This paper investigates the information-theoretic limits of distributed secure aggregation (DSA) under group-wise key constraints and T-collusion resistance: K users collaboratively compute the sum of their inputs over a noiseless broadcast channel, while ensuring that any colluding subset of up to T users learns no information beyond the aggregate sum. Method: Leveraging symmetric group-key structures and additive masking, the authors derive fundamental lower bounds on communication overhead and key complexity. Contribution/Results: The work characterizes the optimal rate region for DSA under these constraints. It proves that feasible schemes exist only when the group size satisfies 2 ≤ G < K − T; schemes are impossible for G = 1 or G ≥ K − T. Within the feasible regime, the optimal per-user broadcast rate is exactly 1 symbol per aggregated symbol, and each group key must contain at least (K − T − 2)/inom{K − T − 1}{G} independent key symbols. These tight bounds reveal an intrinsic trade-off among security, communication efficiency, and robustness against collusion.

This paper investigates the information-theoretic decentralized secure aggregation (DSA) problem under practical groupwise secret keys and collusion resilience. In DSA, $K$ users are interconnected through error-free broadcast channels. Each user holds a private input and aims to compute the sum of all other users' inputs, while satisfying the security constraint that no user, even when colluding with up to $T$ other users, can infer any information about the inputs beyond the recovered sum. To ensure security, users are equipped with secret keys to mask their inputs. Motivated by recent advances in efficient group-based key generation protocols, we consider the symmetric groupwise key setting, where every subset of $G$ users shares a group key that is independent of all other group keys. The problem is challenging because the recovery and security constraints must hold simultaneously for all users, and the structural constraints on the secret keys limit the flexibility of key correlations. We characterize the optimal rate region consisting of all achievable pairs of per-user broadcast communication rate and groupwise key rate. In particular, we show that DSA with groupwise keys is infeasible when $G=1$ or $Gge K-T$. Otherwise, when $2le G<K-T$, to securely compute one symbol of the desired sum, each user must broadcast at least one symbol, and each group key must contain at least $(K-T-2)/inom{K-T-1}{G}$ independent symbols. Our results establish the fundamental limits of DSA with groupwise keys and provide design insights for communication- and key-efficient secure aggregation in decentralized learning systems.