Encrypted Data-Driven Gain Tuning

Updated 10 December 2025

Encrypted data-driven gain tuning is a method that adjusts controller or model gains via encrypted numerical optimization, ensuring sensitive data remains concealed.
It leverages homomorphic encryption schemes like CKKS and ElGamal to perform secure algebraic operations, managing error bounds and overflow risks in computations.
The approach balances trade-offs between quantization accuracy, computational overhead, and cryptographic security, with validated applications in state-feedback, PID, and LQR tuning.

Encrypted data-driven gain tuning denotes a set of methods for synthesizing or adjusting controller or model gains using data-derived optimization or tuning algorithms where all critical data and/or parameters remain concealed via cryptographic means—almost universally homomorphic encryption—throughout the computation. This approach enables privacy-preserving control, learning, and parameter optimization outsourced to a cloud or third-party service, without revealing sensitive plant, model, or user data. The discipline encompasses cryptographically secure quantization and encoding, encrypted numerical optimization, error and overflow analysis, and explicit data-driven procedures, with rigorous trade-offs between accuracy, secrecy, communication/computation overhead, and practical engineering requirements.

1. Mathematical Foundations and Cryptographic Schemes

Encrypted data-driven gain tuning fundamentally merges system identification, data-driven controller tuning, or machine learning fine-tuning with homomorphic encryption (HE) primitives. The core requirement is to enable algebraic operations (addition/multiplication, rarely division) over encrypted (ciphertext) representations of reals, vectors, or matrices, maintaining the semantic or structural correctness of the tuning law.

Homomorphic Encryption Primitives

CKKS (Cheon-Kim-Kim-Song): Ciphertext ring $\mathbb{Z}[X]/(X^N+1)$ , supports approximate arithmetic on vectors/arrays with controllable scaling factor $\Delta$ and tunable noise growth. Enables batch processing (SIMD) and low-depth circuits. Used for control, deep learning, and model fine-tuning (Panzade et al., 14 Feb 2024, Li et al., 1 Oct 2024, Hoshino et al., 30 Oct 2025, Alexandru et al., 2020).
ElGamal (multiplicative only): Integer-based encoding via large prime modulus $p=2q+1$ , preserves multiplicative homomorphism, overflow handled explicitly via quantization/encoding. Favoured for precise, low-latency, integer-dominated computations such as data-driven state feedback tuning (Park et al., 9 Dec 2025, Hoshino et al., 30 Oct 2025).

Theoretical Model

Given an input/output dataset (from plant or user), the canonical workflow is:

Data Quantization & Encoding: Operational data $E$ , $W$ , model features, or measurement trajectories are scaled, quantized, and encoded according to $\gamma$ or $\Delta$ (scaling), then encrypted using the scheme's key.
Encrypted Computation: Tuning, optimization, or identification laws are restructured as low-depth algebraic circuits (matrix-vector multiplies, scalar products, summations), implementable via the HE backend.
Overflow and Error Control: Analytical bounds link quantizer/scaling design and ciphertext modulus to guarantee overflow-free computation and precision-governed error in gain outputs.
Decryption and Control Use: Gains or performance statistics are decrypted by the (private key) holder, never exposing plaintext data at the server.

2. Overflow, Quantization, and Parameter Design in Encrypted Gain Computation

Precise control of quantization and cipher parameters is essential for overflow-free, reliable encrypted gain computation. For confidentiality-preserving Fictitious Reference Iterative Tuning (CFRIT), explicit error and overflow bounds have been derived (Park et al., 9 Dec 2025):

Key Parameters

Symbol	Description	Source
$\gamma$	Quantization gain (scaling factor)	(Park et al., 9 Dec 2025)
$\kappa$	Security parameter (bit-length of prime $q$ )	(Park et al., 9 Dec 2025)
$q$	Ciphertext modulus $(q > 1/2 + \lceil \gamma^{n+5} \cdot (\\|E\\|_{\max} \\|W\\|_{\max}/\lambda_{\min}(\Psi))\rceil)$	(Park et al., 9 Dec 2025)
$M$	Number of scalar multiplicative terms	(Park et al., 9 Dec 2025)
$\varepsilon$	Desired tolerance in gain error	(Park et al., 9 Dec 2025)

Explicit Design Conditions

Given input/output bounds $\|E\|_{\max}$ , $\|W\|_{\max}$ , positive definite $\Psi=W^\top W$ with $\lambda_{\min}(\Psi)$ , plant order $n$ , and $N$ data points:

Accuracy requirement:

$\gamma \geq \gamma_{\min} = \frac{Mn}{\varepsilon}$

Overflow avoidance:

$q > \frac{1}{2} + \left\lceil \gamma^{n+5} \cdot \frac{\|E\|_{\max} \|W\|_{\max}}{\lambda_{\min}(\Psi)} \right\rceil$

Gain error bound:

$\|F^*_\mathcal{E}(\kappa, \gamma) - F^*\|_2 \leq \frac{M n}{\gamma}, \quad \text{always} \leq \varepsilon$

Feasible $(\kappa, \gamma)$ lie at the intersection of the admissible quantization region and the overflow exclusion boundary, visualizable in $\kappa$ vs. $\log_{10} \gamma$ plots that delineate "feasible" (overflow-free, accuracy-saturating) and "infeasible" regions (Park et al., 9 Dec 2025).

Numerical Example

For $n=4$ , $N=50$ :

$\|E\|_{\max}=0.2398$ , $\|W\|_{\max}=0.555$ , $\lambda_{\min}(\Psi)=0.0258$ , $M=4800$
Tolerance $\varepsilon=10^{-5} \implies \gamma_{\min} = 1.92 \times 10^9$
Required $\kappa=280$ (so $q \geq$ as specified above)

Resulting CFRIT and conventional FRIT gains show $\|F^*_\mathcal{E}-F^*\|_2=3.12\times 10^{-8}<\varepsilon$ , confirming no overflow or accuracy loss (Park et al., 9 Dec 2025).

3. Algorithmic Realizations and Workflows

Encrypted data-driven gain tuning algorithmic infrastructure depends on the target problem and cryptographic scheme.

CFRIT (State-Feedback Tuning)

Data owner encrypts all needed vectors/matrices (e.g., $\Gamma$ , $W$ , $\Psi$ ).
Server evaluates gain through cofactor (adjugate) expansion: $F^* = -\Gamma^\top W (\Psi)^{-1};\; (\Psi)^{-1}=|{\Psi}|^{-1}\text{adj}(\Psi)$ , implementing scalar term-wise products and sums via HE (Hoshino et al., 30 Oct 2025, Park et al., 9 Dec 2025).
Numerical error bounds and overflow analysis guide parameter selection.
Server returns (possibly batched) ciphertexts; client decrypts and recovers $F^*$ .

Encrypted Data-Driven Quadratic Control

CKKS-based pipeline solves data-driven LQR via behavioral system identification, minimizing regulated cost over encrypted Hankel-encoded trajectory slices. Inverse updating is achieved via Schur-complement, all HE-friendly (Alexandru et al., 2020).
Ciphertext packing (SIMD), ciphertext rotations, and periodic "packing refreshes" keep noise consumption minimal and enable online operation.

Encrypted Extremum-Seeking PID Tuning

Gradient-based controller gain tuning (e.g., PID) realized by only homomorphically processing additions and multiplications: finite-difference stochastic gradient approximations, relative parameter updates, and encrypted aggregation of output penalties (normalized squared error) (Schlüter et al., 2022).
Iterative updates, encrypted cost evaluations, and encrypted gain adjustments proceed over multiple rounds, with all plant outputs encrypted.

Encrypted Fine-Tuning of High-Dimensional Models

For modern ML (transformers), only a constrained set of "gains" (final classification head, LoRA adapters) are tuned under FHE on encrypted activations (Panzade et al., 14 Feb 2024, Li et al., 1 Oct 2024).
Key algorithmic steps: CKKS-encoded features, model weights; encrypted forward and loss; polynomial-approximated non-linearities and gradient computations; encrypted update rules (e.g., Nesterov).
Resource-efficient pruning of update depth, hybrid dataflow between client (feature extraction, loss decryption) and server.

4. Error Analysis, Trade-offs, and Guidelines

A central pillar of encrypted gain tuning is closed-form characterization of accuracy–security–efficiency trade-offs.

Quantization and Security Trade-off

Higher $\gamma$ lowers quantization (or encoding) error, but increases the required ciphertext modulus (and thus computational burden and key size).
Security parameter $\kappa$ or HE ring degree $N$ must jointly satisfy minimal required post-quantization dynamic range and desired cryptographic security (e.g., $128$ bits).

Computational and Communication Complexity

Domain	Ciphertext Type	Server Time / Step	Client Load	Communication
State feedback (ElGamal)	Integer	$O(M)$ mult	Decrypt + sum	$O(M)$ ctexts
State feedback (CKKS)	Vector	$O(M)$ mult/add	Decrypt	1 ctext
QP control (CKKS)	Vector-packed	$2$–$4$s/step	$<0.3$ s	$O(S)$ ctexts
PID tuning (CKKS)	Vector	$5$–$55$s/iter	2ms/enc/decrypt	KB per iter
ML fine-tuning	Vector	$3$–$38$min/epoch	Decrypt loss/hyper	MB–GB / epoch

Admissible Region Delineation

Explicitly plot or tabulate admissible $(\kappa, \gamma)$ pairs where accuracy (quantization) and cipher overflow bounds are satisfied.
For ML, encrypt only layers or parameters with tractable depth for FHE; deeper computations require bootstrapping or polynomial nonlinearity approximations.

5. Applications and Experimental Evidence

Encrypted data-driven gain tuning has been validated in a range of applications from classical control to deep learning:

CFRIT: For discrete-time state space systems (e.g., $n=4$ , $N=50$ ), encrypted tuning recovers control gains within $10^{-8}$ of plaintext FRIT values while provably avoiding overflow (Park et al., 9 Dec 2025, Hoshino et al., 30 Oct 2025).
PID Tuning: CKKS-encrypted extremum-seeking achieves $50$– $80\%$ reduction in integrated error over PID benchmarks, with final gains matching unencrypted methods, and with added robustness to encrypted noise (Schlüter et al., 2022).
Privacy-Preserving LQR: Encrypted behavioral control pipelines demonstrate less than $10^{-3}$ difference from classical outputs for practical system complexity, with $10^{3}\times$ run-time overhead but full data secrecy (Alexandru et al., 2020).
Transformer Fine-Tuning: BlindTuner achieves $<0.3\%$ accuracy loss on encrypted MNIST/CIFAR-10, with 1.5–600× speedup over older FHE approaches (Panzade et al., 14 Feb 2024). PrivTuner does not degrade model quality vs. unencrypted LoRA PEFT, while supporting joint optimization of energy, privacy, and real-world resource allocation (Li et al., 1 Oct 2024).

6. Limitations, Open Challenges, and Method Selection

Despite significant advances, encrypted data-driven gain tuning faces practical and theoretical challenges:

Ciphertext Overhead: Polynomial/factorial scaling in required multiplications or cofactor expansions, especially for high-order systems ( $n>5$ ), limits applicability; approximate inversion or iterative solvers over ciphertext are a future need (Hoshino et al., 30 Oct 2025).
Quantization/Noise Budget: CKKS approximation error, ciphertext noise growth, and bootstrapping overhead cap achievable circuit depth and, hence, the class of model/algorithm feasible under FHE (Park et al., 9 Dec 2025, Panzade et al., 14 Feb 2024).
Scheme Choice Guidance: ElGamal is advantageous for latency-critical, precise, integer-only operations but not post-quantum secure; CKKS supports approximate real arithmetic, heavy batched operations, and is lattice-based (quantum-resilient). Communication overhead is lower for CKKS due to ciphertext packing, at the expense of moderate error (Hoshino et al., 30 Oct 2025, Li et al., 1 Oct 2024).
Robustness and Attacks: No structural guarantees exist against adversarial data poisoning or compromised key exchange.
Nonlinearity and Dynamic Controller Tuning: Extending secure methods to nonlinear/dynamic controllers, general model predictive control, or complex neural architectures without exponential depth increase is an unresolved issue.

A plausible implication is that the field will see convergence toward hybrid, application-co-designed cryptographic solutions, tighter integration of encrypted iterative solvers, and combined hardware-optimized HE stacks as algorithms and cryptography mature.

References:

(Park et al., 9 Dec 2025): Quantization and Security Parameter Design for Overflow-Free Confidential FRIT (Hoshino et al., 30 Oct 2025): Confidential FRIT via Homomorphic Encryption (Schlüter et al., 2022): Encrypted extremum seeking for privacy-preserving PID tuning as-a-Service (Alexandru et al., 2020): Data-driven control on encrypted data (Panzade et al., 14 Feb 2024): I can't see it but I can Fine-tune it: On Encrypted Fine-tuning of Transformers using Fully Homomorphic Encryption (Li et al., 1 Oct 2024): PrivTuner with Homomorphic Encryption and LoRA: A P3EFT Scheme for Privacy-Preserving Parameter-Efficient Fine-Tuning of AI Foundation Models