This work investigates hierarchical secure aggregation (HSA) in federated learning over homogeneous networks, focusing on information-theoretic security against colluding relays and users. For a two-phase communication architecture (users → relay → server), we propose a communication-optimal scheme based on network function computation: users transmit masked local data; the relay encodes and forwards aggregated intermediate values; the server reconstructs the exact global sum without error. We establish fundamental lower bounds on communication loads for both the user–relay and relay–server links, derive the collusion-tolerance threshold, and prove achievability of the minimum key size under ring topology. The scheme achieves theoretical optimality simultaneously in aggregation accuracy, information-theoretic security, and communication/key overhead—thereby significantly advancing the fundamental limits of secure aggregation.

Secure aggregation (SA) is fundamental to privacy preservation in federated learning (FL), enabling model aggregation while preventing disclosure of individual user updates. This paper addresses hierarchical secure aggregation (HSA) against relay and user collusion in homogeneous networks, where each user connects to $n$ relays and each relay serves $m$ users. In the two-phase communication framework, users transmit masked data to relays, which then process and forward compiled messages to the server for exact sum recovery. The primary objective is to devise a transmission scheme such that the server can finish the aggregation task, while any group of $T_h$ colluding relays and $T_u$ colluding users cannot reveal any information about the data owned by the non-colluding users. In this study, we establish fundamental limits on the communication load, defined as the ratio of transmitted information size to original data size, for each user-relay link and each relay-server link. Achievable thresholds for collusion resilience are also derived. When the number of colluding relays and users falls below certain critical thresholds, we construct communication-optimal schemes using methods from network function computation. A limitation of these schemes is their reliance on large random keys. To address this, we derive a lower bound on the required key size and prove its achievability in cyclic networks, where users are connected to relays in a cyclic wrap-around manner. By establishing a connection between HSA and network function computation, this work advances the theoretical limits of communication efficiency and information-theoretic security in secure aggregation.