Sensor Attack Detection Method for Encrypted State Observers

Junsoo Kim; Sangwon Lee; Yeongjun Jang

arxiv: 2512.08010 · v2 · pith:ILM3STNMnew · submitted 2025-12-08 · 📡 eess.SY · cs.SY

Sensor Attack Detection Method for Encrypted State Observers

Yeongjun Jang , Sangwon Lee , Junsoo Kim This is my paper

Pith reviewed 2026-05-21 17:43 UTC · model grok-4.3

classification 📡 eess.SY cs.SY

keywords sensor attack detectionencrypted state observerhomomorphic encryptionresidue signalfinite field observermulti-input multi-output systems

0 comments

The pith

A homomorphic encryption scheme lets a state observer detect sensor attacks by disclosing only the residue signal while keeping data encrypted.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes an encrypted state observer for detecting sensor attacks without needing to decrypt any data. It first builds an observer that runs over a finite field using modular arithmetic and produces a residue signal to flag attacks when attacks are sparse and sensing has redundancy. A homomorphic encryption layer is then added so the observer processes encrypted values but automatically outputs the residue for threshold checking. This extends earlier single-input single-output work to general multi-input multi-output systems. If the residue stays below the threshold, the full state is recovered directly as an encrypted message.

Core claim

We design a state observer that operates over a finite field of integers with the modular arithmetic. The observer generates a residue signal that indicates the presence of attacks under sparse attack and sensing redundancy conditions. Then, we develop a homomorphic encryption scheme that enables the observer to operate over encrypted data while automatically disclosing the residue signal. Unlike our previous work restricted to single-input single-output systems, the proposed scheme is applicable to general multi-input multi-output systems. Given that the disclosed residue signal remains below a prescribed threshold, the full state can be recovered as an encrypted message.

What carries the argument

Homomorphic encryption scheme that lets a finite-field residue-generating observer run on encrypted inputs while exposing only the attack-indicating residue

If this is right

The observer processes encrypted sensor data without exposing the underlying state or inputs.
Attack detection occurs solely by checking the disclosed residue against a fixed threshold.
The method applies directly to multi-input multi-output systems.
State recovery succeeds whenever the residue remains below the prescribed threshold.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The approach could support privacy-preserving monitoring in networked control systems where raw measurements must stay hidden.
Similar residue-disclosure techniques might be tested with other homomorphic schemes to handle larger state dimensions.
Implementation on embedded hardware could check whether modular arithmetic overhead stays practical for real-time use.

Load-bearing premise

The observer generates a residue signal that indicates the presence of attacks under sparse attack and sensing redundancy conditions.

What would settle it

A run of the encrypted observer that produces a residue signal above the threshold when no attack is present, or fails to exceed the threshold when a sparse attack occurs, would show the method does not work as claimed.

Figures

Figures reproduced from arXiv: 2512.08010 by Junsoo Kim, Sangwon Lee, Yeongjun Jang.

read the original abstract

This paper proposes an encrypted state observer that is capable of detecting sensor attacks without decryption. We first design a state observer that operates over a finite field of integers with the modular arithmetic. The observer generates a residue signal that indicates the presence of attacks under sparse attack and sensing redundancy conditions. Then, we develop a homomorphic encryption scheme that enables the observer to operate over encrypted data while automatically disclosing the residue signal. Unlike our previous work restricted to single-input single-output systems, the proposed scheme is applicable to general multi-input multi-output systems. Given that the disclosed residue signal remains below a prescribed threshold, the full state can be recovered as an encrypted message.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper extends prior SISO encrypted observers to MIMO by wrapping a finite-field residue generator in homomorphic encryption so attacks can be flagged without decrypting the state estimate.

read the letter

This paper takes the authors' earlier SISO work and moves it to general MIMO systems. They start with a state observer that runs over a finite field using modular arithmetic, producing a residue signal that flags sensor attacks when the attack is sparse and there is enough sensing redundancy. They then add a homomorphic encryption scheme that lets the observer run on encrypted data while the residue is disclosed automatically. If the residue stays below a set threshold, the full state estimate can be recovered as an encrypted message. The MIMO extension is the clear new piece and it directly removes the single-input single-output restriction from their previous scheme. That is useful for anyone who needs attack detection inside encrypted control loops for multi-variable plants. The construction stays grounded in established finite-field arithmetic and standard homomorphic properties rather than introducing new primitives. The soft spot is exactly the one the stress-test note flags. The abstract gives no derivations, no explicit check that the modular residue equations survive the encryption map without distortion, and no error analysis or simulation results. If the homomorphic operations introduce even a small deviation in the residue for MIMO cases, the threshold test loses its guarantee and the recovery step becomes irrelevant. Without seeing those steps it is impossible to judge whether the rank and redundancy conditions hold after encryption. This is written for researchers already working on encrypted control and cyber-physical security. A reader who knows the SISO literature and wants a concrete MIMO version with built-in detection would get something usable from it, though they would need the proofs and any numerical checks to decide how far to trust the claims. I would send it to peer review so the technical preservation argument can be examined in detail.

Referee Report

2 major / 1 minor

Summary. The paper proposes an encrypted state observer for sensor attack detection without decryption. It first designs a finite-field state observer using modular arithmetic that generates a residue signal indicating attacks under sparse attack and sensing redundancy conditions. A homomorphic encryption scheme is then developed to allow the observer to run over encrypted data while automatically disclosing the residue; this extends prior SISO work to general MIMO systems. If the disclosed residue stays below a prescribed threshold, the full state estimate can be recovered as an encrypted message.

Significance. If the homomorphic scheme is shown to preserve exact residue computation, the result would enable attack-resilient encrypted state estimation for MIMO cyber-physical systems without exposing sensitive state data, building directly on established finite-field observers and homomorphic encryption primitives.

major comments (2)

[Abstract / HE scheme description] Abstract and the description of the HE scheme: the central claim that the new homomorphic encryption construction 'automatically discloses the residue signal' while keeping the state estimate encrypted requires that modular-arithmetic observer equations survive the encryption map without distortion; no explicit construction, noise analysis, or proof is supplied to confirm exact preservation of the residue for MIMO systems, which is load-bearing for both the detection guarantee and the subsequent encrypted-state recovery step.
[Observer design] Observer design section: the statement that the residue 'indicates the presence of attacks under sparse attack and sensing redundancy conditions' is asserted without derivation of the rank or redundancy conditions for the MIMO case or verification that these survive encryption; the threshold test therefore rests on unverified assumptions.

minor comments (1)

[Introduction / Abstract] The transition from the authors' prior SISO result to the MIMO case is mentioned but without an explicit statement of the new technical obstacles or how the scheme addresses them.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the careful reading and constructive comments. We address each major comment below and will revise the manuscript to incorporate the requested details and proofs.

read point-by-point responses

Referee: [Abstract / HE scheme description] Abstract and the description of the HE scheme: the central claim that the new homomorphic encryption construction 'automatically discloses the residue signal' while keeping the state estimate encrypted requires that modular-arithmetic observer equations survive the encryption map without distortion; no explicit construction, noise analysis, or proof is supplied to confirm exact preservation of the residue for MIMO systems, which is load-bearing for both the detection guarantee and the subsequent encrypted-state recovery step.

Authors: We agree that an explicit construction, noise analysis, and proof of exact preservation are necessary to support the central claim. In the revised manuscript we will add a dedicated subsection presenting the full homomorphic encryption map for the MIMO finite-field observer, a noise analysis showing that modular-arithmetic operations on the residue are preserved without distortion, and a formal proof that the observer equations remain exact under encryption. These additions will directly substantiate the automatic disclosure of the residue while the state estimate stays encrypted. revision: yes
Referee: [Observer design] Observer design section: the statement that the residue 'indicates the presence of attacks under sparse attack and sensing redundancy conditions' is asserted without derivation of the rank or redundancy conditions for the MIMO case or verification that these survive encryption; the threshold test therefore rests on unverified assumptions.

Authors: We acknowledge that the MIMO extension requires explicit derivation. The revised observer-design section will include a derivation of the rank and sensing-redundancy conditions for MIMO systems under sparse sensor attacks, followed by a proof that these conditions are invariant under the homomorphic encryption scheme. This will rigorously justify the threshold test for attack detection. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained

full rationale

The paper first constructs a finite-field observer using modular arithmetic that produces a residue signal under the stated sparse-attack and sensing-redundancy conditions. It then proposes a new homomorphic encryption scheme that operates on encrypted data while disclosing the residue. The extension to MIMO systems is presented as an advance over prior SISO work, but the core construction and disclosure property are defined directly by the new scheme rather than by fitting or by reducing to a self-citation. No prediction is statistically forced by a fitted subset, no ansatz is smuggled via citation, and no uniqueness theorem is imported from the authors' own prior results. The residue threshold test follows from the observer equations and the encryption map by explicit design, not by construction from the target claim itself.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The approach rests on domain assumptions about attack models and standard cryptographic primitives; no new entities are postulated.

free parameters (1)

prescribed threshold for residue signal
Threshold value is referenced for state recovery but its selection or tuning method is not detailed in the abstract.

axioms (1)

domain assumption Sparse attack and sensing redundancy conditions hold to make residue indicate attacks
Explicitly required in the abstract for the residue signal to function as an attack indicator.

pith-pipeline@v0.9.0 · 5632 in / 1144 out tokens · 42523 ms · 2026-05-21T17:43:40.149258+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We first design a state observer that operates over a finite field of integers with the modular arithmetic. The observer generates a residue signal that indicates the presence of attacks under sparse attack and sensing redundancy conditions.
IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

we develop a Learning With Errors (LWE) based homomorphic encryption scheme that enables the designed observer to operate over encrypted data while automatically disclosing the residue signal

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

4 extracted references · 4 canonical work pages · 1 internal anchor

[1]

Albrecht, M.R., Chase, M., Chen, H., Ding, J., Gold- wasser, S., Gorbunov, S., et al. (2021). Homomorphic encryption standard. In K. Lauter, W. Dai, and K. Laine (eds.),Protecting Privacy through Homomorphic En- cryption, 31–62. Springer, Cham, Switzerland. Alexandru, A.B., Burbano, L., C ¸ eliktu˘ g, M.F., Gomez, J., Cardenas, A.A., Kantarcioglu, M., and...

work page internal anchor Pith review arXiv 2021
[2]

Schl¨ uter, N., Binfet, P., and Schulze Darup, M. (2023). A brief survey on encrypted control: From the first to the second generation and beyond.Annu. Rev. Control,

work page 2023
[3]

Art. no. 100913. Slay, J. and Miller, M. (2007). Lessons learned from the maroochy water breach. InInt. Conf. Crit. Infrastruct. Prot., 73–82. Springer. Slowik, J. (2019). Crashoverride: Reassessing the 2016 ukraine electric power event as a protection-focused attack.Dragos, Inc. Appendix A. TECHNICAL LEMMAS Lemma 11.For eachi∈ I, ∥zi(t)−ˆzi(t)∥ ≤˜zini ·1...

work page 2007
[4]

By construction, ¯Fi is nilpotent of order li, i.e., ¯F h i = 0 for allh≥l i

= ¯Fi˜zi(t) by (6a) and (7). By construction, ¯Fi is nilpotent of order li, i.e., ¯F h i = 0 for allh≥l i. And, because of the lower shift structure of ¯Fi, we obtain ∥zi(t)−ˆzi(t)∥ ≤ ∥z i,ini −ˆzi,ini∥ ·1 {t<li} ≤˜zini ·1 {t<lmax}, and this concludes the proof. Proposition 12.For anya∈Z q andb∈Z q, ∥a−b∥=∥a−bmodq∥ if∥a∥+∥a−bmodq∥< q/2. Appendix B. PROOF ...

work page 2022

[1] [1]

Albrecht, M.R., Chase, M., Chen, H., Ding, J., Gold- wasser, S., Gorbunov, S., et al. (2021). Homomorphic encryption standard. In K. Lauter, W. Dai, and K. Laine (eds.),Protecting Privacy through Homomorphic En- cryption, 31–62. Springer, Cham, Switzerland. Alexandru, A.B., Burbano, L., C ¸ eliktu˘ g, M.F., Gomez, J., Cardenas, A.A., Kantarcioglu, M., and...

work page internal anchor Pith review arXiv 2021

[2] [2]

Schl¨ uter, N., Binfet, P., and Schulze Darup, M. (2023). A brief survey on encrypted control: From the first to the second generation and beyond.Annu. Rev. Control,

work page 2023

[3] [3]

Art. no. 100913. Slay, J. and Miller, M. (2007). Lessons learned from the maroochy water breach. InInt. Conf. Crit. Infrastruct. Prot., 73–82. Springer. Slowik, J. (2019). Crashoverride: Reassessing the 2016 ukraine electric power event as a protection-focused attack.Dragos, Inc. Appendix A. TECHNICAL LEMMAS Lemma 11.For eachi∈ I, ∥zi(t)−ˆzi(t)∥ ≤˜zini ·1...

work page 2007

[4] [4]

By construction, ¯Fi is nilpotent of order li, i.e., ¯F h i = 0 for allh≥l i

= ¯Fi˜zi(t) by (6a) and (7). By construction, ¯Fi is nilpotent of order li, i.e., ¯F h i = 0 for allh≥l i. And, because of the lower shift structure of ¯Fi, we obtain ∥zi(t)−ˆzi(t)∥ ≤ ∥z i,ini −ˆzi,ini∥ ·1 {t<li} ≤˜zini ·1 {t<lmax}, and this concludes the proof. Proposition 12.For anya∈Z q andb∈Z q, ∥a−b∥=∥a−bmodq∥ if∥a∥+∥a−bmodq∥< q/2. Appendix B. PROOF ...

work page 2022