Secure Parameter Identification for Multi-Participant ARX Systems via CKKS Cryptosystem-Based Proxy Re-Encryption

Jialong Chen; Ji-Feng Zhang

arxiv: 2511.14267 · v2 · pith:JWHMLPO3new · submitted 2025-11-18 · 📡 eess.SY · cs.SY

Secure Parameter Identification for Multi-Participant ARX Systems via CKKS Cryptosystem-Based Proxy Re-Encryption

Jialong Chen , Ji-Feng Zhang This is my paper

Pith reviewed 2026-05-21 19:19 UTC · model grok-4.3

classification 📡 eess.SY cs.SY

keywords secure parameter identificationARX systemsCKKS cryptosystemproxy re-encryptiontruncated Gaussian noiseRLWEIND-CPA securitymulti-participant systems

0 comments

The pith

Replacing discrete Gaussian noise with a truncated version in CKKS enables IND-CPA secure proxy re-encryption for multi-participant ARX parameter identification.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a secure method for identifying parameters in autoregressive exogenous input systems shared among multiple participants without exposing private inputs or outputs. It modifies the CKKS homomorphic encryption scheme by using truncated discrete Gaussian noise instead of the standard version and proves their statistical distance is negligible. This negligible distance supports a polynomial-time reduction from the standard Ring-Learning with Errors problem, which establishes indistinguishability under chosen-plaintext attacks for the resulting algorithm. Key-switching is incorporated to build a proxy re-encryption scheme that supports the multi-party identification task. The work also supplies a lower bound on plaintext space size to avoid overflow and derives the mean-square convergence rate together with the explicit trade-off between security level and convergence speed.

Core claim

By rigorously proving that the statistical distance between the discrete Gaussian noise and the truncated one is negligible, the polynomial-time reduction between the standard Ring-Learning with Errors problem and the RLWE problem with the truncated discrete Gaussian noise is established. This result ensures the IND-CPA security of the secure parameter identification algorithm built on a CKKS-based proxy re-encryption scheme for multi-participant ARX systems. A lower bound condition on the size of the plaintext space avoids computational overflow, after which the mean square convergence and convergence rate of the algorithm are given along with the trade-off between security level and the (s

What carries the argument

CKKS cryptosystem with truncated discrete Gaussian noise plus key-switching to realize proxy re-encryption, which allows encrypted data sharing and joint parameter estimation while preserving input-output privacy.

If this is right

The algorithm converges in the mean-square sense at an explicit rate once the plaintext-space lower bound is met.
Increasing the security parameter widens the gap between security level and convergence speed.
Both system inputs and outputs remain protected throughout the multi-participant identification process.
Computational overflow during encryption is avoided when the plaintext space satisfies the derived lower bound.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same truncation-plus-reduction technique could be applied to other privacy-preserving system identification tasks in networked control.
Lower computational cost from truncation may improve practicality of homomorphic encryption in real-time control loops.
The convergence-security trade-off suggests tuning guidelines for choosing truncation width in different operating regimes.

Load-bearing premise

The statistical distance between standard discrete Gaussian noise and the truncated version remains negligible for the chosen truncation parameters, allowing the security reduction to the standard RLWE problem to hold.

What would settle it

An efficient algorithm that distinguishes RLWE samples generated with the truncated noise from those generated with standard discrete Gaussian noise at a non-negligible advantage, or a chosen-plaintext attack that recovers a participant's private input or output data from the encrypted identification transcripts.

Figures

Figures reproduced from arXiv: 2511.14267 by Jialong Chen, Ji-Feng Zhang.

**Figure 1.** Figure 1: The configuration of the problem 3. MAIN RESULTS 3.1 CKKS-Cryptosystem-Based Parameter Identification Algorithm We propose the following CKKS-cryptosystem-based parameter identification algorithm. Algorithm 2 CKKS-cryptosystem-based parameter identification algorithm Input: The step-size parameter α, and the initial estimate ˆθ0 ∈ X . for k = 0, 1, . . . , do 1: Sensor S encodes the regressor φk, the sys… view at source ↗

**Figure 2.** Figure 2: Trajectories of estimation errors 5. CONCLUSION In this paper, we proposed a CKKS-cryptosystem-based parameter identification algorithm for the cloud-based parameter identification problem of ARX systems. By giving a lower bound of the truncation value of the truncated discrete Gaussian distribution, the negligible statistical distance between the Gaussian distribution and the truncated discrete one is pro… view at source ↗

read the original abstract

This paper investigates the parameter identification for multi-participant autoregressive exogenous input (ARX) systems while protecting the system input and output. To do so, the discrete Gaussian noise in the standard Cheon-Kim-Kim-Song (CKKS) cryptosystem is replaced with a truncated one. By using the CKKS cryptosystem with the truncated discrete Gaussian noise and the key-switching technique, a proxy re-encryption scheme is developed. Based on this scheme, a secure parameter identification algorithm is proposed for multi-participant ARX systems. By rigorously proving that the statistical distance between the discrete Gaussian noise and the truncated one is negligible, the polynomial-time reduction between the standard Ring-Learning with Errors (RLWE) problem and the RLWE problem with the truncated discrete Gaussian noise is established. This result ensures the indistinguishability under chosen-plaintext attacks (IND-CPA) security of the algorithm. By giving a lower bound condition on the size of the plaintext space, the computational overflow in encryption is avoided. Based on this condition, the mean square convergence and convergence rate of the algorithm are given. The trade-off between the security level and the convergence of the algorithm is presented. Finally, a numerical example is given to verify the effectiveness of the algorithm.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a workable privacy tool for multi-party ARX identification via truncated CKKS and proxy re-encryption, with security and convergence claims that mostly hold but need parameter verification on the truncation.

read the letter

The paper gives a method for identifying parameters in multi-party ARX systems without sharing raw inputs and outputs. It does this by swapping the usual discrete Gaussian noise in CKKS for a truncated version, then layering on proxy re-encryption to handle the multi-participant setup. What is new is the proxy re-encryption construction built specifically around the truncated CKKS noise for ARX identification. They prove a polynomial-time reduction from the modified RLWE to the standard one by showing the statistical distance is negligible, which supports the IND-CPA claim. They also supply a lower bound on plaintext space size to avoid computational overflow and derive mean-square convergence with rate, plus the security versus convergence trade-off. The work does well by including a numerical example to check effectiveness and by grounding the claims in the algorithm steps. The integration of crypto primitives with the identification procedure looks thoughtful. The main soft spot is in the security reduction. The negligibility of the distance between standard and truncated noise must hold tightly for the concrete parameters chosen, including ring dimension, modulus, and error width. Without an explicit check that the distance falls below 2 to the minus security parameter, the reduction could be looser than stated. The convergence result depends on the plaintext bound, which is fine but limits how large the signals can be. This paper is aimed at researchers in secure control theory and privacy-preserving system identification. Someone looking for a worked example of applying homomorphic encryption to ARX models would find it useful. It has enough structure and analysis to deserve a serious referee. I would send it to peer review, with reviewers asked to examine the truncation bound calculations and the numerical validation closely.

Referee Report

1 major / 2 minor

Summary. The paper proposes a secure parameter identification algorithm for multi-participant ARX systems. It replaces the discrete Gaussian noise in the CKKS cryptosystem with a truncated version, develops a proxy re-encryption scheme using key-switching, and claims IND-CPA security via a polynomial-time reduction to the standard RLWE problem. This reduction is based on proving that the statistical distance between standard and truncated discrete Gaussian noise is negligible. The authors also derive a lower bound on plaintext space size to avoid encryption overflow, establish mean-square convergence and rate under this condition, analyze the security-convergence trade-off, and include a numerical example for validation.

Significance. If the security reduction holds tightly for the concrete parameters and the convergence analysis is rigorous, the work could provide a useful bridge between homomorphic encryption techniques and distributed system identification, with the explicit trade-off discussion and convergence guarantees as notable strengths.

major comments (1)

The central security claim (abstract and security analysis section) asserts a polynomial-time reduction to standard RLWE based on negligible statistical distance between discrete Gaussian and truncated noise. However, this requires an explicit check that the chosen truncation bound B (relative to sigma) yields total variation distance below 2^{-lambda} for the ring dimension, modulus q, and security parameter lambda used in the numerical example and convergence bounds. Without this verification, the reduction tightness and IND-CPA guarantee may not hold for the paper's parameters.

minor comments (2)

In the numerical example, explicitly state the values of B, sigma, n, and q and confirm they satisfy the plaintext space lower bound to prevent overflow.
Clarify the multi-participant extension in the convergence proof: how the proxy re-encryption affects the mean-square error bound derivation.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their careful reading of the manuscript and for identifying this important point on the concrete security parameters. We address the comment below and will revise the manuscript to incorporate the requested verification.

read point-by-point responses

Referee: The central security claim (abstract and security analysis section) asserts a polynomial-time reduction to standard RLWE based on negligible statistical distance between discrete Gaussian and truncated noise. However, this requires an explicit check that the chosen truncation bound B (relative to sigma) yields total variation distance below 2^{-lambda} for the ring dimension, modulus q, and security parameter lambda used in the numerical example and convergence bounds. Without this verification, the reduction tightness and IND-CPA guarantee may not hold for the paper's parameters.

Authors: We appreciate the referee pointing out the value of an explicit numerical check for the concrete parameters. The manuscript provides a general proof that the statistical distance between the discrete Gaussian and its truncated version is negligible for truncation bounds B that are sufficiently large relative to the standard deviation sigma. To directly address the concern and confirm that the polynomial-time reduction to standard RLWE (and thus the IND-CPA security) holds tightly for the specific ring dimension, modulus q, and security parameter lambda appearing in the numerical example and convergence bounds, we will add an explicit computation of the total variation distance in the revised security analysis section. This will verify that the distance falls below 2^{-lambda} for the chosen B and sigma values used in the paper. revision: yes

Circularity Check

0 steps flagged

Security reduction to external RLWE and convergence bounds are self-contained

full rationale

The paper establishes IND-CPA security by proving the statistical distance between standard and truncated discrete Gaussian noise is negligible, yielding a polynomial-time reduction to the standard RLWE problem (an external hardness assumption independent of the paper's fitted values or internal parameters). Convergence rate and mean-square bounds follow directly from the algorithm steps plus the stated plaintext-space lower bound condition that prevents overflow. No load-bearing step reduces by construction to a self-fit, self-citation chain, or renamed input; the derivation therefore remains independent of the quantities it analyzes.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The central claims rest on the standard hardness of the RLWE problem and on the negligibility of the statistical distance after truncation; a lower bound on plaintext space size is introduced to prevent overflow but is not fitted to data.

free parameters (1)

plaintext space size lower bound
Condition given to avoid computational overflow during encryption; its specific value is chosen to satisfy the algorithm's numerical stability.

axioms (1)

domain assumption The Ring-Learning with Errors problem is computationally hard for appropriate parameters
Invoked to transfer security from the standard CKKS setting to the truncated-noise variant via the statistical-distance argument.

pith-pipeline@v0.9.0 · 5760 in / 1303 out tokens · 59587 ms · 2026-05-21T19:19:40.172687+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

By rigorously proving that the statistical distance between the discrete Gaussian noise and the truncated one is negligible, the polynomial-time reduction between the standard Ring-Learning with Errors (RLWE) problem and the RLWE problem with the truncated discrete Gaussian noise is established.
IndisputableMonolith/Foundation/AbsoluteFloorClosure.lean absolute_floor_iff_bare_distinguishability unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

If the truncation value Γ satisfies Γ≥σ(√(2N+1)), then Algorithm 2 has the same security level as the standard CKKS cryptosystem.

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

37 extracted references · 37 canonical work pages

[1]

Adamek, J., Binfet, P., Schl \"u ter, N., and Darup, M.S. (2024). Encrypted system identification as-a-service via reliable encrypted matrix inversion. In IEEE 63rd Conference on Decision and Control, 4582--4588

work page 2024
[2]

Alexandru, A.B., Gatsis, K., Shoukry, Y., Seshia, S.A., Tabuada, P., and Pappas, G. (2020). Cloud-based quadratic optimization with partially homomorphic encryption. IEEE Transactions on Automatic Control, 66(5), 2357--2364

work page 2020
[3]

Antonucci, D., Oberegger, U.F., Pasut, W., and Gasparella, A. (2017). Building performance evaluation through a novel feature selection algorithm for automated ARX model identification procedures. Energy and Buildings, 150, 432--446

work page 2017
[4]

Ash, R.B. (1972). Real analysis and probability. Academic press, New York, NY, USA

work page 1972
[5]

Aysal, T.C., Coates, M.J., and Rabbat, M.G. (2008). Distributed average consensus with dithered quantization. IEEE Transactions on Signal Processing, 56(10), 4905--4918

work page 2008
[6]

Banaszczyk, W. (1995). Inequalities for convex bodies and polar reciprocal lattices in R^n . Discrete & Computational Geometry, 13(2), 217--231

work page 1995
[7]

Bellare, M., Desai, A., Pointcheval, D., and Rogaway, P. (1998). Relations among notions of security for public-key encryption schemes. In Annual International Cryptology Conference, 26--45

work page 1998
[8]

Benaissa, A., Retiat, B., Cebere, B., and Belfedhal, A.E. (2021). TenSEAL: a library for encrypted tensor operations using homomorphic encryption. In Workshop on Distributed and Private Machine Learning, 1--12

work page 2021
[9]

Bhoi, S.S., Arakala, A., Corman, A.B., and Rao, A. (2025). Post-quantum homomorphic encryption: a case for code-based alternatives. Cryptography, 9(2), 1--37

work page 2025
[10]

B \"o ck, C., Kostoglou, K., Kov \'a cs, P., Huemer, M., and Meier, J. (2019). A linear parameter varying ARX model for describing biomedical signal couplings. In International Conference on Computer Aided Systems Theory, 339--346

work page 2019
[11]

and Kozachenko, Y.V

Buldygin, V.V. and Kozachenko, Y.V. (1980). Sub-Gaussian random variables. Ukrainian Mathematical Journal, 32(6), 483--489

work page 1980
[12]

and Zhang, J.F

Chen, H.F. and Zhang, J.F. (1990). Identification of linear systems without assuming stability and minimum phase. Science in China (Series A), 33(6), 641--653

work page 1990
[13]

Chen, H.F., Guo, L., and Zhang, J.F. (1991). LMS-like estimation for time-varying parameters. Acta Mathematica Scientia, 11(3), 327--340

work page 1991
[14]

Chen, J.L., Wang, J.M., and Zhang, J.F. (2025). Differentially private distributed nonconvex stochastic optimization with quantized communication. IEEE Transactions on Automatic Control. doi:10.1109/TAC.2025.3590872. Accepted in July 2025

work page doi:10.1109/tac.2025.3590872 2025
[15]

Chen, J.L., Wang, J.M., and Zhang, J.F. (2025)c. Secure parameter identification of ARX systems with CKKS cryptosystem. arXiv preprint arXiv:

work page 2025
[16]

Cheon, J.H., Kim, A., Kim, M., and Song, Y. (2017). Homomorphic encryption for arithmetic of approximate numbers. In International Conference on the Theory and Application of Cryptology and Information Security, 409--437

work page 2017
[17]

Cheon, J.H., Han, K., Kim, A., Kim, M., and Song, Y. (2018). Bootstrapping for approximate homomorphic encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, 360-384

work page 2018
[18]

Di Scala, A.J., Sanna, C., and Signorini, E. (2021). On the condition number of the Vandermonde matrix of the n th cyclotomic polynomial. Journal of Mathematical Cryptology, 15(1), 174--178

work page 2021
[19]

Esperanca, P., Aslett, L., and Holmes, C. (2017). Encrypted accelerated least squares regression. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 54, 334--343

work page 2017
[20]

and Vercauteren, F

Fan, J.F. and Vercauteren, F. (2012). Somewhat practical fully homomorphic encryption. URL http://ia.cr/2012/144

work page 2012
[21]

Guo, L.P., Wang, J.M., Zhao, Y.L., and Zhang, J.F. (2025). State estimation with protecting exogenous inputs via Cram \'e r-Rao lower bound approach. arXiv preprint arXiv:2410.08756v2

work page arXiv 2025
[22]

and Johnson, C.R

Horn, R.A. and Johnson, C.R. (2012). Matrix analysis. Cambridge University Press, Cambridge, U.K

work page 2012
[23]

Li, T., Tian, Y.L., Xiong, J.B., and Bhuiyan, M.Z.A. (2023). FVP-EOC: fair, verifiable, and privacy-preserving edge outsourcing computing in 5G-enabled IIoT. IEEE Transactions on Industrial Informatics, 19(1), 940--950

work page 2023
[24]

and Peikert, C

Lindner, R. and Peikert, C. (2011). Better key sizes (and attacks) for LWE-based encryption. In Cryptographers' Track at the RSA Conference, 319--339

work page 2011
[25]

Ljung, L. (1999). System identification: theory for the user. Prentice Hall, Saddle River, NJ, USA

work page 1999
[26]

and Cole, D.G

Lois, R.S. and Cole, D.G. (2024). Encrypted control using modified learning with errors-based schemes. IFAC-PapersOnLine, 58(28), 72--77

work page 2024
[27]

Lyubashevsky, V., Peikert, C., and Regev, O. (2010). On ideal lattices and learning with errors over rings. Journal of the ACM, 60(6), 1--35

work page 2010
[28]

Nedi \'c , A., Ozdaglar, A., and Parrilo, P.A. (2010). Constrained consensus and optimization in multi-agent networks. IEEE Transactions on Automatic Control, 55(4), 922--938

work page 2010
[29]

Polyak, B.T. (1987). Introduction to optimization. Optimization Software Inc., New York, NY, USA

work page 1987
[30]

Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM, 56(6), 1--40

work page 2009
[31]

Roy, S.S., Vercauteren, F., and Verbauwhede, I. (2013). High precision discrete Gaussian sampling on FPGAs. In International Conference on Selected Areas in Cryptography, 383--401

work page 2013
[32]

and Liu, Y

Shen, X.C. and Liu, Y. (2021). Privacy-preserving distributed estimation over multitask networks. IEEE Transactions on Aerospace and Electronic Systems, 58(3), 1953--1965

work page 2021
[33]

Suh, J., Jang, Y., Teranishi, K., and Tanaka, T. (2025). Relative entropy regularized reinforcement learning for efficient encrypted policy synthesis. IEEE Control Systems Letters, 9, 895--900

work page 2025
[34]

Tan, J.W., Wang, J.M., and Zhang, J.F. (2023). Cooperative secure parameter identification of multi-participant ARX systems --- a threshold Paillier cryptosystem-based least-squares identification algorithm. Scientia Sinica Informationis, 53(12), 2472--2492

work page 2023
[35]

Zhang, J.F., Tan, J.W., and Wang J.M. (2021). Privacy security in control systems. Science China Information Sciences, 64(7), 176201

work page 2021
[36]

Zhang, X., Saelens, D., and Roels, S. (2022). Estimating dynamic solar gains from on-site measured data: an ARX modelling approach. Applied Energy, 321, 119278

work page 2022
[37]

Zorich, V.A. (2015). Mathematical analysis I. Springer, New York, NY, USA

work page 2015

[1] [1]

Adamek, J., Binfet, P., Schl \"u ter, N., and Darup, M.S. (2024). Encrypted system identification as-a-service via reliable encrypted matrix inversion. In IEEE 63rd Conference on Decision and Control, 4582--4588

work page 2024

[2] [2]

Alexandru, A.B., Gatsis, K., Shoukry, Y., Seshia, S.A., Tabuada, P., and Pappas, G. (2020). Cloud-based quadratic optimization with partially homomorphic encryption. IEEE Transactions on Automatic Control, 66(5), 2357--2364

work page 2020

[3] [3]

Antonucci, D., Oberegger, U.F., Pasut, W., and Gasparella, A. (2017). Building performance evaluation through a novel feature selection algorithm for automated ARX model identification procedures. Energy and Buildings, 150, 432--446

work page 2017

[4] [4]

Ash, R.B. (1972). Real analysis and probability. Academic press, New York, NY, USA

work page 1972

[5] [5]

Aysal, T.C., Coates, M.J., and Rabbat, M.G. (2008). Distributed average consensus with dithered quantization. IEEE Transactions on Signal Processing, 56(10), 4905--4918

work page 2008

[6] [6]

Banaszczyk, W. (1995). Inequalities for convex bodies and polar reciprocal lattices in R^n . Discrete & Computational Geometry, 13(2), 217--231

work page 1995

[7] [7]

Bellare, M., Desai, A., Pointcheval, D., and Rogaway, P. (1998). Relations among notions of security for public-key encryption schemes. In Annual International Cryptology Conference, 26--45

work page 1998

[8] [8]

Benaissa, A., Retiat, B., Cebere, B., and Belfedhal, A.E. (2021). TenSEAL: a library for encrypted tensor operations using homomorphic encryption. In Workshop on Distributed and Private Machine Learning, 1--12

work page 2021

[9] [9]

Bhoi, S.S., Arakala, A., Corman, A.B., and Rao, A. (2025). Post-quantum homomorphic encryption: a case for code-based alternatives. Cryptography, 9(2), 1--37

work page 2025

[10] [10]

B \"o ck, C., Kostoglou, K., Kov \'a cs, P., Huemer, M., and Meier, J. (2019). A linear parameter varying ARX model for describing biomedical signal couplings. In International Conference on Computer Aided Systems Theory, 339--346

work page 2019

[11] [11]

and Kozachenko, Y.V

Buldygin, V.V. and Kozachenko, Y.V. (1980). Sub-Gaussian random variables. Ukrainian Mathematical Journal, 32(6), 483--489

work page 1980

[12] [12]

and Zhang, J.F

Chen, H.F. and Zhang, J.F. (1990). Identification of linear systems without assuming stability and minimum phase. Science in China (Series A), 33(6), 641--653

work page 1990

[13] [13]

Chen, H.F., Guo, L., and Zhang, J.F. (1991). LMS-like estimation for time-varying parameters. Acta Mathematica Scientia, 11(3), 327--340

work page 1991

[14] [14]

Chen, J.L., Wang, J.M., and Zhang, J.F. (2025). Differentially private distributed nonconvex stochastic optimization with quantized communication. IEEE Transactions on Automatic Control. doi:10.1109/TAC.2025.3590872. Accepted in July 2025

work page doi:10.1109/tac.2025.3590872 2025

[15] [15]

Chen, J.L., Wang, J.M., and Zhang, J.F. (2025)c. Secure parameter identification of ARX systems with CKKS cryptosystem. arXiv preprint arXiv:

work page 2025

[16] [16]

Cheon, J.H., Kim, A., Kim, M., and Song, Y. (2017). Homomorphic encryption for arithmetic of approximate numbers. In International Conference on the Theory and Application of Cryptology and Information Security, 409--437

work page 2017

[17] [17]

Cheon, J.H., Han, K., Kim, A., Kim, M., and Song, Y. (2018). Bootstrapping for approximate homomorphic encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, 360-384

work page 2018

[18] [18]

Di Scala, A.J., Sanna, C., and Signorini, E. (2021). On the condition number of the Vandermonde matrix of the n th cyclotomic polynomial. Journal of Mathematical Cryptology, 15(1), 174--178

work page 2021

[19] [19]

Esperanca, P., Aslett, L., and Holmes, C. (2017). Encrypted accelerated least squares regression. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 54, 334--343

work page 2017

[20] [20]

and Vercauteren, F

Fan, J.F. and Vercauteren, F. (2012). Somewhat practical fully homomorphic encryption. URL http://ia.cr/2012/144

work page 2012

[21] [21]

Guo, L.P., Wang, J.M., Zhao, Y.L., and Zhang, J.F. (2025). State estimation with protecting exogenous inputs via Cram \'e r-Rao lower bound approach. arXiv preprint arXiv:2410.08756v2

work page arXiv 2025

[22] [22]

and Johnson, C.R

Horn, R.A. and Johnson, C.R. (2012). Matrix analysis. Cambridge University Press, Cambridge, U.K

work page 2012

[23] [23]

Li, T., Tian, Y.L., Xiong, J.B., and Bhuiyan, M.Z.A. (2023). FVP-EOC: fair, verifiable, and privacy-preserving edge outsourcing computing in 5G-enabled IIoT. IEEE Transactions on Industrial Informatics, 19(1), 940--950

work page 2023

[24] [24]

and Peikert, C

Lindner, R. and Peikert, C. (2011). Better key sizes (and attacks) for LWE-based encryption. In Cryptographers' Track at the RSA Conference, 319--339

work page 2011

[25] [25]

Ljung, L. (1999). System identification: theory for the user. Prentice Hall, Saddle River, NJ, USA

work page 1999

[26] [26]

and Cole, D.G

Lois, R.S. and Cole, D.G. (2024). Encrypted control using modified learning with errors-based schemes. IFAC-PapersOnLine, 58(28), 72--77

work page 2024

[27] [27]

Lyubashevsky, V., Peikert, C., and Regev, O. (2010). On ideal lattices and learning with errors over rings. Journal of the ACM, 60(6), 1--35

work page 2010

[28] [28]

Nedi \'c , A., Ozdaglar, A., and Parrilo, P.A. (2010). Constrained consensus and optimization in multi-agent networks. IEEE Transactions on Automatic Control, 55(4), 922--938

work page 2010

[29] [29]

Polyak, B.T. (1987). Introduction to optimization. Optimization Software Inc., New York, NY, USA

work page 1987

[30] [30]

Regev, O. (2009). On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM, 56(6), 1--40

work page 2009

[31] [31]

Roy, S.S., Vercauteren, F., and Verbauwhede, I. (2013). High precision discrete Gaussian sampling on FPGAs. In International Conference on Selected Areas in Cryptography, 383--401

work page 2013

[32] [32]

and Liu, Y

Shen, X.C. and Liu, Y. (2021). Privacy-preserving distributed estimation over multitask networks. IEEE Transactions on Aerospace and Electronic Systems, 58(3), 1953--1965

work page 2021

[33] [33]

Suh, J., Jang, Y., Teranishi, K., and Tanaka, T. (2025). Relative entropy regularized reinforcement learning for efficient encrypted policy synthesis. IEEE Control Systems Letters, 9, 895--900

work page 2025

[34] [34]

Tan, J.W., Wang, J.M., and Zhang, J.F. (2023). Cooperative secure parameter identification of multi-participant ARX systems --- a threshold Paillier cryptosystem-based least-squares identification algorithm. Scientia Sinica Informationis, 53(12), 2472--2492

work page 2023

[35] [35]

Zhang, J.F., Tan, J.W., and Wang J.M. (2021). Privacy security in control systems. Science China Information Sciences, 64(7), 176201

work page 2021

[36] [36]

Zhang, X., Saelens, D., and Roels, S. (2022). Estimating dynamic solar gains from on-site measured data: an ARX modelling approach. Applied Energy, 321, 119278

work page 2022

[37] [37]

Zorich, V.A. (2015). Mathematical analysis I. Springer, New York, NY, USA

work page 2015