On the (non-)resilience of encrypted controllers to covert attacks

Janis Adamek; Moritz Schulze Darup; Philipp Binfet

arxiv: 2605.14230 · v2 · pith:7M66NF4Pnew · submitted 2026-05-14 · 💻 cs.CR · cs.SY· eess.SY

On the (non-)resilience of encrypted controllers to covert attacks

Philipp Binfet , Janis Adamek , Moritz Schulze Darup This is my paper

Pith reviewed 2026-05-19 17:09 UTC · model grok-4.3

classification 💻 cs.CR cs.SYeess.SY

keywords encrypted controlcovert attackshomomorphic encryptionnetworked control systemsverifiable computationintegrity attacksmalleability

0 comments

The pith

Encrypted control using homomorphic encryption leaves networked control systems open to covert attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that the mathematical properties enabling homomorphic encryption for private controller computation also allow an attacker to modify encrypted signals in ways that produce covert attacks on the closed-loop system. These attacks remain possible even if the attacker knows nothing about the original unencrypted plant or controller. The work demonstrates that public-key homomorphic schemes cannot solve the integrity problem on their own because their malleability works in both constructive and destructive directions. Readers should care because many proposals for outsourcing control to clouds or third parties rest on the assumption that encryption alone can deliver both confidentiality and integrity.

Core claim

Networked control systems are vulnerable to covert attacks even when encrypted control is employed. This remains possible without knowledge of an unencrypted model. The same homomorphisms that enable encrypted control can be leveraged not only constructively but also destructively due to the inherent malleability of public-key homomorphic encryption schemes.

What carries the argument

Malleability of public-key homomorphic encryption, which lets an attacker perform operations on ciphertexts that correspond to operations on the underlying plaintext signals and thereby inject undetectable attack components into the closed-loop dynamics.

If this is right

Encrypted controllers based solely on public-key homomorphic encryption cannot guarantee resilience against covert attacks.
Covert attacks can be mounted without access to an unencrypted model of the system.
Resilience requires complementary techniques such as verifiable computation integrated with the homomorphic scheme.
The verifiable-computation approach incurs no communication overhead and remains asymptotically secure.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Security for encrypted control will likely need hybrid methods that combine encryption with explicit verification rather than relying on encryption alone.
The same malleability concern may appear in other real-time applications of homomorphic encryption where system dynamics must stay undisturbed.
Practical deployment would benefit from measuring the added computation time of verifiable computation inside typical control sampling periods.

Load-bearing premise

The closed-loop dynamics of the networked control system allow an attacker to construct a covert attack vector solely by manipulating ciphertexts using the encryption scheme's homomorphic properties.

What would settle it

A concrete experiment in which a malleability-based covert attack on an encrypted controller is either detected by standard monitoring or remains completely undetected in the closed-loop behavior.

Figures

Figures reproduced from arXiv: 2605.14230 by Janis Adamek, Moritz Schulze Darup, Philipp Binfet.

**Figure 1.** Figure 1: Covert attack strategy using the homomorphisms of an encrypted NCS. behaves as the actual system output y(k) would in the attack-free case, where u(k) = uc(k). Specifying the attack is straightforward for linear system dynamics of the form x(k + 1) = Ax(k) + Bu(k), x(0) := x0 y(k) = Cx(k). The unmodified system output at time step k then is y0(k) := C [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗

**Figure 3.** Figure 3: Secure computation pipelines for evaluating h, without (a) and with (b) verification. Double-outlined boxes denote server-side operations. specified below. Setup(N, d, h) Choose an even expansion factor λ ∈ 2N such that λd ≤ N/2 and a detection threshold ε > 0. Generate M ∈ N challenge values ci , precompute h(ci) and store (ci , h(ci)), 1 ≤ i ≤ M, at the client. Transmit the lifted function h˜ : R λd → … view at source ↗

**Figure 4.** Figure 4: Experimentally obtained I/O trajectories in both homomorphic covert attack variants. cooldown phase is concluded, all deviations between uc(k) and u(k) as well as yc(k) and y(k) have been eliminated, which preserves stealthiness even after the attack. Therefore, the covert attack and cooldown can be successfully implemented with both stages of model knowledge. However, the configuration from Section 3.2 … view at source ↗

read the original abstract

The security of networked control systems (NCS) is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailored attacks (and detection schemes), including covert and zero-dynamics attacks. Confidentiality in control systems can, for instance, be achieved by securely outsourcing the evaluation of the controller to third-party platforms, such as cloud services. The underlying technology enabling such secure computation often is homomorphic encryption (HE). Recent works in encrypted control have proposed modifications to underlying HE schemes to achieve not only confidentiality but also resilience to certain types of integrity attacks. While extensions in this direction are desirable in principle, we show that the integrity problem in encrypted control cannot be solved by public-key HE schemes alone due to their inherent malleability. In other words, the same homomorphisms that enable encrypted control in the first place can be leveraged not only constructively but also destructively. More precisely, we demonstrate that NCS are vulnerable to covert attacks, even when encrypted control is employed. Remarkably, this remains possible without knowledge of an unencrypted model. Yet, resilience to such attacks can still be achieved through complementary techniques. We present an approach based on verifiable computation that integrates with modern homomorphic cryptosystems and is asymptotically secure while incurring no communication overhead.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper shows HE malleability allows model-free covert attacks on encrypted controllers and pairs it with a verifiable computation fix that adds no comms overhead.

read the letter

The one or two things to know are that public-key homomorphic encryption leaves room for covert attacks on encrypted networked control systems because of its malleability, and this can happen without the attacker knowing the unencrypted model. They also show a verifiable computation approach that restores resilience with no communication overhead. The paper does well to highlight this limitation in current encrypted control methods and to propose a complementary technique that builds on existing cryptosystems. The claim of asymptotic security and zero overhead is a practical plus if it holds up. Soft spots are mostly around the attack part. The argument uses known malleability, so the novelty is in showing it applies here without model knowledge and in the closed loop. If the full paper has clear constructions or simulations demonstrating the attack evades detection, that makes it stronger. Otherwise, it might feel like a straightforward extension rather than a major new finding. Soundness seems reasonable but would benefit from explicit details. No real circularity issues here. This paper is for control engineers and cryptographers interested in secure outsourced computation for critical systems. A reader focused on integrity in addition to confidentiality would get something out of it. I recommend sending it to peer review. The topic is timely and the ideas merit expert input.

Referee Report

2 major / 2 minor

Summary. The paper claims that public-key homomorphic encryption (HE) schemes enable encrypted control in networked control systems (NCS) but cannot alone ensure resilience to covert attacks due to inherent malleability. It demonstrates that such attacks remain possible without knowledge of an unencrypted model and proposes a verifiable computation approach integrated with modern homomorphic cryptosystems that achieves asymptotic security with no communication overhead.

Significance. If the central claims hold, the work is significant for clarifying fundamental limitations of standard public-key HE in control applications and for separating the non-resilience result from a concrete mitigation strategy. The constructive demonstration of model-free covert attacks and the integration of verifiable computation represent a useful contribution at the intersection of cryptography and control theory, particularly if accompanied by explicit attack constructions and security reductions.

major comments (2)

[Attack construction section] The demonstration of the covert attack (likely in the section following the problem formulation) must explicitly construct the attack signal using only the homomorphic properties and show why it evades closed-loop detection; the abstract states the result but the load-bearing step of how malleability produces an undetectable perturbation without model knowledge requires a self-contained example or proof.
[Mitigation section] § on verifiable computation mitigation: the claim of 'asymptotic security' and 'no communication overhead' needs a precise statement of the security model (e.g., against which class of adversaries) and a comparison of computational cost to the baseline encrypted controller.

minor comments (2)

[Introduction] The introduction would benefit from a short table contrasting prior encrypted-control schemes that claim integrity properties with the present result.
Notation for encrypted signals and homomorphic operations should be introduced once and used consistently; some symbols appear without prior definition in the abstract and early paragraphs.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the thoughtful and constructive comments on our manuscript. We believe the suggested clarifications will strengthen the presentation of our results on the limitations of homomorphic encryption in control systems and the proposed mitigation strategy. Below, we provide point-by-point responses to the major comments and outline the revisions we intend to make.

read point-by-point responses

Referee: [Attack construction section] The demonstration of the covert attack (likely in the section following the problem formulation) must explicitly construct the attack signal using only the homomorphic properties and show why it evades closed-loop detection; the abstract states the result but the load-bearing step of how malleability produces an undetectable perturbation without model knowledge requires a self-contained example or proof.

Authors: We agree that making the attack construction more explicit will improve the accessibility of the paper. In the revised manuscript, we will add a self-contained example in the attack construction section that details how the attack signal is generated solely from the homomorphic properties of the public-key encryption scheme. We will also include a proof or argument demonstrating why this perturbation remains undetectable by the closed-loop detection mechanisms without requiring knowledge of the unencrypted system model. revision: yes
Referee: [Mitigation section] § on verifiable computation mitigation: the claim of 'asymptotic security' and 'no communication overhead' needs a precise statement of the security model (e.g., against which class of adversaries) and a comparison of computational cost to the baseline encrypted controller.

Authors: We acknowledge the need for greater precision in the security claims. In the updated version, we will explicitly state the security model, defining it against computationally bounded adversaries who have access to the encrypted controller inputs and outputs but not the secret keys. Furthermore, we will include a detailed comparison of the computational costs, providing asymptotic complexity bounds for the verifiable computation approach versus the standard encrypted controller, and confirm that there is indeed no additional communication overhead. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper demonstrates non-resilience of public-key HE-based encrypted controllers to covert attacks by leveraging the established malleability of such schemes, which is an external cryptographic property rather than a quantity defined or fitted within the paper. The central claim is presented as a constructive observation that the same homomorphisms enabling encrypted control can be used destructively, without reducing to self-citations, internal parameter fits, or self-definitional loops. The subsequent mitigation via verifiable computation is explicitly separated, and the argument remains self-contained against known external benchmarks of HE behavior.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on standard cryptographic properties of public-key HE and basic assumptions from control theory about closed-loop dynamics; no new free parameters or invented entities are introduced in the abstract.

axioms (2)

domain assumption Public-key homomorphic encryption schemes are malleable by construction.
Invoked to explain why the same homomorphisms enabling encrypted control can be used destructively for covert attacks.
domain assumption Covert attacks can be mounted on NCS without knowledge of the unencrypted plant model.
Stated as a remarkable feature of the demonstrated vulnerability.

pith-pipeline@v0.9.0 · 5785 in / 1233 out tokens · 54833 ms · 2026-05-19T17:09:35.696216+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Reference graph

Works this paper leans on

20 extracted references · 20 canonical work pages

[1]

Adamek, J., Binfet, P., Schl ¨uter, N., and Schulze Darup, M. (2024). Encrypted system identification as-a-service via re- liable encrypted matrix inversion. In2024 IEEE 63rd Conf. Decis. Control (CDC), 4582–4588

work page 2024
[2]

Alexandru, A.B., Burbano, L., C ¸ eliktu˘g, M.F., Gomez, J., Car- denas, A.A., Kantarcioglu, M., and Katz, J. (2022). Private anomaly detection in linear controllers: Garbled circuits vs. homomorphic encryption. In2022 IEEE 61st Conf. Decis. Control (CDC), 7746–7753

work page 2022
[3]

Reuter, C.A., and Strand, M. (2015). A guide to fully ho- momorphic encryption. Cryptology ePrint Archive, Paper 2015/1192

work page 2015
[4]

and Fiore, D

Catalano, D. and Fiore, D. (2013). Practical homomorphic MACs for arithmetic circuits. In T. Johansson and P.Q. Nguyen (eds.),Adv. Cryptol. – EUROCRYPT 2013, 336–352. Springer Berlin Heidelberg, Berlin, Heidelberg

work page 2013
[5]

Hubaux, J.P. (2024). Veritas: Plaintext encoders for prac- tical verifiable homomorphic encryption. InProc. 2024 ACM SIGSAC Conf. Comput. Commun. Secur., CCS ’24, 2520–2534. Association for Computing Machinery, New

work page 2024
[6]

Cheon, J.H., Kim, A., Kim, M., and Song, Y . (2017). Homo- morphic encryption for arithmetic of approximate numbers. In T. Takagi and T. Peyrin (eds.),Adv. Cryptol. – ASIACRYPT 2017, 409–437. Springer International Publishing, Cham

work page 2017
[7]

Dyer, J., Dyer, M., and Xu, J. (2019). Practical homomorphic en- cryption over the integers for secure computation in the cloud. Int. J. Inf. Secur., 18(5), 549–579

work page 2019
[8]

and Zhang, P

Fauser, M. and Zhang, P. (2020). Resilience of cyber-physical systems to covert attacks by exploiting an improved encryp- tion scheme. In2020 59th IEEE Conf. Decis. Control (CDC), 5489–5494

work page 2020
[9]

and Zhang, P

Fauser, M. and Zhang, P. (2021). Resilient homomorphic en- cryption scheme for cyber-physical systems. In2021 60th IEEE Conf. Decis. Control (CDC), 5634–5639

work page 2021
[10]

and Zhang, P

Fauser, M. and Zhang, P. (2024). A secure resilient homomor- phic encryption scheme for control systems.IEEE Trans. Au- tom. Control, 1–16

work page 2024
[11]

and Lucia, W

Gheitasi, K. and Lucia, W. (2020). A finite-time stealthy covert attack against cyber-physical systems. In2020 7th Int. Conf. Control Decis. Inf. Technol. (CoDIT), volume 1, 347–352

work page 2020
[12]

and Lucia, W

Gheitasi, K. and Lucia, W. (2022). Undetectable finite-time covert attack on constrained cyber-physical systems.IEEE Trans. Contr. Netw. Syst., 9(2), 1040–1048

work page 2022
[13]

Ruths, J., Tippenhauer, N.O., Sandberg, H., and Candell, R. (2018). A survey of physics-based attack detection in cyber- physical systems.ACM Comput. Surv. (CSUR), 51(4), 1–36

work page 2018
[14]

and Shoup, V

Halevi, S. and Shoup, V . (2014). Algorithms in HElib. In J.A. Garay and R. Gennaro (eds.),Adv. Cryptol. – CRYPTO 2014, 554–571. Springer Berlin Heidelberg, Berlin, Heidelberg

work page 2014
[15]

Johansson, K. (2000). The quadruple-tank process: a multivari- able laboratory process with an adjustable zero.IEEE Trans. Control Syst. Technol., 8(3), 456–465

work page 2000
[16]

and Lindell, Y

Katz, J. and Lindell, Y . (2014).Introduction to modern cryp- tography, second edition. Chapman & Hall/CRC Cryptog- raphy and Network Security Series. Chapman & Hall/CRC,

work page 2014
[17]

Marcolla, C., Sucasas, V ., Manzano, M., Bassoli, R., Fitzek, F.H.P., and Aaraj, N. (2022). Survey on fully homomorphic encryption, theory, and applications.Proc. IEEE, 110(10), 1572–1609. Schl¨uter, N., Binfet, P., and Schulze Darup, M. (2023). A brief survey on encrypted control: From the first to the second gen- eration and beyond.Annu. Rev. Control, 5...

work page 2022
[18]

Smith, R.S. (2011). A decoupled feedback structure for covertly appropriating networked control systems.IFAC Proc. Vol., 44(1), 90–95. 18th IFAC World Congress

work page 2011
[19]

Stabile, F., Lucia, W., Youssef, A., and Franz `e, G. (2024). A verifiable computing scheme for encrypted control systems. IEEE Control Syst. Lett., 8, 1096–1101

work page 2024
[20]

Teixeira, A., P ´erez, D., Sandberg, H., and Johansson, K.H. (2012). Attack models and scenarios for networked control systems. InProc. 1st Int. Conf. High Confid. Netw. Syst., HiCoNS ’12, 55–64. Association for Computing Machinery, New York, NY , USA. APPENDIXA. UPPER BOUND FOR INSTANTANEOUS ATTACK SUCCESS PROBABILITY We want to show thatp succ ≤2 −λ/2 f...

work page 2012

[1] [1]

Adamek, J., Binfet, P., Schl ¨uter, N., and Schulze Darup, M. (2024). Encrypted system identification as-a-service via re- liable encrypted matrix inversion. In2024 IEEE 63rd Conf. Decis. Control (CDC), 4582–4588

work page 2024

[2] [2]

Alexandru, A.B., Burbano, L., C ¸ eliktu˘g, M.F., Gomez, J., Car- denas, A.A., Kantarcioglu, M., and Katz, J. (2022). Private anomaly detection in linear controllers: Garbled circuits vs. homomorphic encryption. In2022 IEEE 61st Conf. Decis. Control (CDC), 7746–7753

work page 2022

[3] [3]

Reuter, C.A., and Strand, M. (2015). A guide to fully ho- momorphic encryption. Cryptology ePrint Archive, Paper 2015/1192

work page 2015

[4] [4]

and Fiore, D

Catalano, D. and Fiore, D. (2013). Practical homomorphic MACs for arithmetic circuits. In T. Johansson and P.Q. Nguyen (eds.),Adv. Cryptol. – EUROCRYPT 2013, 336–352. Springer Berlin Heidelberg, Berlin, Heidelberg

work page 2013

[5] [5]

Hubaux, J.P. (2024). Veritas: Plaintext encoders for prac- tical verifiable homomorphic encryption. InProc. 2024 ACM SIGSAC Conf. Comput. Commun. Secur., CCS ’24, 2520–2534. Association for Computing Machinery, New

work page 2024

[6] [6]

Cheon, J.H., Kim, A., Kim, M., and Song, Y . (2017). Homo- morphic encryption for arithmetic of approximate numbers. In T. Takagi and T. Peyrin (eds.),Adv. Cryptol. – ASIACRYPT 2017, 409–437. Springer International Publishing, Cham

work page 2017

[7] [7]

Dyer, J., Dyer, M., and Xu, J. (2019). Practical homomorphic en- cryption over the integers for secure computation in the cloud. Int. J. Inf. Secur., 18(5), 549–579

work page 2019

[8] [8]

and Zhang, P

Fauser, M. and Zhang, P. (2020). Resilience of cyber-physical systems to covert attacks by exploiting an improved encryp- tion scheme. In2020 59th IEEE Conf. Decis. Control (CDC), 5489–5494

work page 2020

[9] [9]

and Zhang, P

Fauser, M. and Zhang, P. (2021). Resilient homomorphic en- cryption scheme for cyber-physical systems. In2021 60th IEEE Conf. Decis. Control (CDC), 5634–5639

work page 2021

[10] [10]

and Zhang, P

Fauser, M. and Zhang, P. (2024). A secure resilient homomor- phic encryption scheme for control systems.IEEE Trans. Au- tom. Control, 1–16

work page 2024

[11] [11]

and Lucia, W

Gheitasi, K. and Lucia, W. (2020). A finite-time stealthy covert attack against cyber-physical systems. In2020 7th Int. Conf. Control Decis. Inf. Technol. (CoDIT), volume 1, 347–352

work page 2020

[12] [12]

and Lucia, W

Gheitasi, K. and Lucia, W. (2022). Undetectable finite-time covert attack on constrained cyber-physical systems.IEEE Trans. Contr. Netw. Syst., 9(2), 1040–1048

work page 2022

[13] [13]

Ruths, J., Tippenhauer, N.O., Sandberg, H., and Candell, R. (2018). A survey of physics-based attack detection in cyber- physical systems.ACM Comput. Surv. (CSUR), 51(4), 1–36

work page 2018

[14] [14]

and Shoup, V

Halevi, S. and Shoup, V . (2014). Algorithms in HElib. In J.A. Garay and R. Gennaro (eds.),Adv. Cryptol. – CRYPTO 2014, 554–571. Springer Berlin Heidelberg, Berlin, Heidelberg

work page 2014

[15] [15]

Johansson, K. (2000). The quadruple-tank process: a multivari- able laboratory process with an adjustable zero.IEEE Trans. Control Syst. Technol., 8(3), 456–465

work page 2000

[16] [16]

and Lindell, Y

Katz, J. and Lindell, Y . (2014).Introduction to modern cryp- tography, second edition. Chapman & Hall/CRC Cryptog- raphy and Network Security Series. Chapman & Hall/CRC,

work page 2014

[17] [17]

Marcolla, C., Sucasas, V ., Manzano, M., Bassoli, R., Fitzek, F.H.P., and Aaraj, N. (2022). Survey on fully homomorphic encryption, theory, and applications.Proc. IEEE, 110(10), 1572–1609. Schl¨uter, N., Binfet, P., and Schulze Darup, M. (2023). A brief survey on encrypted control: From the first to the second gen- eration and beyond.Annu. Rev. Control, 5...

work page 2022

[18] [18]

Smith, R.S. (2011). A decoupled feedback structure for covertly appropriating networked control systems.IFAC Proc. Vol., 44(1), 90–95. 18th IFAC World Congress

work page 2011

[19] [19]

Stabile, F., Lucia, W., Youssef, A., and Franz `e, G. (2024). A verifiable computing scheme for encrypted control systems. IEEE Control Syst. Lett., 8, 1096–1101

work page 2024

[20] [20]

Teixeira, A., P ´erez, D., Sandberg, H., and Johansson, K.H. (2012). Attack models and scenarios for networked control systems. InProc. 1st Int. Conf. High Confid. Netw. Syst., HiCoNS ’12, 55–64. Association for Computing Machinery, New York, NY , USA. APPENDIXA. UPPER BOUND FOR INSTANTANEOUS ATTACK SUCCESS PROBABILITY We want to show thatp succ ≤2 −λ/2 f...

work page 2012