pith. sign in

arxiv: 2605.00961 · v1 · submitted 2026-05-01 · 💻 cs.CR

Composable Post-Quantum Security for FADEC-Coupled Dual-Spool Turbofan Cyber-Physical Systems

Faruk Alpay , Taylan Alpay This is my paper

Pith reviewed 2026-05-09 19:16 UTC · model grok-4.3

classification 💻 cs.CR
keywords post-quantum cryptographycyber-physical systemsFADECturbofan enginesstochastic hybrid modelkey renewalavionics bus schedulabilityKalman residual monitoring
0
0 comments X

The pith

Channel uncertainty shortens post-quantum key renewal periods in turbofan controls

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a unified mathematical formulation that combines post-quantum security techniques with the physical and timing dynamics of FADEC-controlled dual-spool turbofan engines. It shows that uncertainty in the communication channel requires more frequent renewal of cryptographic keys to keep security intact. The model also reveals that the increased size of encrypted messages can violate the timing constraints on the avionics bus, while physical limits on sensors and actuators set the thresholds for integrity monitoring and the maximum acceptable delay in the control loop. This integrated view matters because it allows analysis of whether post-quantum protections can be added to safety-critical aircraft systems without compromising their real-time performance or stability.

Core claim

In a stochastic hybrid model for these systems, plant evolution, communication latency, leakage, adversarial channel quality, and cryptographic state evolve under a common filtration. This enables showing that channel uncertainty tightens admissible key-renewal periods, ciphertext expansion enters bus-level schedulability constraints, and sensing and actuator limits shape integrity thresholds and allowable control delay. The approach further relates PUF smooth min-entropy to distinguishing advantage and connects innovation statistics to conservative alarm design.

What carries the argument

The stochastic hybrid model in which all system quantities evolve under a common filtration

If this is right

  • Channel uncertainty tightens the admissible periods for key renewal.
  • Ciphertext expansion must be accounted for in bus-level schedulability checks.
  • Sensing and actuator limits determine integrity thresholds and control delay bounds.
  • PUF smooth min-entropy determines the distinguishing advantage against the system.
  • Innovation statistics support the design of conservative alarms.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The modeling technique could be extended to analyze post-quantum security in other cyber-physical systems such as electric vehicle controls or industrial automation.
  • Control system designers may need to co-optimize security parameters together with controller gains to meet all constraints at once.
  • Future work could validate the predictions by implementing the lattice-based schemes on avionics hardware and testing stability under realistic channel conditions.

Load-bearing premise

Plant evolution, communication latency, leakage, adversarial channel quality, and cryptographic state all evolve under a common filtration in the stochastic hybrid model.

What would settle it

An experiment or simulation that varies channel uncertainty and checks whether the maximum safe key-renewal interval decreases exactly as the model predicts; deviation from this relation would falsify the claim.

read the original abstract

We develop a unified mathematical formulation for post-quantum authenticated telemetry and actuation in FADEC-coupled dual-spool turbofan cyber-physical systems. The formulation integrates lattice-based key establishment under LWE/SIS-style assumptions, PUF-derived attestation entropy, authenticated encryption, radar-altimeter integrity, avionics-bus timing, and Kalman residual monitoring in a stochastic hybrid model. Within this model, plant evolution, communication latency, leakage, adversarial channel quality, and cryptographic state evolve under a common filtration. We show that channel uncertainty tightens admissible key-renewal periods, that ciphertext expansion enters bus-level schedulability constraints, and that sensing and actuator limits shape integrity thresholds and allowable control delay. We further relate PUF smooth min-entropy to distinguishing advantage and connect innovation statistics to conservative alarm design. Overall, the results characterize how post-quantum security, real-time schedulability, and closed-loop stability interact in safety-critical aerospace control architectures within a defensive analytical treatment that does not provide operational guidance for interference with real platforms.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The manuscript develops a unified stochastic hybrid model for post-quantum authenticated telemetry and actuation in FADEC-coupled dual-spool turbofan cyber-physical systems. It integrates lattice-based key establishment under LWE/SIS assumptions, PUF-derived attestation entropy, authenticated encryption, radar-altimeter integrity, avionics-bus timing, and Kalman residual monitoring. Within this model, plant evolution, communication latency, leakage, adversarial channel quality, and cryptographic state are asserted to evolve under a common filtration. The authors claim to show that channel uncertainty tightens admissible key-renewal periods, ciphertext expansion enters bus-level schedulability constraints, sensing and actuator limits shape integrity thresholds and allowable control delay, PUF smooth min-entropy relates to distinguishing advantage, and innovation statistics connect to conservative alarm design.

Significance. If the model construction and derivations are made rigorous, the work could offer a valuable framework for quantifying interactions between post-quantum cryptographic overhead, real-time schedulability, and closed-loop stability in safety-critical aerospace CPS. The composable, defensive analytical treatment and explicit connections between crypto parameters and control metrics represent a strength for interdisciplinary analysis. However, without explicit probability-space construction or validation examples, the immediate applicability to system design remains limited.

major comments (1)
  1. The central claim that plant evolution (continuous-time differential equations), communication latency, leakage, adversarial channel quality, and cryptographic state (discrete key renewal, PUF entropy, LWE/SIS lattice operations) all evolve under a single common filtration is load-bearing for the derived results on tightened key-renewal periods, schedulability constraints, and alarm design. The manuscript states this unification but provides no explicit construction of the underlying probability space (e.g., product measure combining the physical Wiener process, discrete cryptographic randomness, and adversarial channel measure) or verification that the generated filtration is right-continuous and complete without introducing spurious cross-domain dependence. This leaves the conditional expectations and innovation statistics used in the tightness and integrity claims formally undefined.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the thoughtful review and for highlighting the potential interdisciplinary value of the unified stochastic hybrid model. We address the major comment on the probability-space construction below and will strengthen the formal foundations in the revision.

read point-by-point responses

  1. Referee: The central claim that plant evolution (continuous-time differential equations), communication latency, leakage, adversarial channel quality, and cryptographic state (discrete key renewal, PUF entropy, LWE/SIS lattice operations) all evolve under a single common filtration is load-bearing for the derived results on tightened key-renewal periods, schedulability constraints, and alarm design. The manuscript states this unification but provides no explicit construction of the underlying probability space (e.g., product measure combining the physical Wiener process, discrete cryptographic randomness, and adversarial channel measure) or verification that the generated filtration is right-continuous and complete without introducing spurious cross-domain dependence. This leaves the conditional expectations and innovation statistics used in the tightness and integrity claims formally undefined.

    Authors: We agree that an explicit construction of the underlying probability space would make the common filtration and associated conditional expectations fully rigorous. The current manuscript asserts the unification at the level of the joint stochastic hybrid dynamics but does not expand the product measure or verify right-continuity and completeness. In the revised version we will add a dedicated subsection (or appendix) that defines the probability space as the product Ω = Ω_plant × Ω_crypto × Ω_channel equipped with the product measure μ = μ_Wiener ⊗ μ_LWE/SIS ⊗ μ_adversary, constructs the natural filtration generated by the continuous and discrete processes, and confirms that its usual augmentation is right-continuous and complete. This addition will render the conditional expectations and innovation statistics used for key-renewal bounds, schedulability, and alarm thresholds formally well-defined without changing any of the derived trade-off results. revision: yes

Circularity Check

0 steps flagged

No circularity: results are consequences of stated model assumptions, not reductions to inputs

full rationale

The manuscript presents a stochastic hybrid model with the common-filtration assumption as a modeling choice that unifies the domains, then derives consequences (tighter key-renewal periods, schedulability constraints, integrity thresholds) inside that model. No equations or self-citations are supplied that define a quantity in terms of itself or rename a fitted parameter as a prediction. The derivation chain therefore remains self-contained; the filtration assumption is an input, not a derived output that loops back to justify itself.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review yields no identifiable free parameters, axioms, or invented entities; the common-filtration assumption and LWE/SIS-style assumptions are referenced at high level but not detailed.

pith-pipeline@v0.9.0 · 5477 in / 1120 out tokens · 39698 ms · 2026-05-09T19:16:54.225624+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

37 extracted references · 37 canonical work pages

  1. [1]

    M. Ajtai. Generating hard instances of lattice problems. InProceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, 1996

    work page 1996

  2. [2]

    O. Regev. On lattices, learning with errors, random linear codes, and cryptography. InProceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, 2005

    work page 2005

  3. [3]

    R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. InProceedings of the IEEE Symposium on Foundations of Computer Science, 2001

    work page 2001

  4. [4]

    Goldwasser, S

    S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems.SIAM Journal on Computing, 1989

    work page 1989

  5. [5]

    NIST Special Publication 800-38D, 2007

    National Institute of Standards and Technology.Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D, 2007

    work page 2007

  6. [6]

    Nir and A

    Y. Nir and A. Langley.ChaCha20 and Poly1305 for IETF Protocols. RFC 8439, Internet Engineering Task Force, 2018

    work page 2018

  7. [7]

    Impagliazzo, L

    R. Impagliazzo, L. A. Levin, and M. Luby. Pseudo-random generation from one-way functions. InProceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, 1989

    work page 1989

  8. [8]

    Renner.Security of Quantum Key Distribution

    R. Renner.Security of Quantum Key Distribution. Ph.D. thesis, ETH Zurich, 2005

    work page 2005

  9. [9]

    C. E. Shannon. A mathematical theory of communication.Bell System Technical Journal, 1948

    work page 1948

  10. [10]

    T. M. Cover and J. A. Thomas.Elements of Information Theory. Wiley, second edition, 2006

    work page 2006

  11. [11]

    P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology—CRYPTO, 1996

    work page 1996

  12. [12]

    Kocher, J

    P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. InAdvances in Cryptology—CRYPTO, 1999

    work page 1999

  13. [13]

    Pappu, B

    R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld. Physical one-way functions.Science, 2002

    work page 2002

  14. [14]

    Maes.Physically Unclonable Functions: Constructions, Properties and Applications

    R. Maes.Physically Unclonable Functions: Constructions, Properties and Applications. Springer, 2013

    work page 2013

  15. [15]

    R. E. Kalman. A new approach to linear filtering and prediction problems.Journal of Basic Engineering, 1960

    work page 1960

  16. [16]

    H. K. Khalil.Nonlinear Systems. Prentice Hall, third edition, 2002

    work page 2002

  17. [17]

    Jiang, A

    Z.-P. Jiang, A. R. Teel, and L. Praly. Small-gain theorem for ISS systems and applications.Mathematics of Control, Signals and Systems, 1994

    work page 1994

  18. [18]

    K. Zhou, J. C. Doyle, and K. Glover.Robust and Optimal Control. Prentice Hall, 1996

    work page 1996

  19. [19]

    H. J. Kushner.Stochastic Stability and Control. Academic Press, 1967

    work page 1967

  20. [20]

    Mariton.Jump Linear Systems in Automatic Control

    M. Mariton.Jump Linear Systems in Automatic Control. Marcel Dekker, 1990

    work page 1990

  21. [21]

    C. L. Liu and J. W. Layland. Scheduling algorithms for multiprogramming in a hard-real-time environment. Journal of the ACM, 1973

    work page 1973

  22. [22]

    Joseph and P

    M. Joseph and P. Pandya. Finding response times in a real-time system.The Computer Journal, 1986

    work page 1986

  23. [23]

    Tindell, A

    K. Tindell, A. Burns, and A. J. Wellings. Calculating controller area network message response times.Control Engineering Practice, 1995

    work page 1995

  24. [24]

    Robert Bosch GmbH.CAN Specification Version 2.0. 1991

    work page 1991

  25. [25]

    Interna- tional standard

    International Organization for Standardization.ISO 11898: Road vehicles – Controller area network. Interna- tional standard

    work page

  26. [26]

    ARINC specification

    Aeronautical Radio, Inc.ARINC Specification 429: Mark 33 Digital Information Transfer System. ARINC specification

    work page

  27. [27]

    Military standard

    United States Department of Defense.MIL-STD-1553: Digital Time Division Command/Response Multiplex Data Bus. Military standard

    work page

  28. [28]

    J. D. Mattingly.Elements of Propulsion: Gas Turbines and Rockets. American Institute of Aeronautics and Astronautics, 2006

    work page 2006

  29. [29]

    P. P. Walsh and P. Fletcher.Gas Turbine Performance. Blackwell Science, second edition, 2004

    work page 2004

  30. [30]

    L. C. Jaw and J. D. Mattingly.Aircraft Engine Controls: Design, System Analysis, and Health Monitoring. American Institute of Aeronautics and Astronautics, 2009

    work page 2009

  31. [31]

    RTCA.DO-178C: Software Considerations in Airborne Systems and Equipment Certification. 2011

    work page 2011

  32. [32]

    SAE International.ARP4754A: Guidelines for Development of Civil Aircraft and Systems. 2010

    work page 2010

  33. [33]

    SAE International.ARP4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. 1996

    work page 1996

  34. [34]

    Bellare and P

    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the ACM Conference on Computer and Communications Security, 1993

    work page 1993

  35. [35]

    Goldwasser, S

    S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks.SIAM Journal on Computing, 1988

    work page 1988

  36. [36]

    Bellare and C

    M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. InAdvances in Cryptology—ASIACRYPT, 2000

    work page 2000

  37. [37]

    Cramer and V

    R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. InAdvances in Cryptology—CRYPTO, 1998. 27

    work page 1998