source: google research: private analytics via zero-trust aggregation

level: technical

google research has developed a new private analytics system that combines a novel cryptographic protocol with trusted execution environments. the cryptographic layer uses a lattice-based scheme allowing devices to submit encrypted data in a single message, removing the need for multi-round interactions. this one-shot approach makes secure aggregation more practical for large-scale deployments. the tee component provides hardware-backed attestation, giving verifiable proof that the correct code is running. together, these layers ensure that individual user data is never exposed in server memory, even if the tee is compromised.

the system addresses challenges in understanding on-device ai model performance without compromising privacy. for example, developers need to know if a translation model is drifting or if a safety classifier has hidden biases. the solution enables federated analytics where only aggregated, anonymized insights are revealed. the cryptographic protocol forms small client committees that hold decryption hints, ensuring the aggregated value can only be unlocked with differential privacy noise added. this design follows a zero-trust principle, reducing reliance on any single entity for data confidentiality.

the technology is being used with android safetycore to improve safety classifiers while keeping user content private. by analyzing aggregate trends, engineers can measure true positive rates and refine detection models without seeing sensitive data. the system leverages tee attestation to assure participants that the aggregation protocol runs as intended. google plans to explore expanding the set of supported computations in this model. the work builds on previous secure aggregation deployments and aims to set a higher bar for privacy-preserving analytics at scale.

why it matters: this approach strengthens privacy for federated analytics by combining cryptographic guarantees with hardware transparency, making it harder for any single failure to expose user data.

source: google research: private analytics via zero-trust aggregation