Privacy-preserving aggregation is a cornerstone for AI systems that learn from distributed data without exposing individual records, especially in federated learning and telemetry. Existing two-server protocols (e.g., Prio and successors) set a practical baseline by validating inputs while preventing any single party from learning users' values, but they impose symmetric costs on both servers and communication that scales with the per-client input dimension $L$. Modern learning tasks routinely involve dimensionalities $L$ in the tens to hundreds of millions of model parameters. We present TAPAS, a two-server asymmetric private aggregation scheme that addresses these limitations along four dimensions: (i) no trusted setup or preprocessing, (ii) server-side communication that is independent of $L$ (iii) post-quantum security based solely on standard lattice assumptions (LWE, SIS), and (iv) stronger robustness with identifiable abort and full malicious security for the servers. A key design choice is intentional asymmetry: one server bears the $O(L)$ aggregation and verification work, while the other operates as a lightweight facilitator with computation independent of $L$. This reduces total cost, enables the secondary server to run on commodity hardware, and strengthens the non-collusion assumption of the servers. One of our main contributions is a suite of new and efficient lattice-based zero-knowledge proofs; to our knowledge, we are the first to establish privacy and correctness with identifiable abort in the two-server setting.

翻译：隐私保护聚合是人工智能系统从分布式数据中学习而不暴露个人记录的基础，尤其适用于联邦学习和遥测领域。现有的双服务器协议（如Prio及其改进方案）通过验证输入并防止任何单一服务器获知用户值，建立了实用基准，但它们在两台服务器上施加了对称成本，且通信开销随每客户端输入维度$L$线性增长。现代学习任务中，模型参数的维度$L$通常达到数千万至数亿。我们提出TAPAS，一种非对称双服务器私有聚合方案，从四个维度突破上述限制：(i)无需可信设置或预处理；(ii)服务器端通信开销与$L$无关；(iii)基于标准格假设（LWE、SIS）的后量子安全性；(iv)更强的鲁棒性，支持可识别中止的完全恶意安全模型。核心设计在于有意引入非对称性：一台服务器承担$O(L)$的聚合与验证工作，另一台作为轻量级协调器，计算开销与$L$无关。这种设计降低了总成本，使辅助服务器可在商用硬件上运行，并增强了服务器的不共谋假设。我们的主要贡献之一是一套全新高效的基于格的零知识证明；据我们所知，这是首次在双服务器场景中实现具备可识别中止的隐私性与正确性保障。