We study the problem of securely computing a function of private data held by $L$ users over a noiseless public broadcast channel, without assuming secure point-to-point links. To jointly characterize communication efficiency and privacy leakage, we establish the first information–leakage rate capacity region framework. Our approach innovatively distinguishes between leakage to the fusion center and to colluding user subsets, and rigorously separates the cases of independent versus correlated user data. For independent data, we fully characterize the exact capacity region. For correlated data, we derive tight inner and outer bounds on the capacity region. Moreover, we obtain the first fundamental lower bound on unavoidable information leakage inherent to the function computation task. By unifying tools from information theory, multi-user communication, and privacy–utility tradeoff analysis, our work provides foundational theoretical support for distributed private function computation.

Consider L users, who each holds private data, and one fusion center who must compute a function of the private data of the L users. To accomplish this task, each user can make a single use of a public and noiseless broadcast channel. In this setting, and in the absence of any additional resources such as secure links, we study the optimal communication rates and minimum information leakages on the private user data that are achievable. Specifically, we study the information leakage of the user data at the fusion center (beyond the knowledge of the function output), as well as at predefined groups of colluding users who eavesdrop one another. We derive the capacity region when the user data is independent, and inner and outer regions for the capacity region when the user data is correlated.