Availability
International engagement
Scientific rigor
Picture this: you are sending your production line data to a cloud server for analysis and control. But this data is confidential – performance metrics, energy consumption, process parameters. Would you want the cloud provider to read them? Probably not. That is where homomorphic encryption comes in – a technology that allows a server to work with your data without decrypting it. It sounds like magic, but in practice, there is one snag: it is incredibly slow.
In our Munich laboratory, we encountered this problem while developing encrypted control systems for industrial plants. The classic approach required so much computing power that real-time application was out of the question. So, we approached the task from an engineering perspective: we found a way to speed up calculations using the mathematical properties of the control systems themselves.
The Problem: When Security Becomes Too Expensive
Let's start with a simple example. Imagine a thermostat in your home – it measures the temperature and adjusts the heating. This is the simplest control system: there is an input (current temperature), an output (command to increase or decrease heat), and logic in between. In industry, such systems are much more complex – they control chemical reactors, power plant turbines, and manufacturing robots.
Now imagine you want to offload the control of such a system to a remote server, but you don't want to reveal the data. To do this, you use fully homomorphic encryption – a method that allows you to add and multiply encrypted numbers, getting an encrypted result at the output. The server works with the data but doesn't know exactly what it is working with.
It sounds ideal, but there is a catch. Each multiplication operation on encrypted data takes hundreds of times longer than on unencrypted data. And a control system is a series of such operations that must be performed over and over again, at every step of the process. For a system with eight variables, the classic approach requires 64 multiplication operations at each step. If each takes, say, 10 milliseconds, then one control step will take over half a second. For many industrial processes, this is unacceptable.
The Solution: Using Data Structure
When an engineer faces a slow process, the first thing to do is figure out where time is being wasted and if anything can be simplified. We analyzed the mathematical description of control systems and noticed something important.
Control systems are described by matrices – tables of numbers that define how the system transitions from one state to another. The classic approach encrypts this entire table and performs all the multiplication operations. But what if this table could be transformed into a simpler form?
Rational Canonical Form: From Complex to Simple
In linear algebra, there is a concept called “rational canonical form” – a way to rewrite a matrix in a more orderly fashion. Imagine you have a cluttered warehouse where things are scattered everywhere. Rational canonical form is like organizing everything onto shelves, leaving only the essentials in plain sight and marking the empty spaces with zeros.
In this form, the matrix becomes sparse – most of its elements are zero. And multiplying by zero requires no computational cost. Instead of 64 multiplication operations for a system of eight variables, we only need eight. This isn't a theoretical improvement – it is a real eightfold acceleration.
Here is how it works technically. Any control system state matrix can be transformed using a change of coordinates. It's like looking at the same room from a different angle – the contents don't change, but the representation does. In the new coordinates, the matrix acquires a special structure called a companion matrix, where all elements, except for one row and the diagonal above the main one, are either zero or one.
A Practical Example: From Theory to Numbers
Let's take a concrete case – a voltage stabilization system in an electrical grid with four state variables. In the classic approach, a 4×4 transition matrix requires 16 operations of multiplying encrypted numbers. After transformation into rational canonical form, only four non-zero coefficients remain that actually need to be multiplied. The remaining operations turn into simple element permutations – in cryptographic terms, this is called rotation, and it executes many times faster.
In our experiments on real hardware (a server with an Intel Xeon processor and 32 GB of RAM), one control step for a four-variable system took 0.3–0.5 seconds using the classic approach. With the use of rational canonical form, the time dropped to 0.05–0.1 seconds. That is a fivefold acceleration.
Extra Trick: Data Packing
But we didn't stop there. The cryptosystem we use – BFV, based on the Ring Learning with Errors problem – encrypts not individual numbers, but entire polynomials. A polynomial is a mathematical expression like 3 + 5x + 2x² + 7x³. The coefficients at the powers of x are like cells in an array where you can put different numbers.
Traditionally, each number from the system's state vector (e.g., temperature values, pressure, speed) is encrypted separately. But if the system has eight variables, and the polynomial can store, say, 4096 coefficients, we are obviously using resources inefficiently. It's like driving a truck to transport a single box – the vehicle is big, but the cargo is small.
SIMD for Encryption: Lots of Data in One Go
We applied an approach known as packing, or SIMD (Single Instruction, Multiple Data). Instead of encrypting each element of the state vector separately, we pack the entire vector into one polynomial: the first coefficient of the polynomial is the first variable of the system, the second is the second, and so on.
Now, a single operation of multiplying encrypted polynomials performs several multiplications of vector elements at once. It's like loading the truck completely – you make one trip instead of eight. The number of encrypted objects that need to be manipulated drops sharply, which means the running time decreases as well.
How It Works in Practice
Let's put it all together and see what a complete encrypted control system looks like in a real-world application.
Preparation Stage (Performed Once)
Before we begin, we perform several setup steps. This happens in a secure environment where the data is not yet encrypted:
- We take the original control system matrix – that very table of coefficients that describes the process dynamics.
- We transform it into rational canonical form by calculating special transformation matrices. This is a purely mathematical operation performed once.
- We recalculate the other system matrices (input and output) in the new coordinates.
- We generate cryptographic keys: a public key for encryption, a secret key for decryption, and utility keys for special operations like rotations.
Main Control Loop (Runs Continuously)
Now the system starts working. In each cycle, the following happens:
- Sensors measure the current state of the process – for example, temperature, pressure, flow rate. This data is encrypted on-site, in a secure environment.
- The encrypted data is sent to the control server (which could be in the cloud or with a third-party operator).
- The server performs calculations on the encrypted data. It multiplies the matrix (in rational canonical form) by the state vector and adds the contribution of the control input – all without decrypting.
- The result – an encrypted control command – is sent back to the plant.
- On-site, the command is decrypted and transmitted to the actuators – valves, motors, heaters.
The key takeaway: the server performs all calculations but never sees the actual data. It doesn't know what the temperature in the reactor is or what the pressure in the pipeline is right now. It only sees encrypted numbers and operates on them according to the algorithm.
Real Numbers
We tested the system on a frequency control example in an electrical grid – a critical task where reaction time is measured in seconds. The system had eight state variables. Here is what we found:
- Classic approach (encrypting the full matrix): about 0.4 seconds per control step. For a system with a 1 Hz update rate, this is acceptable, but there is almost no time margin.
- Our approach (rational canonical form plus data packing): about 0.04 seconds per step. A tenfold acceleration.
When we increased the system dimensionality to sixteen variables, the classic approach required 256 multiplication operations – the execution time became unacceptable for real-time use. Our method still required only 16 multiplications, and the time remained within reasonable limits.
Where Can This Be Applied?
The technology isn't a universal silver bullet, but there is a whole class of tasks where it works perfectly.
Industrial Automation with Outsourcing
Many manufacturers do not want to, or cannot, maintain their own computing power for complex control. They rent cloud services. At the same time, production data is a trade secret. Encrypted control allows you to use the power of the cloud without revealing data to the provider.
A concrete example from our practice: a chemical plant in Bavaria wanted to implement an advanced predictive control system but was not ready to transfer data about mixture compositions and process parameters to an external contractor. An encrypted controller solved this problem.
Smart Energy Grids
The energy of the future involves millions of distributed sources: rooftop solar panels, home batteries, electric vehicles. Managing such a grid requires collecting huge amounts of data from consumers. But this data can reveal when you are home, when you sleep, which appliances you use – information not everyone is willing to disclose.
Encrypted control algorithms allow the grid operator to balance the load without knowing the details about each individual household. The grid operates efficiently, and privacy is preserved.
Medical Equipment and Telemedicine
Life support systems, insulin pumps, pacemakers – these are also control systems. Patient data is extremely sensitive, and regulators like the European GDPR impose strict restrictions on its processing. Encrypted algorithms allow for remote monitoring and adjustment without the risk of medical data leakage.
Limitations and What's Next
Let's be honest: the technology isn't ready for every use case yet. There are several important limitations.
Only Linear Systems
Our method works for linear control systems – those described by linear equations. Many real-world processes are nonlinear. Nonlinearity can be approximated by piecewise linear sections, but this adds complexity and complicates validation.
Noise Accumulation
Each homomorphic multiplication adds “noise” to the encrypted data. This isn't a calculation error, but a feature of cryptography – protection against hacking requires adding random noise. After a certain number of operations, the noise becomes too great, requiring a “reset” of the encryption – an operation called bootstrapping, which is very slow.
We minimized the number of operations to avoid bootstrapping in typical scenarios, but for very long cycles or deep calculations, this remains a challenge.
Infrastructure Requirements
Even an optimized system requires noticeable computing resources compared to conventional control. For embedded systems with limited power, this might be critical. But for server solutions or mid-range edge computing, it is entirely feasible.
Practical Recommendations
If you are considering implementing encrypted control, here is what you should pay attention to:
Assess If You Need It
Not every system requires encryption during operation. If your data isn't that sensitive or you can protect it in other ways (e.g., physical network isolation), traditional methods might be simpler. Homomorphic encryption is a tool for cases where data cannot be revealed, but calculations must be performed on an untrusted side.
Start with Modeling
Transforming a system into rational canonical form is a standard linear algebra operation available in computer mathematics systems, from MATLAB to Python with NumPy. Check how sparse your matrix turns out – this will give you an idea of the potential acceleration.
Choose the Right Crypto Library
We used Microsoft SEAL – a mature, well-documented open-source library. There are alternatives: HElib from IBM, PALISADE, TFHE. Each has its strengths. For control systems, SIMD packing support and efficient rotation operations are important.
Plan Performance with a Buffer
Even an optimized system is tens of times slower than an unencrypted one. Ensure you have enough time in the control loop. If the process requires an update every 10 milliseconds, and encrypted calculations take 50 milliseconds – it won't work. But if you have a second per cycle, and calculations take 100 milliseconds – that is quite realistic.
Why This Matters for the Future
We live in an era where more and more critical systems are becoming digital and networked. Energy, transport, manufacturing, healthcare – data is transmitted over networks and processed remotely everywhere. Protecting this data is a practical necessity, not an academic question.
Traditional encryption protects data during transmission and storage, but not during processing. It's like locking the warehouse door but leaving it open while movers are working inside. Homomorphic encryption closes this gap – it protects data even during calculations.
For a long time, this technology was too slow for real-world application. Our work shows that with the right approach – using the structure of control tasks rather than relying solely on the “brute force” of cryptography – performance sufficient for practical use can be achieved.
This doesn't mean that tomorrow all control systems will become encrypted. But it does mean that engineers now have a real choice: when security is critical and data cannot be revealed, there is a working solution that doesn't require supercomputers and doesn't turn a real-time system into a “real-day” system.
Energy should be as reliable as air. And the data that manages this energy should be as protected as the infrastructure itself. Now, this is possible not just in theory, but in practice.
