Papers
Topics
Authors
Recent
Search
2000 character limit reached

Secure Conformance Checking using Token-based Replay and Homomorphic Encryption

Published 28 Apr 2026 in cs.CR and cs.SE | (2604.25190v1)

Abstract: Conformance checking, one of the main process mining operations, aims to identify discrepancies between a process model and an event log. The model represents the expected behaviour, whereas the event log represents the actual process behaviour as captured in information systems' records. Traditionally, the process model and the event log are both accessible to the business analyst performing the conformance checking. However, in some contexts the log's owner may want to protect critical or sensitive information in the log and still check its conformance with respect to a model belonging to another party. In this paper, we propose a secure approach to conformance checking based on the well-known token-based replay algorithm and homomorphic encryption. An evaluation is performed using a synthetic log, showing the practicality of the proposed technique.

Summary

  • The paper introduces a privacy-preserving token-based replay mechanism leveraging fully homomorphic encryption to securely compute conformance metrics over encrypted data.
  • It redefines token-based replay as matrix operations and employs vectorized computations over encrypted markings to ensure no sensitive data is exposed.
  • Experimental results show feasible runtimes for short traces with room for optimization in scalability and ciphertext size management.

Secure Conformance Checking with Homomorphic Encryption: A Matrix-Driven Token-Based Replay Mechanism

Introduction and Context

This paper addresses the challenge of privacy-preserving conformance checking in process mining by introducing a homomorphically encrypted version of the token-based replay algorithm. Conformance checking typically requires full access to both the process model (usually represented as a Petri net) and the event log capturing observed process executions. However, scenarios increasingly arise where organizations need to verify conformance without exposing sensitive process or log data, notably in inter-organizational collaboration or when benchmarking private business operations. The proposed framework leverages fully homomorphic encryption (FHE) to facilitate conformance checking when the process model and the event log are held by mutually distrusting parties, enabling computation directly over encrypted vectors and matrices.

Technical Overview and System Architecture

The approach re-formulates the standard token-based replay conformance checking as a sequence of matrix and vector operations. The core innovation is the use of the marking equation over encrypted data to perform replay semantics in a privacy-preserving manner. The interaction involves a client-server model in which:

  • The event log owner encodes and encrypts the traces to be verified.
  • The model owner possesses the Petri net and executes the homomorphic computation of replay steps.
  • At no point does either party learn confidential information from the other; all communication is over ciphertext.

The system's architecture is visualized below. Figure 1

Figure 2: Block diagram illustrating the approach and system architecture.

Formalization and Algorithmic Contributions

Matrix Representation of Token-Based Replay

Token-based replay is redefined using matrix-multiplication semantics. Petri nets are encoded via their incidence matrix N\mathbf{N}, while markings and sequences are represented as (possibly encrypted) vectors. Every step of the replay is realized as an update of the marking vector by

M′=M+N⋅σT\mathbf{M}^\prime = \mathbf{M} + \mathbf{N} \cdot \boldsymbol{\sigma}^T

where σ\boldsymbol{\sigma} encodes the (possibly silent) transition firing sequence required to effectuate a log event in the Petri net. The algorithm systematically handles silent (τ) transitions and both fitting and non-fitting traces, including token manipulation to accommodate discrepancies.

Secure Handling of Unfitting Traces

When a transition is not directly enabled in the current marking, the algorithm computes and inserts the necessary "missing" tokens homomorphically. Matrix P\mathcal{P} precomputes all preset patterns for model transitions, and the encrypted computation systematically augments the marking when discrepancies (conformance deviations) are detected.

Encrypted Fitness Metric Calculation

Fitness metrics are homomorphically computed, specifically the number of produced, consumed, missing, and remaining tokens (pp, cc, mm, rr) as per the classical token-based replay fitness definition. The algorithm employs multiset difference, min/max operations, and dynamic marking vector normalization, all executed over ciphertext to prevent information leakage.

Conditional-Avoidant Homomorphic Logic

Due to the non-determinism required for security in FHE settings, the approach avoids conditional branching. The algorithm leverages vectorized selectors, such as the indicator vector sel\mathbf{sel}, and arithmetic-based control flows to select between multiple possible update scenarios without leaking trace-specific information through control flow.

Experimental Validation and Numerical Results

The prototype, implemented with Zama’s Concrete FHE Python library, was evaluated using synthetic logs and a pedagogical process model. Four experimental variants were constructed: cleartext/secure for both the simple replay and full fitness computation.

Strong numerical results are characterized by:

  • End-to-end secure conformance checking, including replay and fitness computation, completed in under one minute (typically 7.8 to 37.4 seconds for traces of length 5 to 13).
  • For the most involved computation—returning all token counts (pp, M′=M+N⋅σT\mathbf{M}^\prime = \mathbf{M} + \mathbf{N} \cdot \boldsymbol{\sigma}^T0, M′=M+N⋅σT\mathbf{M}^\prime = \mathbf{M} + \mathbf{N} \cdot \boldsymbol{\sigma}^T1, M′=M+N⋅σT\mathbf{M}^\prime = \mathbf{M} + \mathbf{N} \cdot \boldsymbol{\sigma}^T2)—the runtime increased substantially to between 35 and 84 minutes, attributed to the ciphertext expansion for higher-precision integer results in the FHE backend.
  • All computations preserve strict privacy: neither the event log nor process model details are revealed outside their owning party, and all intermediate computation remains encrypted.

Implications and Future Directions

This work demonstrates the feasibility of secure, privacy-preserving conformance checking in contexts where business secrets or regulatory requirements preclude direct log or model sharing. The approach is practically relevant for inter-organizational auditing, privacy-sensitive supply chains, and benchmarking where disclosure is unacceptable. The full vectorized and conditional-agnostic design ensures compatibility with modern FHE toolkits and paves the way for integration with secure multi-party computation (MPC) methods.

Notably, performance remains a limiting factor, especially for full token count computation with wider integer ranges. Further work is necessary to optimize ciphertext size management, perhaps by adopting ciphertext packing, domain-specific encoding, or alternative bootstrapping techniques. Adopting lightweight token-counting approximations or incremental aggregation outside the encrypted domain could provide additional efficiency. Extending evaluation to realistic, large-scale logs and multi-party infrastructures will be required for adoption in enterprise scenarios.

Conclusion

A novel secure conformance checking protocol for Petri net-based process models is introduced, built on homomorphic encryption and a matrix-driven, vectorized form of token-based replay. The system provides robust privacy guarantees and demonstrates feasible, though not yet competitive, runtime performance under FHE. This approach lays the foundation for broader adoption of privacy-preserving process mining, particularly in sectors requiring compliance with strict data protection requirements. Future research will address performance, real-world deployment, and resilience to additional inference attacks.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.