A Privacy-Preserving Approach to Conformance Checking

Abel Armas-Cervantes; Astrid Rivera-Partida; Luciano Garc\'ia-Ba\~nuelos; Luis Rodr\'iguez-Flores

arxiv: 2605.00283 · v1 · submitted 2026-04-30 · 💻 cs.CR · cs.SE

A Privacy-Preserving Approach to Conformance Checking

Luis Rodr\'iguez-Flores , Luciano Garc\'ia-Ba\~nuelos , Abel Armas-Cervantes , Astrid Rivera-Partida This is my paper

Pith reviewed 2026-05-09 19:32 UTC · model grok-4.3

classification 💻 cs.CR cs.SE

keywords conformance checkinghomomorphic encryptionprocess miningprivacy-preserving computationalignmentsevent logsstring processingsecure multiparty computation

0 comments

The pith

Conformance checking between a process model and event log can be performed securely using homomorphic encryption so neither owner sees the other's data.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows how to compute alignments for conformance checking while keeping the model and log private through homomorphic encryption applied to string operations. This addresses situations where business analysts cannot access both artifacts directly due to sensitivity. The method converts standard alignment calculations into encrypted string processing tasks that two parties can run jointly. Evaluation on synthetic and real-world logs confirms that the secure version produces correct results. The main trade-off is substantially higher memory and computation time compared to the unencrypted case.

Core claim

We reduce alignment-based conformance checking to string processing algorithms that existing homomorphic encryption schemes can evaluate. The process model and event log are encrypted so that the model owner and log owner can jointly compute the optimal alignments and the resulting fitness and precision metrics without revealing the plaintext contents. Tests with synthetic logs and a real-world event log demonstrate that the encrypted computation yields the same conformance outcomes as the standard method.

What carries the argument

Reduction of alignment computation to homomorphic-encryption-compatible string processing operations that allow joint evaluation of model-log fitness without plaintext disclosure.

If this is right

Conformance checking becomes possible in settings where the model and log must remain confidential to their respective owners.
The same string-processing reduction can support other alignment-derived measures such as fitness and precision under encryption.
The approach works on both artificial and real event logs, establishing basic feasibility.
Computational cost grows with log and model size, limiting immediate use to modest-sized inputs.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Organizations could perform cross-company process audits without exchanging proprietary models or logs.
Advances in homomorphic encryption efficiency would directly expand the scale of logs this method can handle.
The same encryption layer might apply to related process mining tasks that also rely on alignments.

Load-bearing premise

The alignment problem can be translated entirely into string operations that homomorphic encryption handles accurately without losing the ability to derive usable conformance metrics.

What would settle it

Running the encrypted method and the standard unencrypted alignment algorithm on identical inputs and observing whether the resulting alignments and conformance scores match exactly.

Figures

Figures reproduced from arXiv: 2605.00283 by Abel Armas-Cervantes, Astrid Rivera-Partida, Luciano Garc\'ia-Ba\~nuelos, Luis Rodr\'iguez-Flores.

**Figure 1.** Figure 1: shows a Petri net N, where transitions carry a label – name of the activity it represents – but transitions can be also silent (labelled as τ ). The black dot in p1 is a token, which represents resources necessary to execute an activity (fire a transition). A distribution of tokens in a Petri net is a marking. A transition t is enabled and can fire if every place in its preset contains a token. Firing t le… view at source ↗

**Figure 2.** Figure 2: Causally complete prefix unfolding of N ( [PITH_FULL_IMAGE:figures/full_fig_p002_2.png] view at source ↗

**Figure 3.** Figure 3: Computation of the BWT for abd;abcbcd;$ (a) Matrix of circular shifts (b) Sorted matrix in the alphabet, is used to mark the end of a text, and never appears in the text. The procedure to compute the BWT for a text T= abd;abcbd;$ is illustrated in [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗

**Figure 4.** Figure 4: Wavelet matrix The WM captures the passes of the radix sort, more specifically a bitwise radix sort. Hence, we need some additional notation. Let us consider an alphabet Σ, from which we take the characters that compose the indexed strings. For convenience, each character is encoded using a value in J0, |Σ|K and, hence, the WM has log2 |Σ| rows. For our running example, we consider the encoding {($, 0),… view at source ↗

**Figure 5.** Figure 5: Steps and datafow in our approach relabeling may happen at several points, we assume it happens on the input process model and when selecting the trace to be checked for conformance. 2) Unfold: Process models are assumed to be Petri nets. The causally complete prefix unfolding [3], as described in Section II, is computed on the input Petri net from which only the complete executions (those reaching a final… view at source ↗

**Figure 6.** Figure 6: Vector-oriented data flow • At the beginning of each iteration, the indexes are stored in auxiliary variables. Whenever a mismatch is found, the stored indexes are restored. This is the approach to implement the log moves. • Client and server share the client’s public key to enable homomorphic encryption. Although the client can decrypt intermediate results (using priv. key), they are obfuscated. Let us no… view at source ↗

**Figure 7.** Figure 7: Execution times for dataset F ACKNOWLEDGEMENTS This work has received funding from the Swiss National Science Foundation under Grant No. IZSTZ0 208497 (ProAmbitIon project). REFERENCES [1] van der Aalst, W., Adriansyah, A., van Dongen, B.: Replaying history on process models for conformance checking and performance analysis. WIREs Data Mining Knowl. Discov. 2(2), 182–192 (2012) [2] van der Aalst, W., Carm… view at source ↗

read the original abstract

Conformance checking, one of the main process mining operations, aims to identify discrepancies between a process model and an event log. The model represents the expected behaviour, whereas the event log represents the actual process behaviour as captured in information systems records. Traditionally, the process model and the event log are both accessible to the business analyst performing the conformance checking. However, in some contexts, it is necessary to keep either the model or the log private to protect critical or sensitive information. In this paper, we propose a secure approach to conformance checking based on string processing algorithms and homomorphic encryption, where the process model and event log ar not visible to either the model's or event log's owner. The proposed technique is based on alignments, a well-known formalism used for conformance checking. An evaluation is performed using a synthetic and a real-world event log, showing that conformance checking can be securely computed at the expense of high memory and processing requirements.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper sketches a HE-based private conformance checking method using string alignments but the reduction risks losing model semantics like concurrency.

read the letter

This paper tries to let two parties compute conformance checking alignments without either seeing the other's process model or event log. They do it by encoding things as strings and running the computation under homomorphic encryption. That combination looks like the actual new piece, since prior work on private process mining has not gone this route with alignments specifically. They back it with tests on one synthetic log and one real-world log, which at least shows the thing runs and produces some output despite the expected high cost in memory and time. Credit for attempting a concrete implementation instead of stopping at a high-level idea. The main soft spot is the string reduction itself. Standard alignments search over the model's state space or automaton to respect token semantics, parallel branches, choices, and silent transitions. Flattening the model into a string and applying edit-distance-style operations under encryption can easily drop those constraints, so the resulting fitness or precision numbers may not match what a normal conformance checker would report. The abstract gives no security proofs, no algorithm details on how they preserve equivalence, and no quantitative error or performance figures. If the full paper shows they handled the model structure without approximation, that would change the picture, but nothing in the description indicates it. This is for people working at the intersection of process mining and privacy tech who need a starting point for private conformance. A reader already familiar with alignments and HE could extract the core construction and test it themselves. It is worth sending to peer review so referees can examine the encoding and check whether the results stay comparable to the non-private baseline.

Referee Report

2 major / 2 minor

Summary. The paper claims to introduce a privacy-preserving conformance checking method for process mining. It leverages homomorphic encryption and string processing algorithms to compute alignments between a process model and an event log without either party revealing their data to the other. An evaluation on synthetic and real-world event logs is presented to demonstrate that the approach functions despite significant computational overhead.

Significance. If the string-based reduction accurately captures the semantics of standard alignments (including handling of concurrency and branching), this could be significant for enabling conformance checking in privacy-sensitive settings like inter-organizational processes. The approach builds on established primitives, which is a positive, but the high overhead noted suggests limited practicality without further optimization.

major comments (2)

[Abstract] The central claim relies on reducing alignment-based conformance checking to string processing operations compatible with homomorphic encryption. However, standard alignments operate on the state space of the process model (e.g., Petri net markings), not raw strings; the abstract provides no evidence that the encoding preserves model semantics such as parallel branches or silent transitions, which is load-bearing for the utility of the conformance metrics.
[Evaluation] The evaluation mentions support for functionality on synthetic and real-world logs but lacks any quantitative comparison of conformance results (e.g., fitness or precision values) between the proposed method and the non-private baseline, error metrics, or performance benchmarks beyond qualitative 'high requirements'. This undermines assessment of whether the results are usable.

minor comments (2)

[Abstract] There is a typo: 'ar not visible' should read 'are not visible'.
The manuscript would benefit from including security proofs or formal arguments for the privacy guarantees, as well as more detailed algorithm descriptions.

Simulated Author's Rebuttal

2 responses · 0 unresolved

Thank you for the opportunity to revise our manuscript based on the referee's insightful comments. We have carefully considered each point and provide detailed responses below, along with planned revisions to strengthen the paper.

read point-by-point responses

Referee: [Abstract] The central claim relies on reducing alignment-based conformance checking to string processing operations compatible with homomorphic encryption. However, standard alignments operate on the state space of the process model (e.g., Petri net markings), not raw strings; the abstract provides no evidence that the encoding preserves model semantics such as parallel branches or silent transitions, which is load-bearing for the utility of the conformance metrics.

Authors: We thank the referee for this observation. The manuscript details a reduction of alignment computation to string operations that are designed to preserve the necessary semantics of the process model, including handling of concurrency and silent transitions through appropriate encoding of the model's behavior into strings. However, we agree that the abstract does not sufficiently highlight this, and the main text could benefit from more explicit discussion or examples. We will revise the abstract to better reflect this and add a paragraph or subsection providing evidence (such as a formal mapping or illustrative example) that the encoding maintains equivalence to standard state-space based alignments for models with parallel branches and silent transitions. revision: yes
Referee: [Evaluation] The evaluation mentions support for functionality on synthetic and real-world logs but lacks any quantitative comparison of conformance results (e.g., fitness or precision values) between the proposed method and the non-private baseline, error metrics, or performance benchmarks beyond qualitative 'high requirements'. This undermines assessment of whether the results are usable.

Authors: We agree that providing quantitative validation is essential to demonstrate the correctness and usability of the results. The current evaluation focuses on showing that the private computation is feasible and produces valid outputs, but we did not include direct comparisons. In the revised manuscript, we will add a new subsection in the evaluation with tables reporting fitness and precision values for both the private method and the standard alignment-based conformance checking on the same datasets. We will also include error metrics (e.g., difference in alignment costs) and more detailed performance benchmarks such as exact runtime and memory consumption figures for different log sizes. This will allow readers to assess the trade-off between privacy and computational cost. revision: yes

Circularity Check

0 steps flagged

No circularity: construction from standard alignments and HE primitives

full rationale

The paper presents a new protocol that encodes alignments as string operations evaluable under homomorphic encryption. All load-bearing steps cite well-known external formalisms (alignments) and standard cryptographic primitives rather than reducing to self-defined quantities, fitted parameters, or author-overlapping citations. Evaluation on synthetic and real logs is independent of the construction itself. No equation or claim is equivalent to its inputs by definition.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The approach depends on the standard properties of homomorphic encryption allowing operations on ciphertexts and the reducibility of alignment computations to string algorithms; no free parameters or new entities are introduced in the abstract.

axioms (2)

domain assumption Homomorphic encryption permits meaningful computation on encrypted data without decryption.
Invoked as the foundation for keeping model and log private during conformance checking.
domain assumption Conformance checking alignments can be computed using string processing algorithms.
The technique is explicitly based on this reduction.

pith-pipeline@v0.9.0 · 5473 in / 1207 out tokens · 31502 ms · 2026-05-09T19:32:52.899743+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

14 extracted references · 14 canonical work pages

[1]

WIREs Data Mining Knowl

van der Aalst, W., Adriansyah, A., van Dongen, B.: Replaying history on process models for conformance checking and performance analysis. WIREs Data Mining Knowl. Discov.2(2), 182–192 (2012)

work page 2012
[2]

van der Aalst, W., Carmona, J.: Process Mining Handbook, LNBIP, vol. 448. Springer (2022)

work page 2022
[3]

Armas-Cervantes, A., Baldan, P., Dumas, M., Garcia-Bañuelos, L.: Diagnosing behavioral differences between business process models: An approach based on event structures. Inf. Syst. pp. 304–325 (2016)

work page 2016
[4]

In: SRC-RR-124

Burrows, M., Wheeler, D.J.: A block-sorting lossless data compression algorithm. In: SRC-RR-124. HP Labs Technical Reports (1994)

work page 1994
[5]

Springer (2018)

Carmona, J., van Dongen, B.F., Solti, A., Weidlich, M.: Conformance Checking - Relating Processes and Models. Springer (2018)

work page 2018
[6]

ACM Trans

Elkoumy, G., Fahrenkrog-Petersen, S.A., Sani, M.F., Koschmider, A., Mannhardt, F., V on V oigt, S.N.n., Rafiei, M., Waldthausen, L.V .: Privacy and confidentiality in process mining: Threats and research challenges. ACM Trans. Manage. Inf. Syst.13(1) (oct 2021)

work page 2021
[7]

Formal Methods Syst

Esparza, J., Römer, S., V ogler, W.: An Improvement of McMillan’s Unfolding Algorithm. Formal Methods Syst. Des.30(2), 285–310 (2002)

work page 2002
[8]

In: FOCS 2000

Ferragina, P., Manzini, G.: Opportunistic data structures with applica- tions. In: FOCS 2000. pp. 390–398. IEEE Computer Society (2000)

work page 2000
[9]

In: Rosa, M.L., Loos, P., Pastor, O

Lu, X., Fahland, D., van den Biggelaar, F.J.H.M., van der Aalst, W.M.P.: Handling duplicated tasks in process discovery by refining event labels. In: Rosa, M.L., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850, pp. 90–107. Springer (2016)

work page 2016
[10]

Springer (1993)

McMillan, K.L., McMillan, K.L.: Symbolic model checking. Springer (1993)

work page 1993
[11]

Montanari, U., Rossi, F.: Contextual occurrence nets and concurrent con- straint programming. pp. 280–295. Springer Berlin Heidelberg (1994)

work page 1994
[12]

Proceedings of the IEEE77(4), 541–580 (apr 1989) 8

Murata, T.: Petri nets: Properties, analysis and applications. Proceedings of the IEEE77(4), 541–580 (apr 1989) 8

work page 1989
[13]

IEEE Trans

Nong, G., Zhang, S., Chan, W.H.: Two efficient algorithms for linear time suffix array construction. IEEE Trans. Computers60(10), 1471– 1484 (2011)

work page 2011
[14]

IEEE ACM Trans

Sudo, H., Jimbo, M., Nuida, K., Shimizu, K.: Secure wavelet matrix: Alphabet-friendly privacy-preserving string search for bioinformatics. IEEE ACM Trans. Comput. Biol. Bioinform.16(5), 1675–1684 (2019) 9

work page 2019

[1] [1]

WIREs Data Mining Knowl

van der Aalst, W., Adriansyah, A., van Dongen, B.: Replaying history on process models for conformance checking and performance analysis. WIREs Data Mining Knowl. Discov.2(2), 182–192 (2012)

work page 2012

[2] [2]

van der Aalst, W., Carmona, J.: Process Mining Handbook, LNBIP, vol. 448. Springer (2022)

work page 2022

[3] [3]

Armas-Cervantes, A., Baldan, P., Dumas, M., Garcia-Bañuelos, L.: Diagnosing behavioral differences between business process models: An approach based on event structures. Inf. Syst. pp. 304–325 (2016)

work page 2016

[4] [4]

In: SRC-RR-124

Burrows, M., Wheeler, D.J.: A block-sorting lossless data compression algorithm. In: SRC-RR-124. HP Labs Technical Reports (1994)

work page 1994

[5] [5]

Springer (2018)

Carmona, J., van Dongen, B.F., Solti, A., Weidlich, M.: Conformance Checking - Relating Processes and Models. Springer (2018)

work page 2018

[6] [6]

ACM Trans

Elkoumy, G., Fahrenkrog-Petersen, S.A., Sani, M.F., Koschmider, A., Mannhardt, F., V on V oigt, S.N.n., Rafiei, M., Waldthausen, L.V .: Privacy and confidentiality in process mining: Threats and research challenges. ACM Trans. Manage. Inf. Syst.13(1) (oct 2021)

work page 2021

[7] [7]

Formal Methods Syst

Esparza, J., Römer, S., V ogler, W.: An Improvement of McMillan’s Unfolding Algorithm. Formal Methods Syst. Des.30(2), 285–310 (2002)

work page 2002

[8] [8]

In: FOCS 2000

Ferragina, P., Manzini, G.: Opportunistic data structures with applica- tions. In: FOCS 2000. pp. 390–398. IEEE Computer Society (2000)

work page 2000

[9] [9]

In: Rosa, M.L., Loos, P., Pastor, O

Lu, X., Fahland, D., van den Biggelaar, F.J.H.M., van der Aalst, W.M.P.: Handling duplicated tasks in process discovery by refining event labels. In: Rosa, M.L., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850, pp. 90–107. Springer (2016)

work page 2016

[10] [10]

Springer (1993)

McMillan, K.L., McMillan, K.L.: Symbolic model checking. Springer (1993)

work page 1993

[11] [11]

Montanari, U., Rossi, F.: Contextual occurrence nets and concurrent con- straint programming. pp. 280–295. Springer Berlin Heidelberg (1994)

work page 1994

[12] [12]

Proceedings of the IEEE77(4), 541–580 (apr 1989) 8

Murata, T.: Petri nets: Properties, analysis and applications. Proceedings of the IEEE77(4), 541–580 (apr 1989) 8

work page 1989

[13] [13]

IEEE Trans

Nong, G., Zhang, S., Chan, W.H.: Two efficient algorithms for linear time suffix array construction. IEEE Trans. Computers60(10), 1471– 1484 (2011)

work page 2011

[14] [14]

IEEE ACM Trans

Sudo, H., Jimbo, M., Nuida, K., Shimizu, K.: Secure wavelet matrix: Alphabet-friendly privacy-preserving string search for bioinformatics. IEEE ACM Trans. Comput. Biol. Bioinform.16(5), 1675–1684 (2019) 9

work page 2019