This work addresses the challenge of achieving privacy-preserving exact summation of Boolean bitstreams in multi-party settings while defending against inference attacks by both servers and aggregators. The authors propose PolyVeil, a secure aggregation protocol that encodes private bits as permutation matrices within the Birkhoff polytope, leveraging a two-tier architecture. Notably, PolyVeil operates without public-key infrastructure and uniquely integrates the geometric structure of the Birkhoff polytope with differential privacy. It outputs exact sums while guaranteeing perfect simulation-based security against the server and rendering likelihood inference for the aggregator #P-hard. The full variant achieves zero statistical distance security, whereas a compressed variant offers non-trivial ε-differential privacy under moderate signal-to-noise ratios, all with only O(k) communication complexity.

We introduce PolyVeil, a protocol for private Boolean summation across $k$ clients that encodes private bits as permutation matrices in the Birkhoff polytope. A two-layer architecture gives the server perfect simulation-based security (statistical distance zero) while a separate aggregator faces \#P-hard likelihood inference via the permanent and mixed discriminant. Two variants (full and compressed) differ in what the aggregator observes. We develop a finite-sample $(\varepsilon,δ)$-DP analysis with explicit constants. In the full variant, where the aggregator sees a doubly stochastic matrix per client, the log-Lipschitz constant grows as $n^4 K_t$ and a signal-to-noise analysis shows the DP guarantee is non-vacuous only when the private signal is undetectable. In the compressed variant, where the aggregator sees a single scalar, the univariate density ratio yields non-vacuous $\varepsilon$ at moderate SNR, with the optimal decoy count balancing CLT accuracy against noise concentration. This exposes a fundamental tension. \#P-hardness requires the full matrix view (Birkhoff structure visible), while non-vacuous DP requires the scalar view (low dimensionality). Whether both hold simultaneously in one variant remains open. The protocol needs no PKI, has $O(k)$ communication, and outputs exact aggregates.