- The paper introduces an end-to-end encrypted control pipeline using CKKS FHE, ensuring complete privacy in multi-agent coordination.
- It establishes a closed-form error bound that links encryption-induced noise and bootstrapping effects to consensus control accuracy.
- Empirical evaluations confirm that encrypted trajectories closely mirror plaintext performance with minimal computational overhead.
End-to-End Encrypted Control for Multi-Agent Coordination via CKKS FHE
Introduction and Motivation
The paper "An End-to-End Encrypted Control Pipeline for Multi-Agent Coordination via CKKS Homomorphic Encryption" (2606.07375) presents a comprehensive framework for cloud-based, privacy-preserving multi-agent coordination using CKKS fully homomorphic encryption (FHE). Cloud control architectures require sharing agent state information with a central coordinator, which fundamentally conflicts with the privacy constraints inherent to many real-world applications, including regulated, adversarial, or competitive domains.
The paper's key contribution lies in realizing the full control loop—including encrypted sensing, state estimation, propagation, consensus control, and actuation—exclusively with CKKS-permissible arithmetic primitives (addition, multiplication, cyclic rotation). Strong emphasis is placed on quantifying encryption-induced errors, formalizing a tradeoff between privacy, computational cost, and control accuracy. This is achieved through an explicit closed-form bound that relates tracking performance to encryption parameters, bootstrapping schedule, and system spectral radius.
Figure 1: Overview of the encrypted control pipeline, highlighting fully homomorphic processing at every stage.
System Architecture and CKKS Constraints
CKKS Arithmetic Model
CKKS encryption is leveraged for its compatibility with approximate real-number vector arithmetic, providing element-wise addition, Hadamard multiplication, and cyclic rotations. Notably, only plaintext-ciphertext operations are efficiently supported, motivating offloading all possible computations (gain calculations, reference trajectories, etc.) to plaintext, and encrypting only agent-dependent, privacy-sensitive variables. This approach leverages the inherent cost asymmetry in CKKS schemes.
Residual noise is inherent to CKKS arithmetic, with multiplications and especially periodic bootstrapping (required to refresh ciphertext "levels") introducing bounded error. Bootstrapping is modeled as a discrete-time impulsive disturbance with significantly larger magnitude than routine arithmetic errors, fundamentally determining achievable steady-state accuracy under continual encrypted operation.
Multi-Agent Model and Consensus Law
The multi-agent plant is modeled as M discrete-time LTI agents under stabilizability and detectability assumptions. The encrypted control law is a classical consensus-plus-tracking scheme, assembled atop precomputed block-diagonal system matrices and exploiting the algebraic structure of communication graph Laplacians. The Laplacian application is realized via the diagonal method, where cost is set by the number of nonzero cyclic diagonals rather than overall matrix density, thus capturing efficiency gains from sparse, structured topologies.
Figure 2: Communication topologies analyzed (M=9 agents): ring, torus, and complete graphs.
Pipeline Realization: Stages and Computation
The pipeline comprises the following encrypted stages, executed per control cycle:
- Encrypted Sensing: Agents encrypt and transmit their local noisy measurements, tightly packed into a single vectorized ciphertext.
- Encrypted State Estimation: The cloud applies a steady-state Kalman filter with all gains precomputed offline, avoiding the need for non-CKKS-compliant operations like online matrix inversion. All observer matvecs are performed with the block-diagonal structure efficiently mapped to cyclic diagonals.
- Encrypted State Propagation: Propagation uses the system matrix in plaintext, with operation cost defined by plaintext-ciphertext multiplication depth.
- Encrypted Consensus Control: The controller applies consensus coupling (Laplacian) and tracking gains. For the critical consensus stage, the diagonal method or specialized circshift primitives minimize cost for topologies like the ring.
- Decryption and Actuation: Encrypted control inputs are sent to the agents for local decryption and actuation.
Topological flexibility is enabled by the diagonal method, permitting identical encrypted code to efficiently handle ring, torus, and complete-graph Laplacians by adapting only the mask structure for cyclic diagonals.
Error Analysis: Quantifying Privacy-Accuracy Tradeoffs
Central to the paper's contribution is the rigorous analysis of encryption noise and its propagation in the closed-loop system. The approach explicitly models per-operation arithmetic noise and bootstrapping events, invoking the separation principle to reduce analysis to a single Mn-dimensional recursion.
Key result: The paper provides a closed-form bound on steady-state tracking error,
ϵss=1−ρclTbootδˉeff
where δˉeff encodes bootstrapping-induced error and observer coupling, and ρcl and Tboot are the closed-loop spectral radius and bootstrapping period, respectively.
Figure 3: CKKS-induced gap ∣enc−pt∣ for consensus and closed-loop pipeline, illustrating error accumulation patterns across topologies.
Implications:
- The error bound reveals sensitivity to the spectral radius, highlighting the importance of pole placement for encrypted control robustness.
- The analysis demonstrates "self-healing": contraction of error between bootstrapping events dominates over accumulated arithmetic noise, provided system stability and sufficient dwell time.
The analysis also demonstrates that system design must jointly optimize CKKS parameters, control gains, and bootstrapping schedule to balance privacy, computational cost, and tracking performance. Overall, closed-loop encrypted control is shown to maintain stable and quantifiable operation, with strong guarantees against divergence or information leakage.
Empirical Evaluation
The pipeline is validated on formation control tasks using M=9 double-integrator agents, comparing ring, torus, and complete topologies. All control, estimation, and consensus steps are performed homomorphically via CKKS using OpenFHE.jl and SecureArithmetic.jl.
Numerical findings:
Observed per-step computation times (order of seconds for M=92 state) restrict current applicability to slow-control supervisory loops. However, ongoing FHE hardware acceleration developments may yield substantial speedups in the near future.
Theoretical and Practical Implications
This work places end-to-end encrypted multi-agent control on an explicit theoretical footing, connecting cryptosystem choices and encrypted computation costs directly to closed-loop performance guarantees. The presented periodic bootstrapping model is broadly applicable to encrypted dynamical systems using CKKS and similar FHE schemes, and the diagonal method extends encrypted control to a wide class of consensus graphs with minimal code change.
On the practical side, the findings establish viability for privacy-preserving cloud coordination in sectors with strict data-sharing constraints, such as cross-organization logistics, coalition robotics, and regulated autonomous fleets. The approach achieves this without compromising system-theoretic stability or robustness.
Moreover, the modular pipeline design opens avenues for further developments:
- Nonlinear dynamics: via encrypted polynomial approximations;
- Encrypted MPC: using fixed-iteration ADMM on ciphertext data;
- True multi-party computation: leveraging multi-key CKKS schemes;
- Encrypted dynamic feedback: via operator splitting and encrypted gain matrices.
Conclusion
The paper establishes a rigorous, unified framework for fully encrypted multi-agent control pipelines, addressing the entire sensing-to-actuation cycle under the arithmetic restrictions imposed by CKKS FHE. By explicitly identifying and analyzing the effect of encryption noise and proposing scalable methods for consensus computation, the work enables verifiable privacy-preserving control in multi-agent systems. The connecting of tracking accuracy to cryptosystem and control design parameters provides practitioners with actionable design equations. Ongoing and future FHE acceleration, algorithmic and hardware advances, and expansion to nonlinear or distributed scenarios stand to further broaden the reach of this methodology.