Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Encrypted Dynamic Control exploiting Limited Number of Multiplications and a Method using RLWE-based Cryptosystem

Joowon Lee, Donggil Lee, Junsoo Kim, Hyungbo Shim

TL;DR

This work addresses privacy-preserving dynamic control by reformulating a linear controller into a finite-memory, non-recursive structure that can be evaluated entirely on encrypted data. It provides a universal encrypted-controller design compatible with most HE schemes and introduces a RLWE-specific packing method that significantly reduces computation and communication by encrypting multiple messages in a single ciphertext. The authors provide rigorous parameter-design guidance to bound the control error introduced by quantization and demonstrate feasibility via simulations on a representative aircraft model with practical timing. By comparing to prior RLWE and LWE-based approaches, the paper shows substantial efficiency gains, making encrypted control more viable for real-time networked systems. The combination of non-recursive operation and RLWE packing offers a practical pathway to secure, private control in cyber-physical systems using standard cryptographic libraries.

Abstract

In this paper, we present a method to encrypt dynamic controllers that can be implemented through most homomorphic encryption schemes, including somewhat, leveled fully, and fully homomorphic encryption. To this end, we represent the output of the given controller as a linear combination of a fixed number of previous inputs and outputs. As a result, the encrypted controller involves only a limited number of homomorphic multiplications on every encrypted data, assuming that the output is re-encrypted and transmitted back from the actuator. A guidance for parameter choice is also provided, ensuring that the encrypted controller achieves predefined performance for an infinite time horizon. Furthermore, we propose a customization of the method for Ring Learning With Errors (RLWE)-based cryptosystems, where a vector of messages can be encrypted into a single ciphertext and operated simultaneously, thus reducing computation and communication loads. Unlike previous results, the proposed customization does not require extra algorithms such as rotation, other than basic addition and multiplication. Simulation results demonstrate the effectiveness of the proposed method.

Encrypted Dynamic Control exploiting Limited Number of Multiplications and a Method using RLWE-based Cryptosystem

TL;DR

This work addresses privacy-preserving dynamic control by reformulating a linear controller into a finite-memory, non-recursive structure that can be evaluated entirely on encrypted data. It provides a universal encrypted-controller design compatible with most HE schemes and introduces a RLWE-specific packing method that significantly reduces computation and communication by encrypting multiple messages in a single ciphertext. The authors provide rigorous parameter-design guidance to bound the control error introduced by quantization and demonstrate feasibility via simulations on a representative aircraft model with practical timing. By comparing to prior RLWE and LWE-based approaches, the paper shows substantial efficiency gains, making encrypted control more viable for real-time networked systems. The combination of non-recursive operation and RLWE packing offers a practical pathway to secure, private control in cyber-physical systems using standard cryptographic libraries.

Abstract

In this paper, we present a method to encrypt dynamic controllers that can be implemented through most homomorphic encryption schemes, including somewhat, leveled fully, and fully homomorphic encryption. To this end, we represent the output of the given controller as a linear combination of a fixed number of previous inputs and outputs. As a result, the encrypted controller involves only a limited number of homomorphic multiplications on every encrypted data, assuming that the output is re-encrypted and transmitted back from the actuator. A guidance for parameter choice is also provided, ensuring that the encrypted controller achieves predefined performance for an infinite time horizon. Furthermore, we propose a customization of the method for Ring Learning With Errors (RLWE)-based cryptosystems, where a vector of messages can be encrypted into a single ciphertext and operated simultaneously, thus reducing computation and communication loads. Unlike previous results, the proposed customization does not require extra algorithms such as rotation, other than basic addition and multiplication. Simulation results demonstrate the effectiveness of the proposed method.
Paper Structure (16 sections, 4 theorems, 65 equations, 5 figures, 2 tables, 1 algorithm)

This paper contains 16 sections, 4 theorems, 65 equations, 5 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Contribution and Outline
  3. Notation
  4. Preliminaries & Problem Formulation
  5. Required Homomorphic Properties
  6. RLWE-based Cryptosystem
  7. Problem Formulation
  8. Encrypted Controller Design
  9. Customized Design for RLWE-based Cryptosystems
  10. Discussions
  11. Effect of Customization in Section \ref{['sec:rlwe']}
  12. Comparison to Previous Results
  13. Simulation Results
  14. Conclusion
  15. Packing and Unpacking
  16. ...and 1 more sections

Key Result

Lemma 1

If the controller eq:ctr is controllable and observable, then there exist $M\in{\mathbb R}^{n\times\bar{n}}$ and $z_0\in{\mathbb R}^{\bar{n}}$ such that $x(k)=Mz(k)$ for all $k\in{\mathbb Z}_{\geq 0}$, with $z(0)=z_0$.∎

Figures (5)

  • Figure 1: System configuration with the encrypted controller \ref{['eq:3']}-\ref{['eq:actu']} exploiting only a limited number of homomorphic multiplications. The shaded area represents the networked part of the system.
  • Figure 2: Product $Hx$ implemented with Hadamard product, where each row of $H$ is denoted by $H_i$ for $i=1,\,2,\,\ldots,\,h$.
  • Figure 3: Implementation of (\ref{['eq:uz']}) using (\ref{['eq:mtxmult']}) when $l=3$, $h=2$, and $p=6$, where $\mathcal{H}_{i,j}$ is the $j$-th row of $\mathcal{H}_i$ for $i=1,\,2,\,\ldots,\,2n$.
  • Figure 4: Performance error $\lVert u(k)-u^\prime(k) \rVert$ of the proposed encrypted controller customized for RLWE-based cryptosystem.
  • Figure 5: State of the plant controlled by the proposed encrypted controller when $1/L=2000$ and $1/s=10^4$.

Theorems & Definitions (9)

  • Lemma 1
  • proof
  • Lemma 2
  • proof
  • Theorem 1
  • proof
  • Remark 1
  • Theorem 2
  • proof