{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T15:50:24Z","timestamp":1783007424938,"version":"3.54.5"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032019127","type":"print"},{"value":"9783032019134","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01913-4_9","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:22:44Z","timestamp":1755332564000},"page":"285-318","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Willow: Secure Aggregation with\u00a0One-Shot Clients"],"prefix":"10.1007","author":[{"given":"James","family":"Bell-Clark","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adri\u00e0","family":"Gasc\u00f3n","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Baiyu","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mariana","family":"Raykova","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Phillipp","family":"Schoppmann","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1175\u20131191. ACM (2017)","DOI":"10.1145\/3133956.3133982"},{"key":"9_CR2","unstructured":"Kairouz, P., Brendan McMahan, H., et\u00a0al.: Advances and open problems in federated learning. CoRR, abs\/1912.04977 (2019). http:\/\/arxiv.org\/abs\/1912.04977"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Bell, J.H., Bonawitz, K.A., Gasc\u00f3n, A., Lepoint, T., Raykova, M.: Secure single-server aggregation with (poly) logarithmic overhead. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1253\u20131269 (2020)","DOI":"10.1145\/3372297.3417885"},{"key":"9_CR4","unstructured":"So, J., et al.: LightSecAgg: a lightweight and versatile design for secure aggregation in federated learning. Proc. Mach. Learn. Syst. 4, 694\u2013720 (2022)"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Chowdhury, A.R., Guo, C., Jha, S., van\u00a0der Maaten, L.: Eiffel: ensuring integrity for federated learning. In: CCS, pp. 2535\u20132549. ACM (2022)","DOI":"10.1145\/3548606.3560611"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Lycklama, H., Burkhalter, L., Viand, A., K\u00fcchler, N., Hithnawi, A.: RoFL: robustness of secure federated learning. In: SP, pp. 453\u2013476. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179400"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Ma, Y., Woods, J., Angel, S., Polychroniadou, A., Rabin, T.: Flamingo: multi-round single-server secure aggregation with applications to private federated learning. In: SP, pp. 477\u2013496. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179434"},{"key":"9_CR8","unstructured":"Bell, J., et al.: ACORN: input validation for secure aggregation. In: USENIX Security Symposium, pp. 4805\u20134822. USENIX Association (2023)"},{"key":"9_CR9","doi-asserted-by":"publisher","unstructured":"Li, H., Lin, H., Polychroniadou, A., Tessaro, S.: LERNA: secure single-server aggregation via key-homomorphic masking. In: Guo, J., Steinfeld, R. (eds) ASIACRYPT (1), volume 14438 of Lecture Notes in Computer Science, pp. 302\u2013334. Springer, Singapore (2023). https:\/\/doi.org\/10.1007\/978-981-99-8721-4_10","DOI":"10.1007\/978-981-99-8721-4_10"},{"key":"9_CR10","unstructured":"Corrigan-Gibbs, H., Boneh, D.: Prio: Private, robust, and scalable computation of aggregate statistics. In: NSDI, pp. 259\u2013282. USENIX Association (2017)"},{"key":"9_CR11","doi-asserted-by":"publisher","unstructured":"Addanki, S., Garbe, K., Jaffe, E., Ostrovsky, R., Polychroniadou, A.: Prio+: privacy preserving aggregate statistics via Boolean shares. In: SCN, volume 13409 of Lecture Notes in Computer Science, pp. 516\u2013539. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-14791-3_23","DOI":"10.1007\/978-3-031-14791-3_23"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Boneh, D., Boyle, E., Corrigan-Gibbs, H., Gilboa, N., Ishai, Y.: Lightweight techniques for private heavy hitters. In: 2021 IEEE Symposium on Security and Privacy (SP) (2021)","DOI":"10.1109\/SP40001.2021.00048"},{"key":"9_CR13","unstructured":"Bell-Clark, J., Gasc\u00f3n, A., Li, B., Raykova, M., Schoppmann, P.: Willow: secure aggregation with one-shot clients. Cryptology ePrint Archive, Paper 2024\/936 (2024). https:\/\/eprint.iacr.org\/2024\/936"},{"key":"9_CR14","doi-asserted-by":"publisher","unstructured":"Kim, D., Lee, D., Seo, J., Song, Y.: Toward practical lattice-based proof of knowledge from hint-MLWE. In: Handschuh, H., Lysyanskaya, A., (eds), Advances in Cryptology \u2013 CRYPTO\u00a02023, Part\u00a0V, volume 14085 of Lecture Notes in Computer Science, pp. 549\u2013580, Santa Barbara, CA, USA. Springer, Cham, Switzerland (2023). https:\/\/doi.org\/10.1007\/978-3-031-38554-4_18","DOI":"10.1007\/978-3-031-38554-4_18"},{"key":"9_CR15","doi-asserted-by":"publisher","unstructured":"Davidson, A., Pestana, G., Celi, S.: FrodoPIR: simple, scalable, single-server private information retrieval. In: Proceedings on Privacy Enhancing Technologies, vol. 2023, no 1, pp. 365\u2013383 (2023). https:\/\/doi.org\/10.56553\/popets-2023-0022","DOI":"10.56553\/popets-2023-0022"},{"key":"9_CR16","unstructured":"Henzinger, A., Hong, M.M., Corrigan-Gibbs, H., Meiklejohn, S., Vaikuntanathan, V.: One server for the price of two: simple and fast single-server private information retrieval. In: Calandrino, J.A., Troncoso, C., eds, USENIX Security 2023: 32nd USENIX Security Symposium, pp. 3889\u20133905, Anaheim, CA, USA. USENIX Association (2023)"},{"key":"9_CR17","unstructured":"Cloudflare. League of Entropy (2024). https:\/\/www.cloudflare.com\/leagueofentropy\/"},{"key":"9_CR18","unstructured":"Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383\u2013398. USENIX Association (2015)"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Mansouri, M., \u00d6nen, M., Ben Jaballah, W., Conti, M.: SoK: secure aggregation based on cryptographic schemes for federated learning. Proc. Priv. Enhancing Technol. 2023(1), 140\u2013157 (2023)","DOI":"10.56553\/popets-2023-0009"},{"issue":"1","key":"9_CR20","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/BF00206326","volume":"1","author":"D Chaum","year":"1988","unstructured":"Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65\u201375 (1988)","journal-title":"J. Cryptol."},{"key":"9_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-3-642-31680-7_12","volume-title":"Privacy Enhancing Technologies","author":"M Jawurek","year":"2012","unstructured":"Jawurek, M., Kerschbaum, F.: Fault-tolerant privacy-preserving statistics. In: Fischer-H\u00fcbner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 221\u2013238. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31680-7_12"},{"key":"9_CR22","unstructured":"Liu, Z., Chen, S., Ye, J., Fan, J., Li, H., Li, X.: SASH: efficient secure aggregation based on SHPRG for federated learning. In: UAI, volume 180 of Proceedings of Machine Learning Research, pp. 1243\u20131252. PMLR (2022)"},{"key":"9_CR23","unstructured":"Karthikeyan, H., Polychroniadou, A.: $$\\sf {OPA}$$: one-shot private aggregation with single client interaction and its applications to federated learning. Cryptology ePrint Archive, Paper 2024\/723 (2024). https:\/\/eprint.iacr.org\/2024\/723"},{"key":"9_CR24","unstructured":"Google. Federated analytics: collaborative data science without data collection. Google AI Blog. https:\/\/research.google\/blog\/federated-analytics-collaborative-data-science-without-data-collection\/ (2020)"},{"key":"9_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/3-540-48910-X_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201999","author":"P Paillier","year":"1999","unstructured":"Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223\u2013238. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_16"},{"key":"9_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-3-030-78086-9_27","volume-title":"Cyber Security Cryptography and Machine Learning","author":"L Reyzin","year":"2021","unstructured":"Reyzin, L., Smith, A., Yakoubov, S.: Turning HATE into LOVE: compact homomorphic ad hoc threshold encryption for scalable MPC. In: Dolev, S., Margalit, O., Pinkas, B., Schwarzmann, A. (eds.) CSCML 2021. LNCS, vol. 12716, pp. 361\u2013378. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78086-9_27"},{"key":"9_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-642-11799-2_13","volume-title":"Theory of Cryptography","author":"R Bendlin","year":"2010","unstructured":"Bendlin, R., Damg\u00e5rd, I.: Threshold decryption and zero-knowledge proofs for lattice-based cryptosystems. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 201\u2013218. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11799-2_13"},{"key":"9_CR28","doi-asserted-by":"publisher","unstructured":"Boudgoust, K., Scholl, P.: Simple threshold (fully homomorphic) encryption from LWE with polynomial modulus. In: Guo, J., Steinfeld, R. (eds) ASIACRYPT (1), volume 14438 of Lecture Notes in Computer Science, pp. 371\u2013404. Springer, Singapore (2023). https:\/\/doi.org\/10.1007\/978-981-99-8721-4_12","DOI":"10.1007\/978-981-99-8721-4_12"},{"key":"9_CR29","unstructured":"Micciancio, D., Suhl, A.: Simulation-secure threshold PKE from LWE with polynomial modulus. IACR Cryptol. ePrint Arch., p. 1728 (2023). https:\/\/eprint.iacr.org\/2023\/1728"},{"key":"9_CR30","doi-asserted-by":"publisher","unstructured":"Gentry, C., Halevi, S., Lyubashevsky, V.:. Practical non-interactive publicly verifiable secret sharing with thousands of parties. In: Dunkelman, O., Dziembowski, S. (eds) EUROCRYPT (1), volume 13275 of Lecture Notes in Computer Science, pp. 458\u2013487. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-06944-4_16","DOI":"10.1007\/978-3-031-06944-4_16"},{"key":"9_CR31","unstructured":"de\u00a0Valence, H., Yun, C., Andreev, O.: Bulletproofs (2018). https:\/\/github.com\/zkcrypto\/bulletproofs"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Roth, E., Noble, D., Hemenway Falk, B., Haeberlen, A.: Honeycrisp: large-scale differentially private aggregation without a trusted core. In: SOSP, pp. 196\u2013210. ACM (2019)","DOI":"10.1145\/3341301.3359660"},{"key":"9_CR33","unstructured":"Google Cloud. Binary authorization for Borg (2024). https:\/\/cloud.google.com\/docs\/security\/binary-authorization-for-borg"},{"key":"9_CR34","unstructured":"SHELL authors. Simple homomorphic encryption library with lattices (SHELL) (2021). https:\/\/github.com\/google\/shell-encryption"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE Symposium on Security and Privacy, pp. 315\u2013334. IEEE Computer Society (2018)","DOI":"10.1109\/SP.2018.00020"},{"issue":"3","key":"9_CR36","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169\u2013203 (2015)","journal-title":"J. Math. Cryptol."},{"key":"9_CR37","unstructured":"Albrecht, M., et al.: Homomorphic encryption security standard. HomomorphicEncryption.org, Toronto, Canada, Technical report (2018)"},{"key":"9_CR38","doi-asserted-by":"publisher","unstructured":"Li, B., Micciancio, D., Schultz, M., Sorrell, J.: Securing approximate homomorphic encryption using differential privacy. In: Dodis, Y., Shrimpton, T., eds, Advances in Cryptology \u2013 CRYPTO\u00a02022, Part\u00a0I, volume 13507 of Lecture Notes in Computer Science, pp. 560\u2013589, Santa Barbara, CA, USA. Springer, Cham, Switzerland (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_20","DOI":"10.1007\/978-3-031-15802-5_20"},{"key":"9_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"455","DOI":"10.1007\/978-3-319-63715-0_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"D Micciancio","year":"2017","unstructured":"Micciancio, D., Walter, M.: Gaussian sampling over the integers: efficient, generic, constant-time. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 455\u2013485. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_16"},{"key":"9_CR40","unstructured":"Google Cloud. Spot VMs pricing (2024). https:\/\/cloud.google.com\/spot-vms\/pricing"},{"key":"9_CR41","doi-asserted-by":"publisher","unstructured":"Lindell, Y.: How to simulate it - a tutorial on the simulation proof technique. In: Lindell, Y. (eds) Tutorials on the Foundations of Cryptography, pp. 277\u2013346. Springer International Publishing, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-57048-8_6","DOI":"10.1007\/978-3-319-57048-8_6"},{"key":"9_CR42","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS, pp. 62\u201373. ACM (1993)","DOI":"10.1145\/168588.168596"},{"key":"9_CR43","doi-asserted-by":"publisher","unstructured":"Espitau, T., Niot, G., Prest, T.: Flood and submerse: distributed key generation and robust threshold signature from lattices. In: Reyzin, L., Stebila, D. (eds) CRYPTO (7), volume 14926 of Lecture Notes in Computer Science, pp. 425\u2013458. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68394-7_14","DOI":"10.1007\/978-3-031-68394-7_14"},{"key":"9_CR44","unstructured":"Nguyen, N.K.: Lattice-Based Zero-Knowledge Proofs Under a Few Dozen Kilobytes. PhD thesis, ETH Zurich, Z\u00fcrich, Switzerland (2022). https:\/\/hdl.handle.net\/20.500.11850\/574844"},{"key":"9_CR45","doi-asserted-by":"publisher","unstructured":"Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science, pp. 427\u2013437, Los Angeles, CA, USA. IEEE Computer Society Press (1987). https:\/\/doi.org\/10.1109\/SFCS.1987.4","DOI":"10.1109\/SFCS.1987.4"},{"key":"9_CR46","doi-asserted-by":"publisher","unstructured":"Chen, Y.-H., Lindell, Y.: Feldman\u2019s verifiable secret sharing for a dishonest majority. IACR Commun. Cryptol. (CiC), 1(1), 16 (2024). https:\/\/doi.org\/10.62056\/ak2isgvtw","DOI":"10.62056\/ak2isgvtw"},{"key":"9_CR47","doi-asserted-by":"publisher","unstructured":"Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Theory of Cryptography Conference, pp. 265\u2013284. Springer, Berlin, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11681878_14","DOI":"10.1007\/11681878_14"},{"key":"9_CR48","unstructured":"Kairouz, P., Liu, Z., Steinke, T.: The distributed discrete gaussian mechanism for federated learning with secure aggregation. In: International Conference on Machine Learning, pp. 5201\u20135212. PMLR (2021)"},{"key":"9_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1007\/978-3-540-85174-5_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"A Beimel","year":"2008","unstructured":"Beimel, A., Nissim, K., Omri, E.: Distributed private data analysis: simultaneously solving how and what. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 451\u2013468. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_25"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01913-4_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T14:56:39Z","timestamp":1757429799000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01913-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019127","9783032019134"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01913-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}