Secure Aggregation (SecAgg) is a multi-party computation protocol that allows a central server to calculate the aggregated sum of model updates from multiple clients while only accessing the encrypted, masked values. The server never sees any individual client's raw gradient or weight update, mathematically guaranteeing that the central coordinator cannot reconstruct or leak a single participant's private training data.
Glossary
Secure Aggregation (SecAgg)

What is Secure Aggregation (SecAgg)?
A cryptographic protocol enabling a central server to compute the sum of encrypted client model updates without inspecting any individual contribution, ensuring data privacy in federated learning.
The protocol typically employs secret sharing and pairwise masking between clients. Each client adds a random mask to its update before transmission; these masks are collaboratively generated so that they cancel out during summation, revealing only the aggregate result. This ensures that even if the server is compromised or adversarial, it cannot perform gradient inversion attacks to extract sensitive patient information from individual contributions.
Key Features of Secure Aggregation
Secure Aggregation (SecAgg) is a multi-party computation protocol that enables a central server to compute the sum of encrypted client model updates without ever being able to inspect any individual contribution. The following features define its operational architecture.
Pairwise Masking with Secret Sharing
Each client generates a random mask for every other client and shares it via Diffie-Hellman key agreement. During aggregation, these pairwise masks cancel out when all clients' updates are summed, revealing only the aggregate. If a client drops out, Shamir's Secret Sharing of the seed ensures the remaining clients can reconstruct the missing mask and complete the protocol without exposing individual updates.
Server-Side Obliviousness
The central server acts purely as an untrusted aggregator. It receives only masked vectors and performs summation over ciphertexts. At no point does the server possess the cryptographic keys required to unmask any single client's gradient. This guarantees that even a fully compromised server cannot violate data privacy, making the protocol suitable for cross-institutional healthcare collaborations.
Dropout Robustness via Threshold Secret Sharing
Mobile devices or hospital nodes frequently disconnect. SecAgg handles this by having each client t-share its private seed among all other clients using a threshold scheme. As long as at least t out of n clients survive the round, the server can request shares from the survivors to reconstruct the dropped client's mask and remove it from the aggregate sum without stalling the training process.
Adversarial Input Bounding
To prevent a malicious client from submitting an arbitrarily large update to skew the global model, SecAgg is often combined with zero-knowledge range proofs or clipping bounds. The server verifies that each encrypted update lies within a pre-agreed L2 norm threshold before aggregation, ensuring Byzantine resilience without inspecting the raw gradient values.
Communication-Efficient Ciphertext Compression
Standard SecAgg requires each client to send a masked vector of size equal to the model. Modern variants integrate gradient sparsification or quantization before masking. Clients transmit only the top-k gradient components or low-precision representations, dramatically reducing bandwidth while the masking protocol still guarantees that the server learns nothing beyond the sparse aggregate.
Differential Privacy Integration
SecAgg guarantees that the server sees only the aggregate, but the aggregate itself may still leak information. By having each client add calibrated Gaussian noise to their update before masking, the protocol achieves local differential privacy. The pairwise masks cancel, but the noise accumulates in the sum, providing a formal (ε, δ)-DP guarantee against inference attacks on the final global model.
Frequently Asked Questions
Clear, technical answers to the most common questions about cryptographic protocols that enable privacy-preserving model training across decentralized healthcare data silos.
Secure Aggregation (SecAgg) is a cryptographic protocol that enables a central server to compute the sum of encrypted client model updates without being able to inspect any individual contribution. The protocol works through a multi-round masking scheme: each client generates a random mask and shares secret shares of that mask with all other clients. When transmitting their model update, each client adds their mask to their gradient vector. The server receives only these masked updates. During aggregation, all pairwise masks cancel out exactly—the sum of all masks across all clients equals zero—leaving only the true sum of model updates. This ensures that even if the server is compromised or curious, it cannot extract any single hospital's patient data from the aggregated result. The protocol was formalized by Bonawitz et al. (2017) in the seminal paper 'Practical Secure Aggregation for Privacy-Preserving Machine Learning' and is designed to tolerate client dropouts without requiring a trusted third party.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Secure Aggregation relies on a constellation of complementary privacy-preserving computation techniques and robust aggregation rules. These related concepts form the mathematical and cryptographic foundation for ensuring that individual patient data remains opaque during collaborative model training.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us