Pure cryptographic approaches—such as fully homomorphic encryption (FHE)—for secure aggregation in mutually distrustful multi-party settings suffer from prohibitive computational overhead, hindering practical deployment. Method: This paper proposes a hybrid secure aggregation architecture integrating cryptography and trusted execution environments (TEEs), systematically designing and analyzing a layered, end-to-end trustworthy computing pipeline that synergistically combines secure multi-party computation (MPC), secret sharing, zero-knowledge proofs, and Intel SGX/ARM TrustZone. The scheme is rigorously formulated under the malicious adversary model. Contribution/Results: It achieves provably balanced security-performance trade-offs: over 100× faster than state-of-the-art FHE-based aggregation, while supporting real-time federated aggregation over million-scale datasets. Extensive experiments validate its practicality, robustness, and feasibility for real-world deployment.

Secure aggregation enables a group of mutually distrustful parties, each holding private inputs, to collaboratively compute an aggregate value while preserving the privacy of their individual inputs. However, a major challenge in adopting secure aggregation approaches for practical applications is the significant computational overhead of the underlying cryptographic protocols, e.g. fully homomorphic encryption. This overhead makes secure aggregation protocols impractical, especially for large datasets. In contrast, hardware-based security techniques such as trusted execution environments (TEEs) enable computation at near-native speeds, making them a promising alternative for reducing the computational burden typically associated with purely cryptographic techniques. Yet, in many scenarios, parties may opt for either cryptographic or hardware-based security mechanisms, highlighting the need for hybrid approaches. In this work, we introduce several secure aggregation architectures that integrate both cryptographic and TEE-based techniques, analyzing the trade-offs between security and performance.