This work proposes the first asymmetric two-server private aggregation protocol, addressing the high communication and computational overhead of existing schemes on high-dimensional data, which typically rely on symmetric server roles and trusted preprocessing. By offloading intensive high-dimensional computation to a primary server while keeping the auxiliary server lightweight, our protocol achieves malicious security with identifiable abort—without requiring any trusted setup—and features communication complexity independent of the input dimension. Built upon standard lattice assumptions (LWE/SIS), we introduce a novel and efficient lattice-based zero-knowledge proof to realize this asymmetric two-party computation framework. The design enables deployment of the auxiliary server on commodity hardware, substantially reducing overall overhead while enhancing security and robustness under the non-collusion assumption.

Privacy-preserving aggregation is a cornerstone for AI systems that learn from distributed data without exposing individual records, especially in federated learning and telemetry. Existing two-server protocols (e.g., Prio and successors) set a practical baseline by validating inputs while preventing any single party from learning users' values, but they impose symmetric costs on both servers and communication that scales with the per-client input dimension $L$. Modern learning tasks routinely involve dimensionalities $L$ in the tens to hundreds of millions of model parameters. We present TAPAS, a two-server asymmetric private aggregation scheme that addresses these limitations along four dimensions: (i) no trusted setup or preprocessing, (ii) server-side communication that is independent of $L$ (iii) post-quantum security based solely on standard lattice assumptions (LWE, SIS), and (iv) stronger robustness with identifiable abort and full malicious security for the servers. A key design choice is intentional asymmetry: one server bears the $O(L)$ aggregation and verification work, while the other operates as a lightweight facilitator with computation independent of $L$. This reduces total cost, enables the secondary server to run on commodity hardware, and strengthens the non-collusion assumption of the servers. One of our main contributions is a suite of new and efficient lattice-based zero-knowledge proofs; to our knowledge, we are the first to establish privacy and correctness with identifiable abort in the two-server setting.