Secure Conformance Checking using Token-based Replay and Homomorphic Encryption

Abel Armas-Cervantes; Astrid-Monserrat Rivera-Partida; Luciano Garc\'ia-Ba\~nuelos; Luis-Armando Rodr\'iguez-Flores

arxiv: 2604.25190 · v1 · submitted 2026-04-28 · 💻 cs.CR · cs.SE

Secure Conformance Checking using Token-based Replay and Homomorphic Encryption

Luis-Armando Rodr\'iguez-Flores , Luciano Garc\'ia-Ba\~nuelos , Abel Armas-Cervantes , Astrid-Monserrat Rivera-Partida This is my paper

Pith reviewed 2026-05-07 16:13 UTC · model grok-4.3

classification 💻 cs.CR cs.SE

keywords conformance checkingprocess mininghomomorphic encryptiontoken-based replayevent log privacysecure computation

0 comments

The pith

Conformance checking between a process model and a sensitive event log can be done without revealing the log contents by adapting token-based replay to run under homomorphic encryption.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper addresses situations where one party holds a process model and another holds an event log containing private or sensitive information, yet both want to determine how well the log matches the model. It adapts the standard token-based replay algorithm so that the steps of moving tokens through the model and counting deviations can execute on ciphertexts rather than plaintext traces. Homomorphic encryption supplies the algebraic properties that let additions and multiplications needed for fitness and precision measures occur directly on the encrypted data. A practical demonstration on a synthetic event log confirms that the encrypted computation finishes in reasonable time and produces usable results.

Core claim

The authors show that the token-based replay conformance procedure can be lifted to operate entirely on homomorphically encrypted event logs. By encoding trace activities and token states as ciphertexts, the replay engine computes the number of missing and remaining tokens without ever decrypting individual events, yielding the same fitness value that the plaintext algorithm would have produced.

What carries the argument

Homomorphic encryption applied to the token movement and counting operations of the token-based replay algorithm, allowing all arithmetic steps of conformance measurement to be performed on ciphertexts.

If this is right

A model owner can obtain a conformance report while the log owner never transmits raw traces.
The same encryption layer can in principle protect other replay-derived metrics such as precision and generalization.
The approach demonstrates that privacy-preserving conformance checking is computationally realistic at least for logs of moderate size.
Two organizations can jointly audit process adherence without a trusted third party holding the plaintext log.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The technique could be combined with secure multiparty protocols to let both model and log remain private throughout the computation.
Industries handling regulated data, such as healthcare or finance, could adopt it to verify process compliance without exposing individual records.
Extending the method to streaming logs or online conformance checking would require new encrypted data structures for incremental token updates.

Load-bearing premise

The arithmetic operations required by token replay can be expressed exactly as additions and multiplications that a homomorphic encryption scheme supports without introducing rounding or precision errors that alter the final conformance score.

What would settle it

Run the encrypted protocol and the ordinary plaintext token-replay algorithm on identical model and log pairs and obtain different numerical conformance values.

Figures

Figures reproduced from arXiv: 2604.25190 by Abel Armas-Cervantes, Astrid-Monserrat Rivera-Partida, Luciano Garc\'ia-Ba\~nuelos, Luis-Armando Rodr\'iguez-Flores.

**Figure 1.** Figure 1: Accepting Petri net The marking Mn is said to be reachable from M, shorthanded as M σ−→ Mn, if there exists a sequence of transitions σ = ⟨t1t2 . . . tn⟩ such that M t1 −→ M1 t2 −→ . . . tn −→ Mn. A marking M where no transition is enabled is called terminal, i.e., ∄ t ∈ T | (N, M′ )[t⟩. The set of all the markings reachable from a marking M is denoted as [M⟩. A sequence of transitions from an initial mark… view at source ↗

**Figure 2.** Figure 2: Marking equation, where M and N represent the marking and incidence matrix of view at source ↗

**Figure 3.** Figure 3: Block diagram illustrating the approach and system architecture view at source ↗

**Figure 4.** Figure 4: Matrix of dynamics of Petri net in Figure 1 view at source ↗

read the original abstract

Conformance checking, one of the main process mining operations, aims to identify discrepancies between a process model and an event log. The model represents the expected behaviour, whereas the event log represents the actual process behaviour as captured in information systems' records. Traditionally, the process model and the event log are both accessible to the business analyst performing the conformance checking. However, in some contexts the log's owner may want to protect critical or sensitive information in the log and still check its conformance with respect to a model belonging to another party. In this paper, we propose a secure approach to conformance checking based on the well-known token-based replay algorithm and homomorphic encryption. An evaluation is performed using a synthetic log, showing the practicality of the proposed technique.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper combines token-based replay with homomorphic encryption for private conformance checking and shows feasible runtimes on synthetic data, but does not verify that the fitness scores match the plaintext version.

read the letter

The paper's main contribution is a method for conformance checking that keeps the event log encrypted using homomorphic encryption while still applying the token-based replay technique. They evaluate it with a synthetic log and report that it is practical in terms of computation time. This combination is presented as new, and it does address a genuine gap where organizations want to check process conformance without exposing their logs. The authors draw from established work on both sides, which keeps the proposal grounded. What works is the focus on feasibility. Showing that the encrypted computation completes without excessive slowdown is a positive step for anyone thinking about deploying such techniques. Where it falls short is the lack of evidence that the conformance result is accurate. As noted in the stress test, token-based replay involves conditional checks and comparisons that standard homomorphic encryption doesn't support natively. The paper would need to detail how they translated those operations into arithmetic circuits or used additional protocols, and then verify that the decrypted fitness value matches what you get from running it in the clear. Their current evaluation on synthetic data doesn't include that verification, which leaves the accuracy claim open. Generalization to real sensitive logs is also not demonstrated, as synthetic data tends to be cleaner and simpler. This paper is for people working on privacy in process mining or secure computation applications in business processes. A reader interested in the intersection of these fields could pick up some useful pointers, even if the implementation details need more work. It deserves a serious referee because the idea is specific and the evaluation provides a starting point for discussion. Reviewers could help strengthen the security and correctness arguments. My recommendation is to send it for peer review rather than desk reject, as it has enough substance to warrant expert feedback on the technical integration.

Referee Report

2 major / 2 minor

Summary. The paper proposes a secure conformance checking method that integrates the token-based replay algorithm with homomorphic encryption. This enables one party to verify the fitness of a private event log against a process model held by another party without disclosing the log contents. The approach is evaluated on a synthetic event log, with results indicating that the technique is computationally practical.

Significance. If the integration can be shown to preserve exact conformance metrics (i.e., identical fitness values to plaintext token-based replay), the work would represent a meaningful advance in privacy-preserving process mining. It builds directly on two established techniques and provides an initial runtime demonstration on synthetic data, which is a positive step toward applicability in domains with sensitive logs such as healthcare or finance.

major comments (2)

[Proposed approach] Proposed approach section: the description of how token-based replay's conditional logic (enabled transitions, token movements, missing tokens, and min/max operations) is realized as an HE arithmetic circuit is absent; standard HE supports only addition and multiplication, so the manuscript must specify any approximations, auxiliary protocols, or circuit constructions used to avoid inexact fitness results.
[Evaluation] Evaluation section: the synthetic-log experiment reports only runtime and feasibility but contains no comparison of decrypted conformance fitness values against the corresponding plaintext token-replay computation, nor any error bounds or equivalence proof; without this, the central claim that the secure version remains accurate rests on an unverified assumption.

minor comments (2)

[Abstract] The abstract and introduction would benefit from a brief statement of the exact security model (e.g., semi-honest vs. malicious) and the threat assumptions under which the HE scheme is applied.
[Proposed approach] Notation for the encrypted log and model elements should be introduced consistently and early to improve readability of the algorithmic description.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments on our manuscript. These observations highlight important aspects that require clarification and additional material. We address each major comment below and indicate the corresponding revisions.

read point-by-point responses

Referee: [Proposed approach] Proposed approach section: the description of how token-based replay's conditional logic (enabled transitions, token movements, missing tokens, and min/max operations) is realized as an HE arithmetic circuit is absent; standard HE supports only addition and multiplication, so the manuscript must specify any approximations, auxiliary protocols, or circuit constructions used to avoid inexact fitness results.

Authors: We acknowledge that the current version of the manuscript does not contain an explicit description of the arithmetic circuit realizing the conditional logic of token-based replay. In the revised manuscript we will insert a dedicated subsection that details the circuit construction. This will cover the encoding of enabled-transition checks, token increments/decrements, and the handling of min/max operations via established HE-compatible techniques such as polynomial approximation for the minimum function and secure comparison protocols based on bit decomposition. We will also state the resulting precision guarantees and any auxiliary protocols required. revision: yes
Referee: [Evaluation] Evaluation section: the synthetic-log experiment reports only runtime and feasibility but contains no comparison of decrypted conformance fitness values against the corresponding plaintext token-replay computation, nor any error bounds or equivalence proof; without this, the central claim that the secure version remains accurate rests on an unverified assumption.

Authors: The referee is correct that the evaluation section currently omits a direct numerical comparison between the decrypted fitness values produced by the secure protocol and the fitness values obtained from plaintext token-based replay on the identical synthetic log. We will extend the evaluation with this comparison, report the observed differences, supply explicit error bounds derived from the circuit approximations, and include a short proof sketch establishing equivalence (or bounded deviation) under the semantic security of the homomorphic encryption scheme. revision: yes

Circularity Check

0 steps flagged

No circularity; proposal integrates established prior algorithms

full rationale

The paper's derivation chain consists of proposing an integration of the well-known token-based replay algorithm (a prior external technique) with homomorphic encryption, followed by an empirical evaluation on a synthetic log to show practicality. No equations or steps reduce by construction to parameters or results defined within the paper itself. There are no self-citations that are load-bearing for the central claim, no fitted inputs renamed as predictions, and no uniqueness theorems or ansatzes imported from the authors' prior work. The result is self-contained against external benchmarks of the base algorithms and does not exhibit any of the enumerated circularity patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on the standard properties of homomorphic encryption and the correctness of the token-based replay algorithm from prior literature; no new free parameters or invented entities are introduced in the abstract.

axioms (2)

domain assumption Homomorphic encryption permits computations on encrypted data without decryption
Invoked to enable replay on protected logs; standard property assumed from cryptography literature.
domain assumption Token-based replay correctly measures conformance when applied to event logs
Well-known algorithm whose correctness is taken as given.

pith-pipeline@v0.9.0 · 5444 in / 1298 out tokens · 53853 ms · 2026-05-07T16:13:15.206152+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

17 extracted references · 17 canonical work pages

[1]

Process Mining: Data Science in Action

van der Aalst, W.M.P.: Process Mining - Data Science in Action, Second Edition. Springer (2016). https://doi.org/10.1007/978-3-662-49851-4 18 Rodríguez-Flores et al

work page doi:10.1007/978-3-662-49851-4 2016
[2]

Phd Thesis, Technische Universiteit Eindhoven, Mathematics and Computer Science (2014)

Adriansyah, A.: Aligning observed and modeled behavior. Phd Thesis, Technische Universiteit Eindhoven, Mathematics and Computer Science (2014)

work page 2014
[3]

In: ATAED@Petri Nets/ACSD

Berti, A., van der Aalst, W.M.P.: Reviving token-based replay: Increasing speed while improving diagnostics. In: ATAED@Petri Nets/ACSD. CEUR Workshop Proceedings, vol. 2371, pp. 87–103. CEUR-WS.org (2019)

work page 2019
[4]

In: FiCloud

Burattin, A., Conti, M., Turato, D.: Toward an anonymous process mining. In: FiCloud. pp. 58–63. IEEE Computer Society (2015)

work page 2015
[5]

Switzerland: Springer.[Google Scholar]56, 12 (2018)

Carmona, J., van Dongen, B., Solti, A., Weidlich, M.: Conformance checking. Switzerland: Springer.[Google Scholar]56, 12 (2018)

work page 2018
[6]

In: Brenner, M., Costache, A., Rohloff, K

Chakraborty, O., Zuber, M.: Efficient and accurate homomorphic comparisons. In: Brenner, M., Costache, A., Rohloff, K. (eds.) Proceedings of the 10th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, Los Angeles, CA, USA, 7 November 2022. pp. 35–46. ACM (2022)

work page 2022
[7]

Cambridge University Press (1995)

Desel, J., Esparza, J.: Free Choice Petri Nets. Cambridge University Press (1995)

work page 1995
[8]

In: Proc

Elkoumy, G., Fahrenkrog-Petersen, S.A., Dumas, M., Laud, P., Pankova, A., Wei- dlich, M.: Secure multi-party computation for inter-organizational process mining. In: Proc. of BPMDS/EMMSAD@CAiSE. LNBIP, vol. 387, pp. 166–181. Springer (2020)

work page 2020
[9]

In: Bouzefrane, S., Banerjee, S., Mourlin, F., Boumerdassi, S., Renault, É

Fréry, J., Stoian, A., Bredehoft, R., Montero, L., Kherfallah, C., Chevallier-Mames, B., Meyre, A.: Privacy-preserving tree-based inference with TFHE. In: Bouzefrane, S., Banerjee, S., Mourlin, F., Boumerdassi, S., Renault, É. (eds.) Mobile, Secure, and Programmable Networking - 9th International Conference, MSPN 2023, Paris, France, October 26-27, 2023, ...

work page 2023
[10]

Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford Uni- versity, USA (2009)

work page 2009
[11]

IEEE Trans

Liu, C., Duan, H., Zeng, Q., Zhou, M., Lu, F., Cheng, J.: Towards comprehensive support for privacy preservation cross-organization business process mining. IEEE Trans. Serv. Comput.12(4), 639–653 (2019)

work page 2019
[12]

In: Hu, H., Sung, A.H., Verma, R.M

Montero, L., Fréry, J., Kherfallah, C., Bredehoft, R., Stoian, A.: Machine learning training on encrypted data with TFHE. In: Hu, H., Sung, A.H., Verma, R.M. (eds.) Proceedings of the 10th ACM International Workshop on Security and Privacy Analytics, IWSPA 2024, Porto, Portugal, 21 June 2024. pp. 71–76. ACM (2024)

work page 2024
[13]

In: SIMPDA

Rafiei, M., von Waldthausen, L., van der Aalst, W.M.P.: Supporting confidentiality in process mining using abstraction and encryption. In: SIMPDA. LNBIP, vol. 379, pp. 101–123. Springer (2019)

work page 2019
[14]

Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomor- phisms. Found. Sec. Comput.4, 169–180 (1978)

work page 1978
[15]

Rozinat, A., van der Aalst, W.: Conformance checking of processes based on mon- itoring real behavior. Inf. Syst.33(1), 64–95 (2008)

work page 2008
[16]

Veugen, T.: Encrypted integer division and secure comparison. Int. J. Appl. Cryp- togr.3(2), 166–180 (2014)

work page 2014
[17]

Zama: Concrete: TFHE Compiler that converts python programs into FHE equiv- alent (2022), https://github.com/zama-ai/concrete

work page 2022

[1] [1]

Process Mining: Data Science in Action

van der Aalst, W.M.P.: Process Mining - Data Science in Action, Second Edition. Springer (2016). https://doi.org/10.1007/978-3-662-49851-4 18 Rodríguez-Flores et al

work page doi:10.1007/978-3-662-49851-4 2016

[2] [2]

Phd Thesis, Technische Universiteit Eindhoven, Mathematics and Computer Science (2014)

Adriansyah, A.: Aligning observed and modeled behavior. Phd Thesis, Technische Universiteit Eindhoven, Mathematics and Computer Science (2014)

work page 2014

[3] [3]

In: ATAED@Petri Nets/ACSD

Berti, A., van der Aalst, W.M.P.: Reviving token-based replay: Increasing speed while improving diagnostics. In: ATAED@Petri Nets/ACSD. CEUR Workshop Proceedings, vol. 2371, pp. 87–103. CEUR-WS.org (2019)

work page 2019

[4] [4]

In: FiCloud

Burattin, A., Conti, M., Turato, D.: Toward an anonymous process mining. In: FiCloud. pp. 58–63. IEEE Computer Society (2015)

work page 2015

[5] [5]

Switzerland: Springer.[Google Scholar]56, 12 (2018)

Carmona, J., van Dongen, B., Solti, A., Weidlich, M.: Conformance checking. Switzerland: Springer.[Google Scholar]56, 12 (2018)

work page 2018

[6] [6]

In: Brenner, M., Costache, A., Rohloff, K

Chakraborty, O., Zuber, M.: Efficient and accurate homomorphic comparisons. In: Brenner, M., Costache, A., Rohloff, K. (eds.) Proceedings of the 10th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, Los Angeles, CA, USA, 7 November 2022. pp. 35–46. ACM (2022)

work page 2022

[7] [7]

Cambridge University Press (1995)

Desel, J., Esparza, J.: Free Choice Petri Nets. Cambridge University Press (1995)

work page 1995

[8] [8]

In: Proc

Elkoumy, G., Fahrenkrog-Petersen, S.A., Dumas, M., Laud, P., Pankova, A., Wei- dlich, M.: Secure multi-party computation for inter-organizational process mining. In: Proc. of BPMDS/EMMSAD@CAiSE. LNBIP, vol. 387, pp. 166–181. Springer (2020)

work page 2020

[9] [9]

In: Bouzefrane, S., Banerjee, S., Mourlin, F., Boumerdassi, S., Renault, É

Fréry, J., Stoian, A., Bredehoft, R., Montero, L., Kherfallah, C., Chevallier-Mames, B., Meyre, A.: Privacy-preserving tree-based inference with TFHE. In: Bouzefrane, S., Banerjee, S., Mourlin, F., Boumerdassi, S., Renault, É. (eds.) Mobile, Secure, and Programmable Networking - 9th International Conference, MSPN 2023, Paris, France, October 26-27, 2023, ...

work page 2023

[10] [10]

Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford Uni- versity, USA (2009)

work page 2009

[11] [11]

IEEE Trans

Liu, C., Duan, H., Zeng, Q., Zhou, M., Lu, F., Cheng, J.: Towards comprehensive support for privacy preservation cross-organization business process mining. IEEE Trans. Serv. Comput.12(4), 639–653 (2019)

work page 2019

[12] [12]

In: Hu, H., Sung, A.H., Verma, R.M

Montero, L., Fréry, J., Kherfallah, C., Bredehoft, R., Stoian, A.: Machine learning training on encrypted data with TFHE. In: Hu, H., Sung, A.H., Verma, R.M. (eds.) Proceedings of the 10th ACM International Workshop on Security and Privacy Analytics, IWSPA 2024, Porto, Portugal, 21 June 2024. pp. 71–76. ACM (2024)

work page 2024

[13] [13]

In: SIMPDA

Rafiei, M., von Waldthausen, L., van der Aalst, W.M.P.: Supporting confidentiality in process mining using abstraction and encryption. In: SIMPDA. LNBIP, vol. 379, pp. 101–123. Springer (2019)

work page 2019

[14] [14]

Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomor- phisms. Found. Sec. Comput.4, 169–180 (1978)

work page 1978

[15] [15]

Rozinat, A., van der Aalst, W.: Conformance checking of processes based on mon- itoring real behavior. Inf. Syst.33(1), 64–95 (2008)

work page 2008

[16] [16]

Veugen, T.: Encrypted integer division and secure comparison. Int. J. Appl. Cryp- togr.3(2), 166–180 (2014)

work page 2014

[17] [17]

Zama: Concrete: TFHE Compiler that converts python programs into FHE equiv- alent (2022), https://github.com/zama-ai/concrete

work page 2022