pith. sign in

arxiv: 2604.14774 · v1 · submitted 2026-04-16 · 📡 eess.SY · cs.SY

Co-Design of Cryptographic Parameters and Delay-Aware Feedback Gain for Encrypted Control Systems

Yeongjun Jang This is my paper

Pith reviewed 2026-05-10 11:14 UTC · model grok-4.3

classification 📡 eess.SY cs.SY
keywords encrypted controlhomomorphic encryptiondelay-dependent stabilitylinear matrix inequalitiesfeedback gainco-designcryptographic parametersnetworked control
0
0 comments X

The pith

A co-design of cryptographic parameters and delay-aware feedback gains can keep encrypted control systems stable.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Homomorphic encryption secures both computation and communication in networked control but creates delays that grow with the security level and can destabilize the closed loop. Standard practice designs the controller in plaintext first and encrypts afterward, without addressing the induced delay. This paper instead jointly selects the cryptographic parameters and a feedback gain that explicitly accounts for the delay those parameters produce. It models the delay as a deterministic function of the parameters and gives a sufficient stability condition as a finite set of linear matrix inequalities. The resulting outer-inner procedure enumerates parameter sets that meet a security target and, for each set, solves the LMIs to find a stabilizing gain.

Core claim

By expressing encryption-induced delay directly as a function of cryptographic parameters and deriving a finite collection of linear matrix inequalities that guarantee the existence of a stabilizing delay-dependent feedback gain, a tractable outer-inner design procedure can search over parameters satisfying a desired security level and recover a gain that renders the encrypted closed-loop system stable.

What carries the argument

The outer-inner search: an outer enumeration over cryptographic parameters that satisfy a security requirement, paired with an inner feasibility check of linear matrix inequalities obtained from delay-dependent stability analysis of the closed-loop system.

If this is right

  • Encrypted control can be used at higher security levels without loss of stability by selecting a feedback gain matched to the resulting delay.
  • The design task reduces to a sequence of standard LMI feasibility problems and is therefore computationally practical.
  • Post-design encryption of a plaintext controller can be replaced by a joint search that avoids stability degradation.
  • Networked control systems gain a systematic way to trade security strength against closed-loop stability margins.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same modeling of delay from security parameters could be reused for other privacy mechanisms such as secure multiparty computation in feedback loops.
  • Hardware implementations could incorporate measured encryption latency rather than the analytic model to tighten the design.
  • Adding network-induced delays to the same LMI framework would produce controllers robust to both encryption and communication effects.
  • Performance objectives beyond stability, such as disturbance rejection, could be included by replacing the pure feasibility LMIs with optimization problems.

Load-bearing premise

The total delay caused by encryption can be modeled exactly as a deterministic value that depends only on the chosen cryptographic parameters, so that ordinary delay-dependent linear matrix inequality conditions remain valid for the encrypted implementation.

What would settle it

Apply the co-design procedure to a concrete linear plant for a chosen security level, obtain the cryptographic parameters and feedback gain, implement the encrypted controller with the modeled delay, and check whether the closed-loop state trajectories converge or stay bounded; divergence when the LMIs were feasible would contradict the claim.

read the original abstract

Encrypted control employs homomorphic encryption (HE) to protect both the computation and communication stages, making it a promising approach for secure networked control systems. Most existing results pre-design a controller in the plaintext domain and then implement it over encrypted data. However, this can be problematic because HE induces non-negligible communication and computation delays, which typically increase with the security level, potentially degrading control performance and even destabilizing the closed-loop system. To address this issue, we propose a co-design framework for cryptographic parameters and delay-aware feedback gain. We characterize the encryption-induced delay as a function of the cryptographic parameters and derive a sufficient condition for the existence of a stabilizing delay-aware feedback gain, expressed as a finite set of linear matrix inequalities. This leads to a tractable outer-inner design procedure that searches over cryptographic parameters that satisfy a desired security level and, for each such parameter, seeks a stabilizing feedback gain.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes a co-design framework for cryptographic parameters and delay-aware feedback gains in homomorphic-encryption-based control systems. It characterizes the encryption-induced delay as a deterministic function of the cryptographic parameters, derives a sufficient condition for the existence of a stabilizing feedback gain in the form of a finite set of linear matrix inequalities (LMIs), and presents a tractable outer-inner design procedure that searches over admissible cryptographic parameters satisfying a target security level while solving for a stabilizing gain at each candidate.

Significance. If the delay model and LMI conditions are shown to be valid for the closed-loop encrypted system, the result would be significant for practical deployment of encrypted control: it directly addresses the stability degradation caused by HE-induced delays that increase with security level, moving beyond the common practice of designing controllers in plaintext and then encrypting them. The outer-inner procedure offers a computationally attractive way to jointly optimize security and performance.

major comments (2)
  1. [§3 (delay characterization)] The central claim rests on modeling the encryption-induced delay τ as a deterministic function solely of the cryptographic parameters (abstract and §3). This assumption is load-bearing for the outer-inner procedure; however, actual HE runtimes (multiplications, rotations, bootstrapping) depend on hardware, library optimizations, current noise level, and implementation details, introducing variability or state-dependence not captured by a static map. Without explicit bounds or experimental validation of this determinism, the LMI-derived gains may not stabilize the real system.
  2. [§4 (LMI derivation)] The LMI conditions (abstract and §4) are derived under the assumption of exact delayed dynamics ẋ(t) = Ax(t) + B K x(t-τ) with constant delay. The encrypted controller typically employs approximate arithmetic (e.g., CKKS) or quantization, so the effective input is a perturbed version of Kx(t-τ). The manuscript does not provide a robustness margin or perturbation analysis showing that the nominal LMIs remain sufficient; this undermines the stabilizing claim for realistic encrypted loops.
minor comments (2)
  1. [§2] Notation for the delay function τ(·) and the cryptographic parameter set should be introduced with a clear table or explicit mapping to standard HE parameters (modulus, dimension, security level) to improve readability.
  2. [§5] The numerical examples or validation section would benefit from reporting both the LMI feasibility and closed-loop simulation results under the actual HE implementation (not just the nominal delay model) to demonstrate practical utility.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments and for recognizing the potential significance of the co-design framework. We address each major comment below with targeted revisions to clarify assumptions and strengthen the results.

read point-by-point responses

  1. Referee: [§3 (delay characterization)] The central claim rests on modeling the encryption-induced delay τ as a deterministic function solely of the cryptographic parameters (abstract and §3). This assumption is load-bearing for the outer-inner procedure; however, actual HE runtimes (multiplications, rotations, bootstrapping) depend on hardware, library optimizations, current noise level, and implementation details, introducing variability or state-dependence not captured by a static map. Without explicit bounds or experimental validation of this determinism, the LMI-derived gains may not stabilize the real system.

    Authors: Section 3 derives τ deterministically from the number and type of homomorphic operations dictated by the cryptographic parameters, under the modeling assumption of constant per-operation execution times. This enables the outer-inner search procedure. We agree that real-world variability exists. In the revision we will add an explicit remark in §3 stating that the model provides a nominal delay and recommending the use of conservative upper bounds (e.g., measured worst-case times on target hardware) when applying the LMIs, thereby preserving the sufficient stability condition. revision: partial

  2. Referee: [§4 (LMI derivation)] The LMI conditions (abstract and §4) are derived under the assumption of exact delayed dynamics ẋ(t) = Ax(t) + B K x(t-τ) with constant delay. The encrypted controller typically employs approximate arithmetic (e.g., CKKS) or quantization, so the effective input is a perturbed version of Kx(t-τ). The manuscript does not provide a robustness margin or perturbation analysis showing that the nominal LMIs remain sufficient; this undermines the stabilizing claim for realistic encrypted loops.

    Authors: The LMIs in §4 are obtained for the exact delayed closed-loop system, which is appropriate when the homomorphic scheme is configured for exact arithmetic (e.g., appropriate CKKS parameters or exact schemes such as BFV). We acknowledge that the manuscript does not yet address approximation errors. In the revision we will augment §4 with a perturbation analysis: if the effective input deviation satisfies a norm bound derived from the Lyapunov matrix and the LMI solution, asymptotic stability is retained via a standard Lyapunov perturbation argument. This will be stated as an additional sufficient condition. revision: yes

Circularity Check

0 steps flagged

No circularity detected in co-design derivation

full rationale

The derivation chain begins with an explicit characterization of encryption-induced delay as a deterministic function of cryptographic parameters (modulus, dimension, security level) drawn from standard homomorphic encryption models, followed by application of established delay-dependent LMI stability criteria for constant-delay LTI systems to obtain a sufficient condition for stabilizing gains. The outer-inner procedure is then a direct search over the resulting feasible set. No equation or claim reduces by construction to a fitted parameter, self-referential definition, or load-bearing self-citation; the LMI conditions and delay map are independent of the final co-design output and rest on external stability theory rather than tautology.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The framework rests on standard delay-dependent stability theory and homomorphic encryption properties; no new free parameters, invented entities, or ad-hoc axioms are introduced in the abstract.

axioms (2)
  • domain assumption Encryption-induced delays can be expressed as a deterministic function of cryptographic parameters.
    Invoked when the paper states that the delay is characterized as a function of the parameters.
  • standard math Delay-dependent stability of the closed-loop system can be certified by a finite set of linear matrix inequalities.
    Standard assumption in time-delay control theory used to obtain the sufficient condition.

pith-pipeline@v0.9.0 · 5452 in / 1362 out tokens · 41505 ms · 2026-05-10T11:14:09.493906+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

23 extracted references · 23 canonical work pages

  1. [1]

    Networked control systems: A survey of trends and techniques,

    X. M. Zhang et al., “Networked control systems: A survey of trends and techniques,”IEEE/CAA J. Au- tom. Sinica, vol. 7, no. 1, pp. 1–17, 2019

    work page 2019

  2. [2]

    Quantifying security for networked control systems: A review,

    S. C. Anand, A. T. Nguyen, A. M. H. Teixeira, H. Sandberg, and K. H. Johansson, “Quantifying security for networked control systems: A review,” 2025,arxiv:2510.18645. 0 0.5 1 1.5 2 2.5 0 10 20 ∥x(t)∥ (a)τ θ = 0 K1 K2 0 0.5 1 1.5 2 2.5 0 10 20 ∥x(t)∥ (b)τ θ = ¯τθ/4 0 0.5 1 1.5 2 2.5 0 10 20 ∥x(t)∥ (c)τ θ = ¯τθ/2 0 0.5 1 1.5 2 2.5 0 4 8 ·104 t ∥x(t)∥ (d)τ θ...

    work page arXiv 2025

  3. [3]

    History of indus- trial control system cyber incidents,

    K. E. Hemsley and E. Fisher, “History of indus- trial control system cyber incidents,” Idaho National Lab., Idaho Falls, ID, USA, Tech. Rep., INL/CON- 18-44411-Revision-2, 2018

    work page 2018

  4. [4]

    CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection- focused attack,

    J. Slowik, “CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection- focused attack,” Dragos, Inc., Hanover, MD, USA,

    work page 2016

  5. [5]

    Available: https://pylos.co/wp- content/uploads/2021/02/crashoverride.pdf

    [Online]. Available: https://pylos.co/wp- content/uploads/2021/02/crashoverride.pdf

    work page 2021

  6. [6]

    Cyber-security enhance- ment of networked control systems using homomor- phic encryption,

    K. Kogiso and T. Fujita, “Cyber-security enhance- ment of networked control systems using homomor- phic encryption,” inProc. 54th IEEE Conf. Decision Control, 2015, pp. 6836–6843

    work page 2015

  7. [7]

    Comparison of encrypted con- trol approaches and tutorial on dynamic systems us- ing Learning With Errors-based homomorphic en- cryption,

    J. Kim, D. Kim, Y . Song, H. Shim, H. Sandberg, and K. H. Johansson, “Comparison of encrypted con- trol approaches and tutorial on dynamic systems us- ing Learning With Errors-based homomorphic en- cryption,”Annu. Rev. Control, vol. 54, pp. 200–218, 2022

    work page 2022

  8. [8]

    A brief survey on encrypted control: From the first to the second generation and beyond,

    N. Schl ¨uter, P. Binfet, and M. Schulze Darup, “A brief survey on encrypted control: From the first to the second generation and beyond,”Annu. Rev. Con- trol, vol. 56, 2023, Art. no. 100913

    work page 2023

  9. [9]

    Dynamic controller that operates over homomorphically encrypted data for infinite time horizon,

    J. Kim, H. Shim, and K. Han, “Dynamic controller that operates over homomorphically encrypted data for infinite time horizon,”IEEE Trans. Autom. Con- trol, vol. 68, no. 2, pp. 660–672, 2023

    work page 2023

  10. [10]

    Input- output history feedback controller for encrypted control with leveled fully homomorphic encryp- tion,

    K. Teranishi, T. Sadamoto, and K. Kogiso, “Input- output history feedback controller for encrypted control with leveled fully homomorphic encryp- tion,”IEEE Trans. Control Netw. Syst., vol. 11, no. 1, pp. 271–283, 2024

    work page 2024

  11. [11]

    Bootstrapping guar- antees: Stability and performance analysis for dy- namic encrypted control,

    S. Schlor and F. Allg ¨ower, “Bootstrapping guar- antees: Stability and performance analysis for dy- namic encrypted control,”IEEE Control Syst. Lett., vol. 8, pp. 2235–2240, 2024

    work page 2024

  12. [12]

    Control over communica- tion networks: Modeling, analysis, and synthesis,

    M. B. G. Cloosterman, “Control over communica- tion networks: Modeling, analysis, and synthesis,” Ph.D. dissertation, Dept. Mech. Eng., Eindhoven Univ. Technol., Eindhoven, Netherlands, 2008

    work page 2008

  13. [13]

    Designing optimal key lengths and control laws for encrypted control systems based on sample identifying complexity and deciphering time,

    K. Teranishi, T. Sadamoto, A. Chakrabortty, and K. Kogiso, “Designing optimal key lengths and control laws for encrypted control systems based on sample identifying complexity and deciphering time,”IEEE Trans. Autom. Control, vol 68, no. 4, pp. 2183-2198, 2023

    work page 2023

  14. [14]

    On lattices, learning with errors, random linear codes, and cryptography,

    O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,”J. ACM, vol. 56, no. 6, 2009, Art. no. 34

    work page 2009

  15. [15]

    Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds,

    I. Chillotti, N. Gama, M. Georgieva, and M. Iz- abach´ene, “Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds,” inProc. Int. Conf. Theory Appl. Cryptol. Inf. Secur ., 2016, pp. 3– 33

    work page 2016

  16. [16]

    Homomorphic encryp- tion standard,

    M. R. Albrecht et al., “Homomorphic encryp- tion standard,” inProtecting Privacy Through Ho- momorphic Encryption, K. Lauter, W. Dai, and K. Laine, Eds. Cham, Switzerland: Springer, 2021, pp. 31–62

    work page 2021

  17. [17]

    On the concrete hardness of learning with errors,

    M. R. Albrecht, R. Player, and S. Scott, “On the concrete hardness of learning with errors,” inJ. Math. Cryptol., vol. 9, no. 3, pp. 169–203, 2015

    work page 2015

  18. [18]

    Ring-LWE-based encrypted controller with unlimited number of recursive multiplications and effect of error growth,

    Y . Jang, J. Lee, S. Min, H. Kwak, J. Kim, and Y . Song, “Ring-LWE-based encrypted controller with unlimited number of recursive multiplications and effect of error growth,”IEEE Trans. Control Netw. Syst., vol. 12, no. 4, pp. 2604–2616, 2025

    work page 2025

  19. [19]

    Sta- bility of networked control systems,

    W. Zhang, M. S. Branicky, and S. M. Phillips, “Sta- bility of networked control systems,”IEEE Control Syst. Mag., vol. 21, no. 1, pp. 84–99, 2001

    work page 2001

  20. [20]

    Survey on time-delay approach to networked control,

    K. Liu, A. Selivanov, and E. Fridman, “Survey on time-delay approach to networked control,”Annu. Rev. Control, vol. 48, pp. 57–79, 2019

    work page 2019

  21. [21]

    J. F. Kurose,Computer Networking: A Top-Down Approach, 6th ed, Boston, MA, USA: Pearson, 2013

    work page 2013

  22. [22]

    Online:https://github.com/ tuneinsight/lattigo, Aug

    Lattigo v6. Online:https://github.com/ tuneinsight/lattigo, Aug. 2024, EPFL- LDS and Tune Insight SA

    work page 2024

  23. [23]

    (Leveled) fully homomorphic encryption with- out bootstrapping,

    Z. Brakerski, C. Gentry, and V . Vaikuntanathan, “(Leveled) fully homomorphic encryption with- out bootstrapping,”ACM Trans. Comput. Theory, vol. 6, no. 3, pp. 1–36, 2014

    work page 2014