To address the threat of malicious client coalitions undermining secure aggregation in federated learning, this paper proposes a single-server, strongly robust secure aggregation scheme. Methodologically, it introduces a two-tier lightweight aggregation protocol integrated with a low-round consensus mechanism, incorporating zero-knowledge proofs, arithmetic operation verification, and input-range constraints to ensure that malicious clients can only perturb the aggregated result within a predefined valid range. The key contributions are: (i) the first secure aggregation protocol achieving strict input deviation control up to the tolerance threshold; (ii) only three communication rounds per aggregation, substantially reducing computational and communication overhead; and (iii) eliminating the conventional trade-off between security and efficiency. Experimental results demonstrate that the scheme maintains strong resilience against adversarial perturbations while enabling efficient iterative training, making it suitable for large-scale edge computing scenarios.

This paper presents a secure aggregation system Armadillo that has disruptive resistance against adversarial clients, such that any coalition of malicious clients (within the tolerated threshold) can affect the aggregation result only by misreporting their private inputs in a pre-defined legitimate range. Armadillo is designed for federated learning setting, where a single powerful server interacts with many weak clients iteratively to train models on client's private data. While a few prior works consider disruption resistance under such setting, they either incur high per-client cost (Chowdhury et al. CCS'22) or require many rounds (Bell et al. USENIX Security'23). Although disruption resistance can be achieved generically with zero-knowledge proof techniques (which we also use in this paper), we realize an efficient system with two new designs: 1) a simple two-layer secure aggregation protocol that requires only simple arithmetic computation; 2) an agreement protocol that removes the effect of malicious clients from the aggregation with low round complexity. With these techniques, Armadillo completes each secure aggregation in 3 rounds while keeping the server and clients computationally lightweight.