们设计了两种新颖的秘密共享协议，用于直接在加法秘密份额上执行混洗与聚合操作，同时保持Shuffle-DP的严格隐私保证。在每轮训练中，聚合结果均经过验证以确保正确聚合并检测选择性丢弃行为，以最小开销实现恶意安全性。在全面基准测试上的大量实验表明，RAIN在保持Shuffle-DP强隐私保证的同时，对投毒攻击具有鲁棒性，且准确性与收敛性仅有可忽略的下降。该框架进一步提供实时完整性验证与完全篡改检测能力，同时相比现有工作降低高达90倍的通信开销并实现10倍速的聚合效率。