- The paper introduces a dynamic-key LWE framework that updates encryption keys at each control step, hindering adversaries from reconstructing system dynamics.
- It rigorously analyzes error propagation in quantized state-feedback control, ensuring decryption correctness by adhering to precise parameter synthesis.
- Numerical evaluations confirm that the method achieves 74-bit quantum security, with encrypted control outputs matching machine precision levels.
Dynamic-Key Post-Quantum Encrypted Control Against System Identification Attacks
Introduction and Problem Setting
This paper introduces a dynamic-key Learning with Errors (LWE) encrypted control framework explicitly engineered to resist system identification attacks in cyber-physical systems. Unlike conventional static-key approaches, in which an adversary can accumulate encrypted input-output pairs to reconstruct system dynamics, the proposed system incorporates per-step key updates under post-quantum cryptographic (PQC) assumptions. The paper rigorously formulates the adversarial threat model, details metric-driven security definitions based on sample-identifying complexity and quantum sample-deciphering time, and integrates dynamic-key LWE into state-feedback control.
The control model is a standard discrete-time linear system with state-feedback, quantized for encryption compatibility. Adversaries are presumed to access the network, to perform quantum attacks on the PQC scheme, and exploit least-squares identification methods once decrypted data is available. Security is thus quantified not by the one-off intractability but the operationally relevant time (given quantum computational speed) required to amass and decrypt the sample set sufficient for reliable identification.
Dynamic-Key LWE-Based Encryption Scheme
The key technical contribution is a set of new transition maps for both keys and ciphertexts within the LWE framework, extending dynamic-key encrypted control beyond classical schemes like ElGamal. The encryption system at each control step maintains correctness and full homomorphism while ensuring that every control or state message is ciphertext under a new (ephemeral) secret key.
The dynamic key update operates as follows: at each time k, the secret key is updated via sk(k+1)=sk(k)+s(k)modq, where s(k) is sampled uniformly at random. Ciphertexts are adjusted accordingly to maintain decryptability with the updated key. The detailed homomorphic operations for matrix-vector (state-feedback) arithmetic are compatible with standard LWE encoders and ensure that errors due to encryption noise remain bounded, provided design parameters are carefully chosen.
Security evaluation utilizes the Lattice Estimator toolkit to directly relate key and ciphertext parameters (dimension, modulus, noise, ciphertext multiplicity) to concrete bit-security levels under quantum attacks. The dynamic-key mechanism structurally limits the number of ciphertexts produced under any one private key, narrowing attack surfaces compared to prior batch-encrypted or static-key control loops.
Encrypted Control Design and Error Propagation Analysis
Encrypted state-feedback control is implemented through elementwise homomorphic vector operations on quantized signals and gains. Each controller action is computed entirely in the encrypted domain; decryption occurs only at the plant or actuator interface, where quantized plaintexts are restored. The paper provides a rigorous upper bound on noise growth through both additive and multiplicative homomorphic operations per time step.
Correctness requires that the cumulative encryption error across all control arithmetic (summed over the number of plant states and homomorphic multiplications) does not induce decryption failure: np​(∥EcdΔ​(F)∥∞​+nG​ν)κσ<2tq​, with parameters specified by the cipher system and controller quantization. This result ensures that with suitable configuration, the decrypted closed-loop system is behaviorally indistinguishable from a purely quantized (but not encrypted) control implementation.

Figure 1: Configurations of encrypted and quantized control systems.
Theorem 1 formalizes that under these bounds, and neglecting quantization error, the dynamic-key LWE encrypted system is functionally equivalent to the original unencrypted, unquantized plant-controller system.
Security Metrics and Parameter Synthesis
Security is operationally defined: the system is secure if the quantum sample-deciphering time required to break the necessary number of samples for identification, TQ​(N∗(γc​),λQ​), exceeds the system's operational lifetime Tc​. Here, N∗ is determined by the desired identification error threshold, and λQ​ is the quantum-security parameter inferred from the LWE instance size and design.
Parameter synthesis follows a systematic procedure: establishing system accuracy and security requirements, computing the required number of samples for adversarial identification, selecting LWE parameters ensuring adequate quantum bit security per the Lattice Estimator, then adjusting the quantization and modulus parameters to guarantee control correctness per the derived error bounds.
Numerical Evaluation
A detailed numerical example validates the full procedure. For a second-order system with fixed feedback, the key, modulus, and quantization parameters are instantiated to provide $74$-bit quantum security. The resulting calculated quantum deciphering time surpasses a $10$-year operational window by an order of magnitude, affirming resistance to system identification attacks.
To empirically verify control correctness, the paper compares the time series of control outputs between the encrypted and quantized controllers. When the proposed parameter selection is used, the output traces are identical to machine precision, confirming that the LWE-induced errors are below the decryption threshold and do not accumulate adversely.

Figure 2: The difference between the encrypted controller's output and that of the quantized controller.
In contrast, when parameters are weakened (with sk(k+1)=sk(k)+s(k)modq0), discrepancies in the controller output on the order of sk(k+1)=sk(k)+s(k)modq1 to sk(k+1)=sk(k)+s(k)modq2 are observed, highlighting the necessity of adhering to the theoretically derived parameter conditions.
Implications and Prospective Directions
The presented dynamic-key PQC architecture fundamentally alters the security-utility trade-off in encrypted control. By invalidating batch data accumulation strategies for adversaries, it aligns encrypted control security more closely with operational needs (control horizon, identification accuracy, adversarial quantum capability). This framework robustly closes critical gaps in prior LWE and ElGamal-based encrypted control methods, which are vulnerable under static-key or excessive error regimes.
For practitioners, this approach enables the deployment of encrypted controllers in environments targeted by both classical and quantum adversaries without incurring the performance degradation or integration brittleness of previous PQC methods. The explicit construction and parameter selection guidelines facilitate deployment in safety-critical CPS domains, including smart cities, power grids, and industrial automation.
Future research directions outlined in the paper include extending the dynamic-key update mechanism to ring-LWE schemes (e.g., BFV, CKKS), which underlie most state-of-the-art PQC systems supporting faster or approximate arithmetic, as well as generalizing to controllers beyond state-feedback and encompassing dynamic compensator structures.
Conclusion
This work advances the design of secure encrypted control systems by seamlessly integrating dynamic-key LWE encryption with quantized state-feedback control. The parameter synthesis framework ensures both decryption correctness and operational security against quantum-aided system identification attacks. The rigorous theoretical analysis, supported by comprehensive empirical results, demonstrates the feasibility and robustness of dynamic-key PQC for practical encrypted control. This enables meaningful cryptographic longevity and threat resilience in contemporary and future cyber-physical systems.
Reference: "Dynamic-Key Post-Quantum Encrypted Control Against System Identification Attacks" (2604.23564)