Dynamic Encrypted Control

Updated 27 October 2025

Dynamic Encrypted Control is an approach that computes control actions on encrypted data, ensuring privacy and robust performance in cyber-physical systems.
It integrates homomorphic encryption, secret sharing, bootstrapping, and periodic resets to manage noise growth, quantization issues, and maintain closed-loop stability.
Applications span cloud-based control, distributed multi-agent systems, and industrial automation, balancing computational overhead with security and performance.

Dynamic encrypted control refers to the real-time control of dynamic systems in which all or part of the controller’s computations are performed directly on encrypted data, maintaining confidentiality of system states, control actions, and/or model parameters throughout all computational and communication steps. The development of dynamic encrypted control is driven by the need to ensure privacy and data security in cyber-physical systems subjected to untrusted communication networks or computing environments, such as cloud-based control, distributed multi-agent systems, and networked industrial processes.

Implementing dynamic controllers over encrypted data introduces significant challenges beyond those encountered in static (memoryless) encrypted computations. These challenges include noise growth in ciphertexts, finite computational budgets dictated by the underlying cryptosystem, quantization and scaling artifacts, and the need to preserve both real-time performance and closed-loop stability. Research has led to a variety of methodological innovations, performance analyses, and practical deployment strategies.

1. Control and Encryption Scheme Architectures

Dynamic encrypted control schemes rely on cryptosystems that support at least partially homomorphic operations. The most widely used families are additively homomorphic (e.g., Paillier), somewhat/leveled/fully homomorphic encryption (e.g., Learning With Errors (LWE)-based, GSW-LWE, RLWE, CKKS, BFV), and secret sharing or multi-party computation.

Encrypted controllers can be deployed in various computational architectures:

Centralized Cloud-Based Control: All signals (e.g., plant outputs) are encrypted at the remote site, sent over the network, processed in the encrypted domain by a cloud-based controller, and the resulting control input—still encrypted—is returned and decrypted only at the trusted actuator.
Distributed Multi-Agent Systems: Each agent may encrypt its own state or input, and encrypted data is exchanged among agents according to a secure consensus or distributed optimization protocol (Binfet et al., 18 Dec 2024).
Two-Party Computation/Secret Sharing: The controller state and computations are secret-shared between two or more servers to avoid a single point of compromise; computation proceeds using secure arithmetic protocols (Teranishi et al., 4 Mar 2025).

A key architectural choice is whether the controller maintains its internal state in encrypted form (enabling perpetual operation, but with vulnerability to noise accumulation and overflow) or recasts the dynamic update so that only a finite window of prior signals is required (“memory-limited” representations).

2. Algorithmic Approaches and Controller Representations

Several major approaches to dynamic encrypted control have been established:

(a) Integer Reformulation via State Transformation

Controllers are converted to operate over modular integer arithmetic, avoiding the need for repeated multiplication by non-integer factors. This is achieved through a suitable similarity transformation and, if necessary, by introducing auxiliary signals so that the state update matrix is integer-valued (Kim et al., 2019, Kim et al., 2022). The resulting update equations are:

$z(t+1) = F' z(t) + G' y(t) + P' r(t) + R u(t) \pmod{q}$

where all matrices are integer, eliminating scaling and division artifacts.

(b) Observer-Form and Input-Output (Memory-Limited) Representations

Rather than storing and recursively updating an encrypted state, the controller’s output is represented as a linear (or polynomial) function of a bounded, finite number of past inputs and outputs:

$u(k) = \sum_{i=1}^{n} [ H_{\mathcal{Y}, i} y(k-i) + H_{\mathcal{U}, i} u(k-i) ]$

This allows the controller to operate for infinite time horizons, provided that all “fresh” ciphertexts are re-encrypted after decryption at each step, avoiding noise accumulation typical in recursive (stateful) schemes (Teranishi et al., 2021, Lee et al., 2023). For nonlinear systems, if the system can be converted into observable canonical form, similar representations apply (Kim et al., 2021).

(c) FIR Approximation

Dynamic (IIR) controllers are replaced by finite impulse response (FIR) controllers, where the control input is a function of a finite window of past measurements—ideally approximating the original controller to a prescribed accuracy:

$u_f(k) = \sum_{j=0}^{N} F_j y(k-j)$

This approach enables operation for unlimited time while limiting the homomorphic arithmetic depth to one, as no recursive accumulation is present (Schlüter et al., 2021).

(d) Bootstrapping and Refresh Techniques

Bootstrapping in the cryptosystem context “refreshes” encrypted states by homomorphically evaluating the decryption (or modulus reduction) operation via a polynomial approximation, thereby resetting the noise and scaling to allow further recursive computations (Schlor et al., 27 Mar 2024). An explicit robust control analysis models the error introduced by bootstrapping as a sector-bounded static uncertainty, for which standard Lyapunov and LMI techniques provide stability and performance guarantees.

(e) Periodic State Reset

Controllers are periodically reset (e.g., state set to zero, or re-encrypted) to prevent overflow and excessive quantization errors in the encrypted domain (Murguia et al., 2018). The reset period is included in the stability and performance design via LMIs and Lyapunov functionals.

Instead of relying on homomorphic encryption, the controller’s state, signals, and parameters are maintained as secret shares across two servers. Fixed-point truncation is performed using two-party protocols without revealing private data to either party; the protocol achieves statistical security and unlimited operation without periodic decryption (Teranishi et al., 4 Mar 2025).

3. Core Performance, Security, and Stability Results

Stability and Performance

In all approaches, it is critical to quantify and bound the performance loss and to guarantee closed-loop stability despite errors induced by quantization, encryption, and periodic refreshing. Lyapunov-based arguments and linear matrix inequalities (LMIs) are widely used for this purpose:

For periodically reset controllers, the Lyapunov function must decrease on average over the refresh cycle, factoring in transient performance loss at resets (Murguia et al., 2018, Schlor et al., 20 Oct 2025).
Bootstrapping is modeled as a static sector-bounded uncertainty; a lifted robust control framework reduces conservatism by reflecting the periodic (rather than continuous) nature of bootstrapping-induced errors. The existence of a common Lyapunov function and a feasibility LMI implies both stability and performance guarantees (Schlor et al., 27 Mar 2024).
Quantization and injected encryption noise are handled by ensuring that the closed-loop system is input-to-state stable with respect to small perturbations, and the controller’s parameters (precision, scaling factor, modulus) are chosen to ensure the error remains below a specified threshold (Kim et al., 2019, Teranishi et al., 2021, Lee et al., 2023).

Security Guarantees

Security is grounded in the chosen cryptosystem (e.g., Paillier, LWE/GSW/RLWE-based schemes). Modulo arithmetic and randomization ensure data confidentiality under standard cryptographic hardness assumptions (e.g., the difficulty of LWE, the semantic security of Paillier). In distributed and multi-agent encrypted optimization, key-switching and additional layers (e.g., symmetric encryption) are used to ensure only authorized agents can decrypt their portions of the solution while all other data remain hidden (Binfet et al., 18 Dec 2024, Yan et al., 2020).

Communication and Computation Overheads

Encrypted dynamic control typically increases both computation and communication overheads. Heuristic and theoretical comparisons illustrate trade-offs between different approaches (Schlor et al., 20 Oct 2025):

Bootstrapping enables unlimited recursion but at significant computational cost (often seconds per refresh).
Periodic reset and FIR controllers require less computation and no bootstrapping, but may incur transient performance loss or approximation error.
Integer reformulation and memory-limited representations (input-output, FIR) offer high efficiency at the expense of controller design generality or accuracy.

Packing and batching techniques (e.g., NTT-based in RLWE cryptosystems) and efficient coefficient encoding reduce computation per step, enabling real-time performance (with reported average computation times 10–20 ms per step for moderate system dimension) (Jang et al., 18 Apr 2025).

4. Applications and Practical Implementation

Dynamic encrypted control has been demonstrated in a range of application contexts:

Confidential Multi-Hop Networking: Integrating secrecy constraints into network utility maximization via dynamic encoding, virtual queues, and multipath diversity (Sarikaya et al., 2013).
Cloud-Based/Remote Control: Secure remote control and observer-based stabilization with encrypted execution on untrusted servers, including efficient anomaly detection with residue signal disclosure via zero dynamics (Jang et al., 3 Apr 2024).
Distributed Cooperative Control: Secure consensus via homomorphically encrypted ADMM optimization, enabling cooperative control (e.g., robot formation) with privacy of all local and neighbor-related data (Binfet et al., 18 Dec 2024).
Data-Driven Control as a Service: Encrypted quadratic programming for behavioral LQR over encrypted trajectories, with batching and structure exploitation for efficient computation (Alexandru et al., 2020).
Simulation Toolkits: Open-source implementations using libraries such as Lattigo (supporting RLWE-based cryptosystems), with detailed guidelines for parameter selection, packing strategies, and efficient matrix-vector arithmetic (Jang et al., 18 Apr 2025).
Observer-Based and PID Controllers: Feasible demonstrations covering both linear observers and PID controllers in encrypted and secret-sharing settings (Teranishi et al., 4 Mar 2025, Nguyen et al., 2023).

The application of dynamic encrypted control is found in networked industrial automation, smart grids, intelligent transportation, decentralized robotics, and any cyber-physical system vulnerable to data leakage or external attack.

5. Comparative Analysis of Methods

Systematic performance analyses, often using a unified Lyapunov and quadratic cost framework, allow direct comparison of bootstrapping, periodic resets, integer reformulations, and FIR-based designs (Schlor et al., 20 Oct 2025):

Method	Unlimited Operation	Computational Overhead	Performance Proximity to Baseline	Error/Noise Handling
Bootstrapping	Yes	High (per refresh)	Highest	Controlled sector uncertainty
Periodic Reset	Infinite (w/resets)	Modest (per reset)	Transient drops at resets	State inbox refresh errors
FIR Approximation	Yes	Low	Slightly lower; design-dependent	Built-in approximate memory
Integer Reform.	Yes	Low	Very close (if possible)	Integer quantization limits

The choice of methodology depends on system requirements (e.g., real-time constraints, required fidelity, security level), available computation/communication resources, plant/controller structure, and regulatory or privacy requirements.

6. Recent Developments and Future Directions

Contemporary efforts focus on further reducing computational load via efficient packing, batching, and SIMD-style operations in RLWE- and CKKS-based implementations, and exploiting secret-sharing for statistically secure protocols with minimal required communication (Jang et al., 18 Apr 2025, Teranishi et al., 4 Mar 2025).

Privacy-preserving distributed optimization opens new possibilities for secure cooperative control, extending encrypted control architectures beyond centralized or cloud-based schemes (Binfet et al., 18 Dec 2024). Similarly, schemes enabling selective or partial disclosure (e.g., revealing only a residue for anomaly detection) expand encrypted control to event-based and security-monitoring scenarios (Jang et al., 3 Apr 2024).

Another theme is the systematic integration of robust control theory with cryptographic modeling, providing explicit stability and performance guarantees despite the errors induced by cryptographic primitives (e.g., bootstrapping as sector-bounded static uncertainty) and the periodicity of reset/refresh mechanisms (Schlor et al., 27 Mar 2024).

Longer-term research is expected to address encrypted control for nonlinear systems, scalable distributed control in large networks, adaptive or learning-based encrypted controllers, and joint control and privacy in hybrid frameworks combining homomorphic encryption, secure multi-party computation, and hardware-based security primitives.

7. Impact and Ongoing Challenges

Dynamic encrypted control has become integral to architectures requiring both high-performance control and strong confidentiality guarantees. The methods and analyses summarized above provide a rigorous foundation for practical deployment.

Challenges remain in scaling to high-dimensional and high-speed systems due to the inherent computational and communication overheads of cryptographic operations, and in designing encrypted controllers for inherently nonlinear, time-varying, or data-driven settings under strict security and real-time constraints.

Ongoing efforts to unify robust control and cryptographic guarantees, advance efficient cryptographic primitives, and develop practical toolkits for encrypted control signal a continued expansion of the field’s impact on secure cyber-physical systems.