arxiv: 2605.14230 · v1 · submitted 2026-05-14 · 💻 cs.CR · cs.SY· eess.SY

Recognition: no theorem link

On the (non-)resilience of encrypted controllers to covert attacks

Philipp Binfet , Janis Adamek , Moritz Schulze Darup

Authors on Pith no claims yet

Pith reviewed 2026-05-15 02:49 UTC · model grok-4.3

classification 💻 cs.CR cs.SYeess.SY

keywords encrypted controlhomomorphic encryptioncovert attacksnetworked control systemsverifiable computationmalleabilityintegrity attacks

0 comments

The pith

Networked control systems using encrypted controllers remain vulnerable to covert attacks because public-key homomorphic encryption is malleable.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that confidentiality through homomorphic encryption in networked control systems does not protect against covert attacks on the closed loop. The same mathematical properties that let the controller run on encrypted data also let an attacker craft new valid ciphertexts that steer the plant toward a hidden target state. This vulnerability holds even when the attacker has no knowledge of the unencrypted model or controller. The authors therefore conclude that encryption alone cannot solve the integrity problem and must be paired with verifiable computation to restore resilience. The added verification runs without increasing communication cost and remains asymptotically secure.

Core claim

We demonstrate that NCS are vulnerable to covert attacks, even when encrypted control is employed. Remarkably, this remains possible without knowledge of an unencrypted model. Yet, resilience to such attacks can still be achieved through complementary techniques. We present an approach based on verifiable computation that integrates with modern homomorphic cryptosystems and is asymptotically secure while incurring no communication overhead.

What carries the argument

Malleability of public-key homomorphic encryption schemes, which permits an attacker to produce new valid ciphertexts that induce a chosen covert effect on the closed-loop dynamics.

If this is right

Covert attacks remain feasible on encrypted controllers without any unencrypted model information.
Public-key homomorphic encryption by itself cannot guarantee integrity against integrity attacks in closed-loop control.
Verifiable computation can be combined with existing homomorphic schemes to detect or prevent such attacks.
The combined scheme adds no extra communication rounds or data volume.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Designers of encrypted control schemes must treat the encryption's algebraic properties as a potential attack surface rather than only a computational tool.
The same malleability issue may appear in other control applications that outsource computation via public-key homomorphic encryption.
Real-time implementations could be tested by measuring whether the verifiable layer adds detectable latency under typical sampling rates.
The result suggests examining whether similar vulnerabilities exist in other privacy-preserving control architectures that rely on homomorphic properties.

Load-bearing premise

An attacker can exploit the algebraic structure of public-key homomorphic encryption to create ciphertexts that the encrypted controller will accept and that produce the intended hidden change in plant behavior.

What would settle it

An experiment in which an attacker, given only the public key and the encrypted controller code, produces a sequence of modified ciphertexts that drive a known linear plant to a secret target state while the encrypted detection test reports no anomaly.

Figures

Figures reproduced from arXiv: 2605.14230 by Janis Adamek, Moritz Schulze Darup, Philipp Binfet.

**Figure 1.** Figure 1: Covert attack strategy using the homomorphisms of an encrypted NCS. behaves as the actual system output y(k) would in the attack-free case, where u(k) = uc(k). Specifying the attack is straightforward for linear system dynamics of the form x(k + 1) = Ax(k) + Bu(k), x(0) := x0 y(k) = Cx(k). The unmodified system output at time step k then is y0(k) := C [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗

**Figure 3.** Figure 3: Secure computation pipelines for evaluating h, without (a) and with (b) verification. Double-outlined boxes denote server-side operations. specified below. Setup(N, d, h) Choose an even expansion factor λ ∈ 2N such that λd ≤ N/2 and a detection threshold ε > 0. Generate M ∈ N challenge values ci , precompute h(ci) and store (ci , h(ci)), 1 ≤ i ≤ M, at the client. Transmit the lifted function h˜ : R λd → … view at source ↗

**Figure 4.** Figure 4: Experimentally obtained I/O trajectories in both homomorphic covert attack variants. cooldown phase is concluded, all deviations between uc(k) and u(k) as well as yc(k) and y(k) have been eliminated, which preserves stealthiness even after the attack. Therefore, the covert attack and cooldown can be successfully implemented with both stages of model knowledge. However, the configuration from Section 3.2 … view at source ↗

read the original abstract

The security of networked control systems (NCS) is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailored attacks (and detection schemes), including covert and zero-dynamics attacks. Confidentiality in control systems can, for instance, be achieved by securely outsourcing the evaluation of the controller to third-party platforms, such as cloud services. The underlying technology enabling such secure computation often is homomorphic encryption (HE). Recent works in encrypted control have proposed modifications to underlying HE schemes to achieve not only confidentiality but also resilience to certain types of integrity attacks. While extensions in this direction are desirable in principle, we show that the integrity problem in encrypted control cannot be solved by public-key HE schemes alone due to their inherent malleability. In other words, the same homomorphisms that enable encrypted control % in the first place can be leveraged not only constructively but also destructively. More precisely, we demonstrate that NCS are vulnerable to covert attacks, even when encrypted control is employed. Remarkably, this remains possible without knowledge of an unencrypted model. Yet, resilience to such attacks can still be achieved through complementary techniques. We present an approach based on verifiable computation that integrates with modern homomorphic cryptosystems and is asymptotically secure while incurring no communication overhead.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Public-key HE encrypted control stays open to covert attacks via malleability even without model knowledge, but verifiable computation is a workable add-on.

read the letter

The main thing here is that public-key homomorphic encryption cannot deliver integrity against covert attacks on its own. The same homomorphic properties that let you run the controller on ciphertexts also let an attacker craft valid-looking inputs that steer the closed loop without detection, and the paper shows this holds even when the attacker has no unencrypted model. They then sketch a verifiable-computation layer that integrates with existing HE schemes, keeps communication cost flat, and gives asymptotic security guarantees.

Referee Report

2 major / 2 minor

Summary. The paper argues that public-key homomorphic encryption (HE) schemes, while enabling confidential outsourced control in networked control systems (NCS), cannot provide integrity against covert attacks because of their inherent malleability. The authors show that an attacker can construct valid ciphertexts that induce a desired covert effect on the closed-loop trajectory without knowledge of the unencrypted plant or controller model. They further present a mitigation based on verifiable computation that integrates with existing HE schemes, claiming asymptotic security and zero communication overhead.

Significance. If the attack construction and its model-free property hold, the result identifies a fundamental limitation of public-key HE for encrypted control: the same algebraic properties that enable computation also enable integrity attacks. The proposed verifiable-computation countermeasure offers a concrete path to resilience without added communication cost. This strengthens the case for hybrid cryptographic-system-theoretic defenses in cloud-based NCS and supplies a falsifiable attack template that future encrypted-control schemes must address.

major comments (2)

[§4] §4 (attack construction): the claim that the covert attack preserves the closed-loop trajectory without any unencrypted model knowledge requires an explicit algebraic verification that the manipulated ciphertext remains a valid encryption of a control input that lies in the image of the controller map; the current sketch relies on the standard malleability property but does not show that the resulting state deviation remains undetectable by standard residual-based detectors.
[§5] §5 (verifiable-computation mitigation): the statement that the scheme is 'asymptotically secure' while incurring 'no communication overhead' needs a precise security-parameter analysis showing how the proof size and verification time scale with the HE ciphertext size; without this, it is unclear whether the overhead remains negligible for typical NCS sampling rates.

minor comments (2)

[Abstract] The abstract states that attacks remain possible 'without knowledge of an unencrypted model'; this phrasing should be clarified to 'without knowledge of the plant matrices or controller gains' to avoid ambiguity with partial model information.
[§2] Notation for the homomorphic operations (e.g., ⊕, ⊗) is introduced without an explicit reference to the underlying HE scheme parameters; a short table mapping symbols to the scheme (e.g., Paillier, CKKS) would improve readability.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments. We address each major comment below.

read point-by-point responses

Referee: [§4] §4 (attack construction): the claim that the covert attack preserves the closed-loop trajectory without any unencrypted model knowledge requires an explicit algebraic verification that the manipulated ciphertext remains a valid encryption of a control input that lies in the image of the controller map; the current sketch relies on the standard malleability property but does not show that the resulting state deviation remains undetectable by standard residual-based detectors.

Authors: We agree that an explicit algebraic verification strengthens the attack construction. In the revised manuscript we will add a detailed derivation showing that the manipulated ciphertext is a valid encryption of a control input lying in the image of the controller map, and that the induced state deviation remains below the threshold of standard residual-based detectors. The derivation relies only on the malleability property of the public-key HE scheme and does not require unencrypted model knowledge. revision: yes
Referee: [§5] §5 (verifiable-computation mitigation): the statement that the scheme is 'asymptotically secure' while incurring 'no communication overhead' needs a precise security-parameter analysis showing how the proof size and verification time scale with the HE ciphertext size; without this, it is unclear whether the overhead remains negligible for typical NCS sampling rates.

Authors: We will incorporate a precise security-parameter analysis in the revision. The added section will derive the scaling of proof size and verification time with HE ciphertext size, confirm asymptotic security, and provide concrete bounds showing that the overhead remains negligible at typical NCS sampling rates. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper's central claims rest on the standard algebraic malleability of public-key homomorphic encryption, an external cryptographic property independent of the authors' definitions or prior self-citations. The covert-attack construction on encrypted NCS (without unencrypted model knowledge) follows directly from these known homomorphic properties rather than any fitted parameters or self-referential steps, and the verifiable-computation mitigation is presented as an integration with existing schemes. No load-bearing derivation reduces by construction to the paper's own inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The negative result relies on the standard malleability of public-key HE schemes (domain assumption) and the definition of covert attacks from prior control-security literature. No free parameters or invented entities are introduced.

axioms (2)

standard math Public-key homomorphic encryption schemes are malleable, allowing valid modifications to ciphertexts that produce corresponding modifications to plaintexts.
Invoked to show that the same homomorphisms enabling encrypted control can be used destructively.
domain assumption Covert attacks can be realized by altering the controller output without knowledge of the plant model.
Central to the claim that attacks succeed even without an unencrypted model.

pith-pipeline@v0.9.0 · 5555 in / 1058 out tokens · 17634 ms · 2026-05-15T02:49:32.983629+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

20 extracted references · 20 canonical work pages

[1]

Adamek, J., Binfet, P., Schl ¨uter, N., and Schulze Darup, M. (2024). Encrypted system identification as-a-service via re- liable encrypted matrix inversion. In2024 IEEE 63rd Conf. Decis. Control (CDC), 4582–4588

work page 2024
[2]

Alexandru, A.B., Burbano, L., C ¸ eliktu˘g, M.F., Gomez, J., Car- denas, A.A., Kantarcioglu, M., and Katz, J. (2022). Private anomaly detection in linear controllers: Garbled circuits vs. homomorphic encryption. In2022 IEEE 61st Conf. Decis. Control (CDC), 7746–7753

work page 2022
[3]

Reuter, C.A., and Strand, M. (2015). A guide to fully ho- momorphic encryption. Cryptology ePrint Archive, Paper 2015/1192

work page 2015
[4]

and Fiore, D

Catalano, D. and Fiore, D. (2013). Practical homomorphic MACs for arithmetic circuits. In T. Johansson and P.Q. Nguyen (eds.),Adv. Cryptol. – EUROCRYPT 2013, 336–352. Springer Berlin Heidelberg, Berlin, Heidelberg

work page 2013
[5]

Hubaux, J.P. (2024). Veritas: Plaintext encoders for prac- tical verifiable homomorphic encryption. InProc. 2024 ACM SIGSAC Conf. Comput. Commun. Secur., CCS ’24, 2520–2534. Association for Computing Machinery, New

work page 2024
[6]

Cheon, J.H., Kim, A., Kim, M., and Song, Y . (2017). Homo- morphic encryption for arithmetic of approximate numbers. In T. Takagi and T. Peyrin (eds.),Adv. Cryptol. – ASIACRYPT 2017, 409–437. Springer International Publishing, Cham

work page 2017
[7]

Dyer, J., Dyer, M., and Xu, J. (2019). Practical homomorphic en- cryption over the integers for secure computation in the cloud. Int. J. Inf. Secur., 18(5), 549–579

work page 2019
[8]

and Zhang, P

Fauser, M. and Zhang, P. (2020). Resilience of cyber-physical systems to covert attacks by exploiting an improved encryp- tion scheme. In2020 59th IEEE Conf. Decis. Control (CDC), 5489–5494

work page 2020
[9]

and Zhang, P

Fauser, M. and Zhang, P. (2021). Resilient homomorphic en- cryption scheme for cyber-physical systems. In2021 60th IEEE Conf. Decis. Control (CDC), 5634–5639

work page 2021
[10]

and Zhang, P

Fauser, M. and Zhang, P. (2024). A secure resilient homomor- phic encryption scheme for control systems.IEEE Trans. Au- tom. Control, 1–16

work page 2024
[11]

and Lucia, W

Gheitasi, K. and Lucia, W. (2020). A finite-time stealthy covert attack against cyber-physical systems. In2020 7th Int. Conf. Control Decis. Inf. Technol. (CoDIT), volume 1, 347–352

work page 2020
[12]

and Lucia, W

Gheitasi, K. and Lucia, W. (2022). Undetectable finite-time covert attack on constrained cyber-physical systems.IEEE Trans. Contr. Netw. Syst., 9(2), 1040–1048

work page 2022
[13]

Ruths, J., Tippenhauer, N.O., Sandberg, H., and Candell, R. (2018). A survey of physics-based attack detection in cyber- physical systems.ACM Comput. Surv. (CSUR), 51(4), 1–36

work page 2018
[14]

and Shoup, V

Halevi, S. and Shoup, V . (2014). Algorithms in HElib. In J.A. Garay and R. Gennaro (eds.),Adv. Cryptol. – CRYPTO 2014, 554–571. Springer Berlin Heidelberg, Berlin, Heidelberg

work page 2014
[15]

Johansson, K. (2000). The quadruple-tank process: a multivari- able laboratory process with an adjustable zero.IEEE Trans. Control Syst. Technol., 8(3), 456–465

work page 2000
[16]

and Lindell, Y

Katz, J. and Lindell, Y . (2014).Introduction to modern cryp- tography, second edition. Chapman & Hall/CRC Cryptog- raphy and Network Security Series. Chapman & Hall/CRC,

work page 2014
[17]

Marcolla, C., Sucasas, V ., Manzano, M., Bassoli, R., Fitzek, F.H.P., and Aaraj, N. (2022). Survey on fully homomorphic encryption, theory, and applications.Proc. IEEE, 110(10), 1572–1609. Schl¨uter, N., Binfet, P., and Schulze Darup, M. (2023). A brief survey on encrypted control: From the first to the second gen- eration and beyond.Annu. Rev. Control, 5...

work page 2022
[18]

Smith, R.S. (2011). A decoupled feedback structure for covertly appropriating networked control systems.IFAC Proc. Vol., 44(1), 90–95. 18th IFAC World Congress

work page 2011
[19]

Stabile, F., Lucia, W., Youssef, A., and Franz `e, G. (2024). A verifiable computing scheme for encrypted control systems. IEEE Control Syst. Lett., 8, 1096–1101

work page 2024
[20]

Teixeira, A., P ´erez, D., Sandberg, H., and Johansson, K.H. (2012). Attack models and scenarios for networked control systems. InProc. 1st Int. Conf. High Confid. Netw. Syst., HiCoNS ’12, 55–64. Association for Computing Machinery, New York, NY , USA. APPENDIXA. UPPER BOUND FOR INSTANTANEOUS ATTACK SUCCESS PROBABILITY We want to show thatp succ ≤2 −λ/2 f...

work page 2012