This work addresses the problem of secure aggregation in multi-server two-hop networks under arbitrary user collusion and heterogeneous security constraints. It establishes, for the first time, a general information-theoretic framework that captures the interplay between users’ differentiated privacy requirements and network topology. By constructing tight converse bounds and designing matching coding schemes, the study achieves exact characterization of the fundamental limits—matching upper and lower bounds on communication rate and key consumption—over most parameter regimes, while guaranteeing a bounded performance gap in the remaining cases. The proposed mechanism attains information-theoretically optimal or near-optimal performance across a broad range of settings, significantly generalizing existing results limited to homogeneous security assumptions.

We study the fundamental limits of multi-server secure aggregation over a two-hop network where multiple servers, each connected to a disjoint subset of users, jointly compute the sum of all users' inputs. The goal is to ensure that no server can infer any information about prescribed subsets of inputs beyond the desired aggregate, even when colluding with an arbitrary subset of users. Existing works largely focus on homogeneous security requirements, where all inputs are protected against colluding sets up to a given size. Such formulations are insufficient to capture more general scenarios in which different subsets of inputs may require protection against different collusion patterns. In this paper, we consider a general model with heterogeneous security requirements and arbitrary user collusion. We characterize the communication rates for all parameter regimes, and determine the minimum key rate required for secure aggregation in most regimes. In particular, we establish tight information-theoretic lower bounds and matching achievable schemes in a broad class of regimes. For the remaining regime, we derive a general lower bound together with an achievable scheme that attains it within a bounded gap. Our results reveal how the interplay between network topology and heterogeneous security constraints fundamentally determines the communication and key generation requirements, and generalize existing results on secure aggregation.