Papers
Topics
Authors
Recent
Search
2000 character limit reached

An End-to-End Encrypted Control Pipeline for Multi-Agent Coordination via CKKS Homomorphic Encryption

Published 5 Jun 2026 in eess.SY and cs.CR | (2606.07375v1)

Abstract: Cloud-based coordination of multi-agent systems requires sharing state with a central server, creating a conflict between coordination and privacy. Fully homomorphic encryption (FHE) resolves this in principle, but its severe arithmetic constraints demand that every stage of the control loop be redesigned from first principles. We present an end-to-end encrypted control pipeline in which sensing, state estimation, state propagation, and consensus control all operate on CKKS-encrypted data using only addition, multiplication, and cyclic rotation. In order to overcome the computational challenges of FHE, we employ steady-state Kalman gains instead of solving for the matrices online and graph Laplacians are applied via the diagonal method at a cost proportional to the number of nonzero cyclic diagonals, accommodating ring, torus, and complete-graph topologies within a unified framework. To quantify the cumulative effect of encryption noise, we use the separation principle to decouple controller and observer error dynamics and derive a periodic bootstrapping bound in which CKKS bootstrapping acts as an impulsive disturbance; the resulting steady-state error ball depends on the bootstrapping precision and the closed-loop spectral radius, providing a direct design equation for the privacy-accuracy tradeoff. The pipeline is validated on a multi-agent formation control scenario, confirming stable closed-loop operation under encryption with bounded tracking error.

Summary

  • The paper introduces an end-to-end encrypted control pipeline using CKKS FHE, ensuring complete privacy in multi-agent coordination.
  • It establishes a closed-form error bound that links encryption-induced noise and bootstrapping effects to consensus control accuracy.
  • Empirical evaluations confirm that encrypted trajectories closely mirror plaintext performance with minimal computational overhead.

End-to-End Encrypted Control for Multi-Agent Coordination via CKKS FHE

Introduction and Motivation

The paper "An End-to-End Encrypted Control Pipeline for Multi-Agent Coordination via CKKS Homomorphic Encryption" (2606.07375) presents a comprehensive framework for cloud-based, privacy-preserving multi-agent coordination using CKKS fully homomorphic encryption (FHE). Cloud control architectures require sharing agent state information with a central coordinator, which fundamentally conflicts with the privacy constraints inherent to many real-world applications, including regulated, adversarial, or competitive domains.

The paper's key contribution lies in realizing the full control loop—including encrypted sensing, state estimation, propagation, consensus control, and actuation—exclusively with CKKS-permissible arithmetic primitives (addition, multiplication, cyclic rotation). Strong emphasis is placed on quantifying encryption-induced errors, formalizing a tradeoff between privacy, computational cost, and control accuracy. This is achieved through an explicit closed-form bound that relates tracking performance to encryption parameters, bootstrapping schedule, and system spectral radius. Figure 1

Figure 1: Overview of the encrypted control pipeline, highlighting fully homomorphic processing at every stage.

System Architecture and CKKS Constraints

CKKS Arithmetic Model

CKKS encryption is leveraged for its compatibility with approximate real-number vector arithmetic, providing element-wise addition, Hadamard multiplication, and cyclic rotations. Notably, only plaintext-ciphertext operations are efficiently supported, motivating offloading all possible computations (gain calculations, reference trajectories, etc.) to plaintext, and encrypting only agent-dependent, privacy-sensitive variables. This approach leverages the inherent cost asymmetry in CKKS schemes.

Residual noise is inherent to CKKS arithmetic, with multiplications and especially periodic bootstrapping (required to refresh ciphertext "levels") introducing bounded error. Bootstrapping is modeled as a discrete-time impulsive disturbance with significantly larger magnitude than routine arithmetic errors, fundamentally determining achievable steady-state accuracy under continual encrypted operation.

Multi-Agent Model and Consensus Law

The multi-agent plant is modeled as MM discrete-time LTI agents under stabilizability and detectability assumptions. The encrypted control law is a classical consensus-plus-tracking scheme, assembled atop precomputed block-diagonal system matrices and exploiting the algebraic structure of communication graph Laplacians. The Laplacian application is realized via the diagonal method, where cost is set by the number of nonzero cyclic diagonals rather than overall matrix density, thus capturing efficiency gains from sparse, structured topologies. Figure 2

Figure 2: Communication topologies analyzed (M=9M=9 agents): ring, torus, and complete graphs.

Pipeline Realization: Stages and Computation

The pipeline comprises the following encrypted stages, executed per control cycle:

  1. Encrypted Sensing: Agents encrypt and transmit their local noisy measurements, tightly packed into a single vectorized ciphertext.
  2. Encrypted State Estimation: The cloud applies a steady-state Kalman filter with all gains precomputed offline, avoiding the need for non-CKKS-compliant operations like online matrix inversion. All observer matvecs are performed with the block-diagonal structure efficiently mapped to cyclic diagonals.
  3. Encrypted State Propagation: Propagation uses the system matrix in plaintext, with operation cost defined by plaintext-ciphertext multiplication depth.
  4. Encrypted Consensus Control: The controller applies consensus coupling (Laplacian) and tracking gains. For the critical consensus stage, the diagonal method or specialized circshift primitives minimize cost for topologies like the ring.
  5. Decryption and Actuation: Encrypted control inputs are sent to the agents for local decryption and actuation.

Topological flexibility is enabled by the diagonal method, permitting identical encrypted code to efficiently handle ring, torus, and complete-graph Laplacians by adapting only the mask structure for cyclic diagonals.

Error Analysis: Quantifying Privacy-Accuracy Tradeoffs

Central to the paper's contribution is the rigorous analysis of encryption noise and its propagation in the closed-loop system. The approach explicitly models per-operation arithmetic noise and bootstrapping events, invoking the separation principle to reduce analysis to a single MnMn-dimensional recursion.

Key result: The paper provides a closed-form bound on steady-state tracking error,

ϵss=δˉeff1ρclTboot\epsilon_{\mathrm{ss}} = \frac{\bar\delta_{\mathrm{eff}}}{1 - \rho_{\mathrm{cl}}^{T_\mathrm{boot}}}

where δˉeff\bar\delta_{\mathrm{eff}} encodes bootstrapping-induced error and observer coupling, and ρcl\rho_{\mathrm{cl}} and TbootT_\mathrm{boot} are the closed-loop spectral radius and bootstrapping period, respectively. Figure 3

Figure 3: CKKS-induced gap encpt|\text{enc} - \text{pt}| for consensus and closed-loop pipeline, illustrating error accumulation patterns across topologies.

Implications:

  • The error bound reveals sensitivity to the spectral radius, highlighting the importance of pole placement for encrypted control robustness.
  • The analysis demonstrates "self-healing": contraction of error between bootstrapping events dominates over accumulated arithmetic noise, provided system stability and sufficient dwell time.

The analysis also demonstrates that system design must jointly optimize CKKS parameters, control gains, and bootstrapping schedule to balance privacy, computational cost, and tracking performance. Overall, closed-loop encrypted control is shown to maintain stable and quantifiable operation, with strong guarantees against divergence or information leakage.

Empirical Evaluation

The pipeline is validated on formation control tasks using M=9M=9 double-integrator agents, comparing ring, torus, and complete topologies. All control, estimation, and consensus steps are performed homomorphically via CKKS using OpenFHE.jl and SecureArithmetic.jl.

Numerical findings:

  • Encrypted closed-loop trajectories are nearly indistinguishable from plaintext, with the encryption-induced error remaining at 10610^{-6}M=9M=90 depending on scenario and stage.
  • Laplacian and block-diagonal observer matvec costs scale linearly with cyclic diagonal count, confirming theoretical predictions.
  • The critical consensus module is shown to cost only zero multiplicative depth for rings (using circshift), increasing modestly for denser torus/complete graphs. Figure 4

    Figure 4: Formation control validation — (a) encrypted agents in ring topology converge to a M=9M=91 target; (b) formation tracking error for each topology, with encrypted and plaintext runs nearly coincident.

Observed per-step computation times (order of seconds for M=9M=92 state) restrict current applicability to slow-control supervisory loops. However, ongoing FHE hardware acceleration developments may yield substantial speedups in the near future.

Theoretical and Practical Implications

This work places end-to-end encrypted multi-agent control on an explicit theoretical footing, connecting cryptosystem choices and encrypted computation costs directly to closed-loop performance guarantees. The presented periodic bootstrapping model is broadly applicable to encrypted dynamical systems using CKKS and similar FHE schemes, and the diagonal method extends encrypted control to a wide class of consensus graphs with minimal code change.

On the practical side, the findings establish viability for privacy-preserving cloud coordination in sectors with strict data-sharing constraints, such as cross-organization logistics, coalition robotics, and regulated autonomous fleets. The approach achieves this without compromising system-theoretic stability or robustness.

Moreover, the modular pipeline design opens avenues for further developments:

  • Nonlinear dynamics: via encrypted polynomial approximations;
  • Encrypted MPC: using fixed-iteration ADMM on ciphertext data;
  • True multi-party computation: leveraging multi-key CKKS schemes;
  • Encrypted dynamic feedback: via operator splitting and encrypted gain matrices.

Conclusion

The paper establishes a rigorous, unified framework for fully encrypted multi-agent control pipelines, addressing the entire sensing-to-actuation cycle under the arithmetic restrictions imposed by CKKS FHE. By explicitly identifying and analyzing the effect of encryption noise and proposing scalable methods for consensus computation, the work enables verifiable privacy-preserving control in multi-agent systems. The connecting of tracking accuracy to cryptosystem and control design parameters provides practitioners with actionable design equations. Ongoing and future FHE acceleration, algorithmic and hardware advances, and expansion to nonlinear or distributed scenarios stand to further broaden the reach of this methodology.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.