Secure Summation: Capacity Region, Groupwise Key, and Feasibility

The secure summation problem is considered, where K users, each holds an input, wish to compute the sum of their inputs at a server securely, i.e., without revealing any information beyond the sum even if the server may collude with any set of up to T users. First, we prove a folklore result for secure summation - to compute 1 bit of the sum securely, each user needs to send at least 1 bit to the server, each user needs to hold a key of at least 1 bit, and all users need to hold collectively some key variables of at least K-1 bits. Next, we allow any arbitrary group of users to share an independent key and any arbitrary group of users to collude with the server. For such a general groupwise key and colluding user setting, we show that secure summation is feasible if and only if the hypergraph, where each node is a user and each edge is a group of users sharing the same key, is connected after removing the nodes corresponding to any colluding set of users and their incident edges. Finally, we focus on the symmetric groupwise key setting, where every group of G users share an independent key. We show that for symmetric groupwise keys with group size G , if G =1 or G > K-T , the secure summation problem is not feasible; else 1 < G <= K-T , to compute 1 bit of the sum securely, each user needs to send at least 1 bit to the server and the size of each groupwise key is at least (K-T-1)/ ((K-T) G) bits.