Secure aggregation is a fundamental primitive in privacy-preserving distributed learning systems, where an aggregator aims to compute the sum of users' inputs without revealing individual data. In this paper, we study a multi-server secure aggregation problem in a two-hop network consisting of multiple aggregation servers and multiple users per server, under the presence of user collusion. Each user communicates only with its associated server, while the servers exchange messages to jointly recover the global sum. We adopt an information-theoretic security framework, allowing up to $T$ users to collude with any server. We characterize the complete optimal rate region in terms of user-to-server communication rate, server-to-server communication rate, individual key rate, and source key rate. Our main result shows that the minimum communication and individual key rates are all one symbol per input symbol, while the optimal source key rate is given by $\min\{U+V+T-2,\, UV-1\}$, where $U$ denotes the number of servers and $V$ the number of users per server. The achievability is established via a linear key construction that ensures correctness and security against colluding users, while the converse proof relies on tight entropy bounds derived from correctness and security constraints. The results reveal a fundamental tradeoff between security and key efficiency and demonstrate that the multi-server architecture can significantly reduce the required key randomness compared to single-server secure aggregation. Our findings provide a complete information-theoretic characterization of secure aggregation in multi-server systems with user collusion.

翻译：安全聚合是隐私保护分布式学习系统中的基础原语，其目标是在不泄露个体数据的前提下，由聚合器计算用户输入的总和。本文研究了一种在用户合谋存在的两跳网络中的多服务器安全聚合问题，该网络包含多个聚合服务器以及每个服务器对应的多个用户。每个用户仅与其关联的服务器通信，而服务器之间则通过交换消息来联合恢复全局总和。我们采用信息论安全框架，允许最多 $T$ 个用户与任意服务器合谋。我们从用户到服务器的通信速率、服务器间通信速率、个体密钥速率以及源密钥速率四个方面，完整刻画了最优速率区域。我们的主要结果表明，最小通信速率和个体密钥速率均为每输入符号一个符号，而最优源密钥速率由 $\min\{U+V+T-2,\, UV-1\}$ 给出，其中 $U$ 表示服务器数量，$V$ 表示每个服务器的用户数量。可达性通过一种线性密钥构造方案得以证明，该方案确保了正确性并能抵御合谋用户的攻击；逆证明则依赖于从正确性和安全性约束推导出的紧致熵界。结果揭示了安全性与密钥效率之间的基本权衡，并表明与单服务器安全聚合相比，多服务器架构能够显著降低所需的密钥随机性。我们的研究为多服务器系统中存在用户合谋的安全聚合问题提供了完整的信息论刻画。