pith. sign in

arxiv: 2404.02574 · v3 · pith:UVB3MCDMnew · submitted 2024-04-03 · 📡 eess.SY · cs.SY

A Learning With Errors based encryption scheme for dynamic controllers that discloses residue signal for anomaly detection

Yeongjun Jang , Joowon Lee , Junsoo Kim , Takashi Tanaka , Hyungbo Shim This is my paper

Pith reviewed 2026-05-24 02:38 UTC · model grok-4.3

classification 📡 eess.SY cs.SY
keywords homomorphic encryptionlearning with errorsdynamic controllersanomaly detectionresidue signalzero-dynamicsencrypted control systems
0
0 comments X

The pith

An LWE-based homomorphic encryption scheme for dynamic controllers discloses only the residue signal for anomaly detection while keeping all other signals private.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a homomorphic encryption scheme using Learning With Errors for dynamic controllers. The scheme is designed to automatically reveal the residue signal, which can be used for detecting anomalies, without exposing any other signals. To achieve this, the authors characterize the zero-dynamics of the encrypted system over finite integers and integrate it into the encryption method. This approach also enables the implementation of dynamic controllers over encrypted data without needing re-encryption, even when state matrices are non-integers. A sympathetic reader would care because it solves the problem of anomaly detection in encrypted control systems that previously required full decryption or secret keys.

Core claim

We characterize the zero-dynamics of an encrypted dynamic system over a finite field of integers and incorporate it into a Learning With Errors based scheme. This allows a homomorphic encryption scheme for dynamic controllers that automatically discloses the residue signal for anomaly detection, while keeping all other signals private. We then present a method to further utilize the disclosed residue signal for implementing dynamic controllers over encrypted data, which does not involve re-encryption even when they have non-integer state matrices.

What carries the argument

Characterization of the zero-dynamics of an encrypted dynamic system over a finite field of integers, incorporated into an LWE-based homomorphic encryption scheme.

If this is right

  • Only the residue signal is disclosed automatically for anomaly detection.
  • All other signals remain private under the encryption.
  • Dynamic controllers can be implemented over encrypted data without re-encryption.
  • The scheme preserves correctness for controllers with arbitrary non-integer state matrices.
  • Encryption properties of the LWE scheme remain intact.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • This approach could support real-time anomaly monitoring in privacy-sensitive networked control systems.
  • It might reduce the need for periodic re-encryption in long-running encrypted controllers.
  • The disclosed residue could be combined with other lightweight detection methods without full decryption.

Load-bearing premise

The zero-dynamics of an encrypted dynamic system over a finite field of integers can be characterized and incorporated into the LWE scheme such that only the residue signal is disclosed while encryption properties and controller correctness remain intact for arbitrary non-integer state matrices.

What would settle it

A concrete counterexample in which the residue signal fails to be disclosed, other signals become visible, or the controller produces incorrect outputs for a system with non-integer state matrices would show the claim is false.

Figures

Figures reproduced from arXiv: 2404.02574 by Hyungbo Shim, Joowon Lee, Junsoo Kim, Takashi Tanaka, Yeongjun Jang.

Figure 1
Figure 1. Figure 1: Configuration of encrypted control system with anomaly detector. [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Configuration of the two-mass-spring system. [PITH_FULL_IMAGE:figures/full_fig_p009_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Injected attack signal a(t) beginning at t = 50 ensuring 128-bit security [34]. The bound for the error distri￾bution is set as δ = 6σ, and the scaling parameters are chosen as s1 = s2 = L = 10−4 . The initial values for the plant (33) and the controller (34) are given by x ini p = [1; 1; 1; 1] and x ini = [0; 0; 0; 0]. We consider an attack scenario, in which an adversary injects an additive attack signal… view at source ↗
Figure 4
Figure 4. Figure 4: compares the residue signal r(t) and the CUSUM statistic S(t) computed by the unencrypted controller (34) and the encrypted controller (43). The two controllers exhibit comparable performance and both successfully detect the in￾jected attack, which validates the effectiveness of the proposed method. The temporary false alarm observed at the beginning is due to transient errors, and may be alleviated throug… view at source ↗
read the original abstract

Although encrypted control systems ensure confidentiality of private data, it is challenging to detect anomalies without the secret key as all signals remain encrypted. To address this issue, we propose a homomorphic encryption scheme for dynamic controllers that automatically discloses the residue signal for anomaly detection, while keeping all other signals private. To this end, we characterize the zero-dynamics of an encrypted dynamic system over a finite field of integers and incorporate it into a Learning With Errors (LWE) based scheme. We then present a method to further utilize the disclosed residue signal for implementing dynamic controllers over encrypted data, which does not involve re-encryption even when they have non-integer state matrices.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper proposes a homomorphic encryption scheme based on Learning With Errors (LWE) for dynamic controllers. The scheme characterizes the zero-dynamics of an encrypted dynamic system over a finite field of integers, incorporates this into the LWE construction to disclose only the residue signal for anomaly detection while keeping other signals private, and presents a method to implement dynamic controllers over encrypted data without re-encryption even when the state matrices are non-integer.

Significance. If the technical claims hold, the selective disclosure of the residue signal via zero-dynamics analysis could enable practical anomaly detection in encrypted control without full decryption or re-encryption, addressing a key limitation in homomorphic control schemes. The approach builds on standard LWE and finite-field zero-dynamics ideas, but the absence of any derivations, proofs, or verification details prevents assessment of whether the result is actually achieved.

major comments (2)
  1. [Abstract] Abstract: the central claim that the zero-dynamics of an encrypted dynamic system over a finite field of integers can be characterized and incorporated into an LWE scheme such that only the residue signal is disclosed (while encryption properties and controller correctness remain intact) is stated without any supporting derivation, proof, or explicit construction. This is load-bearing for the entire proposal.
  2. [Abstract] Abstract: the claim that the disclosed residue signal can be further utilized to implement dynamic controllers over encrypted data without re-encryption for arbitrary non-integer state matrices is presented with no equations, algorithm, or correctness argument. The weakest assumption identified in the reader's report is therefore unsupported in the manuscript.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their report and the opportunity to respond. We address each major comment below and note where revisions to the manuscript are warranted.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central claim that the zero-dynamics of an encrypted dynamic system over a finite field of integers can be characterized and incorporated into an LWE scheme such that only the residue signal is disclosed (while encryption properties and controller correctness remain intact) is stated without any supporting derivation, proof, or explicit construction. This is load-bearing for the entire proposal.

    Authors: We agree that the abstract states this central claim at a high level without derivation or proof. The manuscript body contains the zero-dynamics characterization over finite fields and its incorporation into the LWE construction, but to make the support explicit and address the referee's concern about verifiability, we will revise the manuscript to include a clearer outline of the derivation and proof in the main text with improved cross-references from the abstract. revision: yes

  2. Referee: [Abstract] Abstract: the claim that the disclosed residue signal can be further utilized to implement dynamic controllers over encrypted data without re-encryption for arbitrary non-integer state matrices is presented with no equations, algorithm, or correctness argument. The weakest assumption identified in the reader's report is therefore unsupported in the manuscript.

    Authors: We agree that the abstract presents this claim without equations, algorithm, or correctness argument. The manuscript addresses the utilization of the residue signal in a later section, but the presentation lacks sufficient detail for independent verification. We will revise the manuscript to add the explicit method, equations, and correctness argument for non-integer matrices without re-encryption. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained

full rationale

The paper's central contribution is a new homomorphic encryption construction that characterizes zero-dynamics of an encrypted system over a finite field and incorporates it into an LWE scheme to selectively disclose only the residue signal. No equations or steps in the provided abstract or description reduce a claimed prediction or result to a fitted parameter, self-definition, or self-citation chain by construction. The scheme is presented as building on standard LWE and zero-dynamics analysis without load-bearing reliance on prior author work that would force the outcome. This is the normal case of an independent technical construction.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Full text unavailable; based on abstract alone the paper appears to rest on standard LWE hardness assumptions and finite-field arithmetic properties, but no explicit free parameters, axioms, or invented entities can be identified.

pith-pipeline@v0.9.0 · 5650 in / 1192 out tokens · 24178 ms · 2026-05-24T02:38:04.988169+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Sensor Attack Detection Method for Encrypted State Observers

    eess.SY 2025-12 unverdicted novelty 5.0

    Develops a homomorphic encryption scheme for a finite-field state observer in MIMO systems that discloses a residue signal to detect sparse sensor attacks under sensing redundancy, allowing encrypted state recovery if...

Reference graph

Works this paper leans on

36 extracted references · 36 canonical work pages · cited by 1 Pith paper

  1. [1]

    Stuxnet: Dissecting a cyberwarfare weapon,

    R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security & Privacy, vol. 9, no. 3, pp. 49–51, 2011

    work page 2011

  2. [2]

    Cyberphysical security in networked control systems: An introduction to the issue,

    H. Sandberg, S. Amin, and K. H. Johansson, “Cyberphysical security in networked control systems: An introduction to the issue,” IEEE Control Systems Magazine, vol. 35, no. 1, pp. 20–23, 2015

    work page 2015

  3. [3]

    A se- cure control framework for resource-limited adversaries,

    A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A se- cure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, 2015

    work page 2015

  4. [4]

    When adversary encounters uncertain cyber-physical systems: Robust zero- dynamics attack with disclosure resources,

    G. Park, H. Shim, C. Lee, Y . Eun, and K. H. Johansson, “When adversary encounters uncertain cyber-physical systems: Robust zero- dynamics attack with disclosure resources,” in Proceedings of the 55th IEEE Conference on Decision and Control , 2016, pp. 5085–5090

    work page 2016

  5. [5]

    Cyber-security enhancement of networked control systems using homomorphic encryption,

    K. Kogiso and T. Fujita, “Cyber-security enhancement of networked control systems using homomorphic encryption,” in Proceedings of the 54th IEEE Conference on Decision and Control , 2015, pp. 6836–6843

    work page 2015

  6. [6]

    Encrypting controller using fully homomorphic encryption for security of cyber-physical systems,

    J. Kim, C. Lee, H. Shim, J. H. Cheon, A. Kim, M. Kim, and Y . Song, “Encrypting controller using fully homomorphic encryption for security of cyber-physical systems,” IFAC-PapersOnLine, vol. 49, no. 22, pp. 175–180, 2016

    work page 2016

  7. [7]

    Encrypted control for networked systems: An illustrative introduction and current challenges,

    M. Schulze Darup, A. B. Alexandru, D. E. Quevedo, and G. J. Pappas, “Encrypted control for networked systems: An illustrative introduction and current challenges,” IEEE Control Systems Magazine, vol. 41, no. 3, pp. 58–78, 2021

    work page 2021

  8. [8]

    Comparison of encrypted control approaches and tutorial on dynamic systems using Learning With Errors-based homomorphic encryption,

    J. Kim, D. Kim, Y . Song, H. Shim, H. Sandberg, and K. H. Johansson, “Comparison of encrypted control approaches and tutorial on dynamic systems using Learning With Errors-based homomorphic encryption,” Annual Reviews in Control , vol. 54, pp. 200–218, 2022

    work page 2022

  9. [9]

    A brief survey on encrypted control: From the first to the second generation and beyond,

    N. Schl ¨uter, P. Binfet, and M. Schulze Darup, “A brief survey on encrypted control: From the first to the second generation and beyond,” Annual Reviews in Control , vol. 56, 2023, Art. no. 100913. 10

    work page 2023

  10. [10]

    Cloud-based MPC with encrypted data,

    A. B. Alexandru, M. Morari, and G. J. Pappas, “Cloud-based MPC with encrypted data,” in Proceedings of the 57th IEEE Conference on Decision and Control , 2018, pp. 5014–5019

    work page 2018

  11. [11]

    En- crypted distributed model predictive control of nonlinear processes,

    Y . A. Kadakia, F. Abdullah, A. Alnajdi, and P. D. Christofides, “En- crypted distributed model predictive control of nonlinear processes,” Control Engineering Practice , vol. 145, 2024, Art. no. 105874

    work page 2024

  12. [12]

    Encrypted average consensus with quantized control law,

    M. Kishida, “Encrypted average consensus with quantized control law,” in Proceedings of the 57th IEEE Conference on Decision and Control , 2018, pp. 5850–5856

    work page 2018

  13. [13]

    Privacy-preserving distributed averaging via homomorphically encrypted ratio consensus,

    C. N. Hadjicostis and A. D. Dom ´ınguez-Garc´ıa, “Privacy-preserving distributed averaging via homomorphically encrypted ratio consensus,” IEEE Transactions on Automatic Control, vol. 65, no. 9, pp. 3887–3894, 2020

    work page 2020

  14. [14]

    Distributed aggregation over homomor- phically encrypted data under switching networks,

    D. Lee, J. Kim, and H. Shim, “Distributed aggregation over homomor- phically encrypted data under switching networks,” inProceedings of the 59th IEEE Conference on Decision and Control , 2020, pp. 5495–5500

    work page 2020

  15. [15]

    Faithful and privacy-preserving implementation of average consensus,

    K. Teranishi, K. Kogiso, and T. Tanaka, “Faithful and privacy-preserving implementation of average consensus,” arXiv:2503.09381, 2025

    work page arXiv 2025

  16. [16]

    Approximated explicit NMPC via reinforcement learning for homo- morphically encrypted process control,

    D. Dzurkov ´a, P. Val ´abek, O. M ´esz´aros, M. Kal ´uz, and M. Klau ˇco, “Approximated explicit NMPC via reinforcement learning for homo- morphically encrypted process control,” inProceedings of the 63rd IEEE Conference on Decision and Control , 2024, pp. 4574–4581

    work page 2024

  17. [17]

    Relative entropy regu- larized reinforcement learning for efficient encrypted policy synthesis,

    J. Suh, Y . Jang, K. Teranishi, and T. Tanaka, “Relative entropy regu- larized reinforcement learning for efficient encrypted policy synthesis,” IEEE Control Systems Letters , vol. 9, pp. 895–900, 2025

    work page 2025

  18. [18]

    An approach to encrypted fault detection of cyber-physical systems,

    D. Martynova and P. Zhang, “An approach to encrypted fault detection of cyber-physical systems,” in 2019 12th Asian Control Conference , 2019, pp. 1501–1506

    work page 2019

  19. [19]

    Private anomaly detection in linear controllers: Garbled circuits vs. homomorphic encryption,

    A. B. Alexandru, L. Burbano, M. F. C ¸ eliktu ˘g, J. Gomez, A. A. Cardenas, M. Kantarcioglu, and J. Katz, “Private anomaly detection in linear controllers: Garbled circuits vs. homomorphic encryption,” in Proceedings of the 61st IEEE Conference on Decision and Control , 2022, pp. 7746–7753

    work page 2022

  20. [20]

    On lattices, learning with errors, random linear codes, and cryptography,

    O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” Journal of the ACM , vol. 56, no. 6, 2009, Art. no. 34

    work page 2009

  21. [21]

    Dynamic controller that operates over homomorphically encrypted data for infinite time horizon,

    J. Kim, H. Shim, and K. Han, “Dynamic controller that operates over homomorphically encrypted data for infinite time horizon,” IEEE Transactions on Automatic Control , vol. 68, no. 2, pp. 660–672, 2023

    work page 2023

  22. [22]

    Input–output history feed- back controller for encrypted control with leveled fully homomorphic encryption,

    K. Teranishi, T. Sadamoto, and K. Kogiso, “Input–output history feed- back controller for encrypted control with leveled fully homomorphic encryption,” IEEE Transactions on Control of Network Systems, vol. 11, no. 1, pp. 271–283, 2023

    work page 2023

  23. [23]

    Encrypted dynamic control exploiting limited number of multiplications and a method using RLWE- based cryptosystem,

    J. Lee, D. Lee, J. Kim, and H. Shim, “Encrypted dynamic control exploiting limited number of multiplications and a method using RLWE- based cryptosystem,” IEEE Transactions on Systems, Man, and Cyber- netics: Systems, vol. 55, no. 1, pp. 158–169, 2025

    work page 2025

  24. [24]

    Need for controllers having integer coefficients in homomorphically encrypted dynamic system,

    J. H. Cheon, K. Han, H. Kim, J. Kim, and H. Shim, “Need for controllers having integer coefficients in homomorphically encrypted dynamic system,” in Proceedings of the 57th IEEE Conference on Decision and Control , 2018, pp. 5020–5025

    work page 2018

  25. [25]

    On the concrete hardness of learning with errors,

    M. R. Albrecht, R. Player, and S. Scott, “On the concrete hardness of learning with errors,” Journal of Mathematical Cryptology, vol. 9, no. 3, pp. 169–203, 2015

    work page 2015

  26. [26]

    Method for running dynamic systems over encrypted data for infinite time horizon without bootstrapping and re-encryption,

    J. Kim, H. Shim, H. Sandberg, and K. H. Johansson, “Method for running dynamic systems over encrypted data for infinite time horizon without bootstrapping and re-encryption,” in Proceedings of the 60th IEEE Conference on Decision and Control , 2021, pp. 5614–5619

    work page 2021

  27. [27]

    Nonminimality of the realizations and possessing state matrices with integer elements in linear discrete-time controllers,

    M. S. Tavazoei, “Nonminimality of the realizations and possessing state matrices with integer elements in linear discrete-time controllers,” IEEE Transactions on Automatic Control, vol. 68, no. 6, pp. 3698–3703, 2023

    work page 2023

  28. [28]

    Stabilization by controllers having integer coefficients,

    J. Lee, D. Lee, and J. Kim, “Stabilization by controllers having integer coefficients,” arXiv preprint arXiv:2505.00481 , 2025

    work page arXiv 2025

  29. [29]

    H. K. Khalil, Nonlinear systems, 3rd ed. Upper Saddle River, NJ, USA: Prentice-Hall, 2002

    work page 2002

  30. [30]

    T. W. Hungerford, Algebra. Springer Science & Business Media, 2012, vol. 73

    work page 2012

  31. [31]

    Friedberg, A

    S. Friedberg, A. Insel, and L. Spence, Linear Algebra . Pearson Education, 2014

    work page 2014

  32. [32]

    Attack detection and identi- fication in cyber-physical systems,

    F. Pasqualetti, F. D ¨orfler, and F. Bullo, “Attack detection and identi- fication in cyber-physical systems,” IEEE Transactions on Automatic Control, vol. 58, no. 11, pp. 2715–2729, 2013

    work page 2013

  33. [33]

    Benchmark problems for robust control design,

    B. Wie and D. S. Bernstein, “Benchmark problems for robust control design,” Journal of Guidance, Control, and Dynamics , vol. 15, no. 5, pp. 1057–1059, 1992

    work page 1992

  34. [34]

    Homomorphic encryption standard,

    M. R. Albrecht, M. Chase, H. Chen, J. Ding, S. Goldwasser, S. Gor- bunov, S. Halevi, J. Hoffstein, K. Laine, K. Lauter, S. Lokam, D. Mic- ciancio, D. Moody, T. Morrison, A. Sahai, and V . Vaikuntanathan, “Homomorphic encryption standard,” in Protecting Privacy through Homomorphic Encryption, K. Lauter, W. Dai, and K. Laine, Eds. Cham, Switzerland: Springe...

    work page 2021

  35. [35]

    Secure networked control systems,

    H. Sandberg, V . Gupta, and K. H. Johansson, “Secure networked control systems,”Annual Review of Control, Robotics, and Autonomous Systems, vol. 5, no. 1, pp. 445–464, 2022. Yeongjun Jang received the B.S. degree in electri- cal and computer engineering in 2022, from Seoul National University, South Korea. He is currently a combined M.S./Ph.D. student in ...

    work page 2022

  36. [36]

    His research interests include security problems in networked control systems and encrypted control systems

    He is currently an Assistant Professor at the Department of Electrical and Information Engineer- ing, Seoul National University of Science and Tech- nology, South Korea. His research interests include security problems in networked control systems and encrypted control systems. Takashi Tanaka received the B.S. degree from the University of Tokyo, Tokyo, J...

    work page 2006