We study the fundamental communication limits of information-theoretic secure aggregation in a hierarchical network consisting of a server, multiple relays, and multiple users per relay. Communication proceeds over two rounds and two hops, and the system is subject to arbitrary user and relay dropouts. Up to $T$ users may collude with either the server or any single relay. The server aims to recover the sum of the inputs of all users that survive the first round, while learning no additional information beyond the aggregate sum and the inputs of the colluding users. Each relay, however, must learn nothing about the users' inputs except for the information revealed by the inputs of the colluding users under the same collusion model. We introduce a four-dimensional rate tuple that captures the communication cost across rounds and hops. Under a delayed message availability model, we establish necessary and sufficient conditions for feasibility and fully characterize the optimal first-round communication rates. For the second round, we characterize the optimal user-to-relay rate and derive lower and upper bounds on the relay-to-server rate. While these bounds do not coincide in general, they are tight in certain regimes of interest. Our results reveal a sharp threshold phenomenon: secure aggregation is feasible if and only if the total number of surviving users across surviving relays exceeds the collusion threshold. Achievability is established via a vector linear coding scheme with carefully structured correlated randomness exhibiting MDS-like properties, ensuring correctness and information-theoretic security under all possible dropout patterns. Entropic converse bounds are also derived.

翻译：我们研究分层网络中信息论安全聚合的基本通信极限，该网络由服务器、多个中继及每个中继下的多个用户组成。通信分两轮两跳进行，系统需容忍用户和中继的任意丢包。至多$T$个用户可与服务器或任一单个中继共谋。服务器旨在恢复所有存活于第一轮的用户输入之和，同时除聚合和及共谋用户输入外不获取额外信息。而每个中继除同一共谋模型下共谋用户输入所泄露的信息外，不得获知任何用户输入信息。我们引入四维速率元组来刻画跨轮跨跳的通信成本。在延迟消息可用性模型下，我们建立可行性充要条件，并完整刻画最优第一轮通信速率。对于第二轮，我们刻画最优用户-中继速率，并推导中继-服务器速率的上下界。尽管这些界限在一般情形下不重合，但在某些感兴趣区域中达到紧致。结果揭示显著阈值现象：安全聚合可行的充要条件是跨存活中继的存活用户总数超过共谋阈值。通过构造具有类MDS特性的结构化关联随机性的向量线性编码方案实现可达性，确保所有可能丢包模式下的正确性与信息论安全性。同时推导了熵意义下的逆界。