Securing Control Systems in the Quantum Era

Author: Denis Avetisyan

Researchers have developed a new approach to protect industrial control systems from sophisticated attacks, even in the face of emerging quantum computing threats.

The study demonstrates that secure control systems can be realized through the combined application of encryption and quantization, enabling provable bounds on system state and guaranteeing confidentiality even under adversarial observation-a result formalized by the preservation of system properties within the discrete domain defined by <span class="katex-eq" data-katex-display="false"> \mathbb{Z}_q </span>. — The study demonstrates that secure control systems can be realized through the combined application of encryption and quantization, enabling provable bounds on system state and guaranteeing confidentiality even under adversarial observation-a result formalized by the preservation of system properties within the discrete domain defined by $\mathbb{Z}_q$ .

This work introduces a dynamic-key post-quantum encryption scheme based on Learning With Errors (LWE) to defend against system identification attacks in encrypted control systems.

Conventional control systems are increasingly vulnerable to sophisticated attacks exploiting system identification, demanding novel security paradigms. This paper, ‘Dynamic-Key Post-Quantum Encrypted Control Against System Identification Attacks’, introduces a post-quantum encrypted control scheme leveraging dynamic-key Learning with Errors (LWE) encryption to mitigate these risks. By simultaneously updating both private keys and ciphertexts, the proposed method enables secure control resistant to system identification attacks while accounting for error growth during homomorphic operations. Will this approach pave the way for truly resilient and secure control systems in an era threatened by quantum computing?

The Expanding Attack Surface of Cyber-Physical Systems

The escalating complexity of modern cyber-physical systems – encompassing everything from power grids and water treatment facilities to transportation networks – has inadvertently created a broader attack surface for malicious actors. These systems, designed for efficiency and automation, often prioritize functionality over robust security, leaving control systems vulnerable to increasingly sophisticated attacks. Unlike traditional IT networks, these physical systems directly impact the real world; a successful breach can therefore result in physical damage, service disruptions, and even endanger human life. The interconnected nature of these systems, while enabling greater efficiency, also means that a single compromised component can potentially cascade into widespread failures, highlighting the critical need for proactive security measures and resilient system design.

Historically, the operational technologies governing critical infrastructure – from power grids to water treatment facilities – were isolated systems, relying on physical security for protection. However, the integration of these systems with standard IT networks, while increasing efficiency and automation, has simultaneously introduced significant vulnerabilities. Traditional control protocols, such as Modbus and DNP3, were designed for functionality and reliability, not security, and lack built-in authentication, encryption, or integrity checks. This architectural oversight means that malicious actors, once gaining network access, can readily manipulate control signals, alter setpoints, or even disable safety mechanisms. Consequently, systems relying on these protocols are susceptible to a range of attacks, including denial-of-service, man-in-the-middle attacks, and false data injection, potentially leading to widespread disruption and physical damage.

Encrypted Control represents a fundamental shift in how critical infrastructure is secured, moving beyond perimeter defenses to protect the very signals that dictate system operation. This approach utilizes cryptographic techniques – including encryption, digital signatures, and secure multiparty computation – to shield control commands and system data from malicious manipulation. Rather than simply authenticating controllers or encrypting communication channels, Encrypted Control embeds security within the control logic itself, ensuring that even compromised components cannot arbitrarily disrupt functionality. By guaranteeing the confidentiality and integrity of control signals, this paradigm promises resilience against a wide range of attacks, from remote intrusions to insider threats, and offers a pathway towards more dependable and trustworthy Cyber-Physical Systems in sectors like power grids, transportation, and water management.

This comparison demonstrates the minimal difference between the output of the encrypted controller and its quantized counterpart, indicating successful preservation of control performance during encryption.

Homomorphic Encryption: A Foundation for Secure Computation

Homomorphic Encryption (HE) facilitates computation on ciphertext without requiring prior decryption. Traditional encryption methods necessitate decryption before any processing can occur, exposing sensitive data. HE schemes, however, leverage mathematical properties to allow operations – such as addition and multiplication – to be performed directly on the encrypted data. The result of these operations is also encrypted, and when decrypted, matches the result of the same operations performed on the plaintext. This capability is crucial for applications where data privacy must be maintained throughout the entire computation lifecycle, enabling secure data processing by third parties or untrusted environments without revealing the underlying data itself.

Homomorphic encryption schemes, such as the Brakerski/Fan/Vercauteren (BFV) and Cheon-Kim-Kim-Song (CKKS) schemes, are built upon the hardness of the Ring Learning With Errors (Ring-LWE) problem. Ring-LWE is a lattice-based cryptographic primitive that extends the traditional Learning With Errors (LWE) problem to polynomial rings, offering improved efficiency. Specifically, these schemes represent data as polynomials over a ring $R = \mathbb{Z}_t[x]/(x^n + 1)$ , where $t$ is a power of two and $n$ is a security parameter. Encryption involves adding noise to a secret key and polynomial representation of the message, and decryption reverses this process. The security of BFV and CKKS relies on the computational difficulty of distinguishing between the distribution of valid encryptions and uniformly random noise, a challenge directly linked to the Ring-LWE assumption.

Direct implementation of homomorphic encryption schemes – such as BFV and CKKS – within control systems is hindered by significant computational overhead. These schemes involve complex mathematical operations on ciphertext, resulting in processing times orders of magnitude greater than operations on plaintext data. This overhead stems from the need to maintain data confidentiality throughout the entire computation. Furthermore, representing real-world control system data – often floating-point values or analog signals – within the discrete algebraic structures required by these schemes (typically polynomial rings) introduces approximation errors and requires careful scaling and quantization techniques to preserve accuracy and avoid information loss. The resulting ciphertext expansion also impacts storage and bandwidth requirements, posing additional challenges for resource-constrained embedded systems commonly found in control applications.

Dynamic-Key Encryption: Fortifying Security Through Constant Rotation

Dynamic-key encryption represents a departure from static public-key cryptography by mandating periodic updates to both the private key and the ciphertexts themselves. Traditional encrypted control systems utilize a single key pair for the duration of data transmission, leaving them vulnerable to long-term key compromise. In dynamic-key encryption, the private key is regularly re-generated and distributed, necessitating a corresponding re-encryption of all active ciphertexts. This constant key rotation limits the window of opportunity for an attacker to gather sufficient information from intercepted data to compromise the system, as any acquired ciphertext is only valid for a limited time period before the key changes.

Initial implementations of dynamic-key encryption relied on the ElGamal encryption scheme due to its relative simplicity and established security properties. However, ElGamal’s computational demands limited scalability and practical deployment. Recent advancements in fully and partially homomorphic encryption (FHE and PHE) schemes now enable dynamic-key encryption with significantly improved efficiency. These schemes allow for computations to be performed directly on encrypted data, reducing the need for decryption and re-encryption during key rotation and ciphertext updates. This feasibility with FHE/PHE expands the applicability of dynamic-key encryption to a wider range of data-intensive applications and environments where computational resources are constrained.

System Identification Attacks pose a threat to encrypted systems by attempting to deduce the underlying plaintext through analysis of ciphertexts and potentially the encryption scheme itself. Dynamic-key encryption mitigates this risk by frequently changing the encryption key; each key update effectively resets the adversary’s accumulated information. Because intercepted ciphertexts are linked to a short-lived key, the amount of data available for analysis is drastically reduced, making successful system identification significantly more difficult and computationally expensive for the attacker. This limits the attacker’s ability to construct and solve equations used to reveal the plaintext, as the parameters change with each key rotation, thereby increasing the security of the system.

The implementation of quantization techniques alongside dynamic key updates allows for computational cost optimization without compromising security within the encryption system. This approach reduces the precision of data representations, thereby lowering the computational burden of encryption and decryption operations. Our design procedure has determined this system achieves a quantum bit security level of 74, indicating resistance against attacks leveraging quantum computing capabilities. This security level is a direct result of the combined effect of frequent key rotation and the reduced data precision afforded by quantization, effectively minimizing the attack surface available to potential adversaries.

Quantifiable Resilience: Assessing the Security of Encrypted Control Systems

A quantifiable metric for security in encrypted control systems emerges from the careful consideration of both the time required to decipher encrypted data and the complexity associated with identifying sufficient samples to reconstruct system states. This approach moves beyond intuitive assessments of security, instead establishing a rigorous framework where resilience is directly linked to computational demands placed upon a potential attacker. By analyzing the interplay between these two factors – deciphering time and sample-identifying complexity – a system’s vulnerability can be assessed based on the resources an adversary would need to compromise its operation. This method provides a pathway to design control systems where the computational cost of decryption and state reconstruction significantly exceeds an attacker’s capabilities, ensuring long-term operational integrity and providing a concrete basis for evaluating the effectiveness of various encryption schemes within cyber-physical applications.

The implementation of State-Feedback Control benefits significantly when integrated with encrypted data streams, as security enhancements directly bolster system resilience. By quantifying the necessary computational effort for decryption – specifically, demonstrating a Quantum Sample-Deciphering Time $TQ$ exceeding the control system’s operational lifespan – these advancements create a practical barrier against adversarial attacks. This approach ensures that even with encrypted data, the Discrete-Time Linear Plant maintains its operational integrity and performance characteristics. Observed decryption errors, minimized to the range of $10^{-7}$ to $10^{-8}$ through adherence to established design principles, further validate the effectiveness of this security-focused implementation for critical cyber-physical systems.

A core strength of this security framework lies in its ability to safeguard the foundational Discrete-Time Linear Plant model without introducing performance degradation. The encryption methodology is intricately designed to operate on the data streams used by the control system, rather than altering the plant model itself. This preserves the inherent stability and responsiveness of the system while simultaneously shielding its operational logic from malicious interference. Consequently, the control system maintains its intended functionality even under adversarial conditions, as the underlying mathematical representation of the controlled process remains unaltered and effectively protected. This approach ensures that security enhancements do not come at the cost of diminished performance – a critical requirement for reliable and safe operation of cyber-physical systems.

Analysis reveals a quantifiable level of security for encrypted control systems, establishing a Sample Complexity of 33198 – the number of samples required to reliably decrypt the control signal. Critically, the calculated Quantum Sample-Deciphering Time (TQ) reaches 3.465 x 10⁸ seconds, significantly surpassing the expected operational lifespan of the system and effectively shielding it from decryption-based attacks. Investigations also demonstrated that deviations from the established parameters outlined in Lemma 4 resulted in decryption errors ranging from 10^-7 to 10^-8, underscoring the vital role of the proposed design procedure in maintaining robust security and reliable system operation.

The development of quantifiable security metrics for encrypted control systems represents a significant step towards building truly resilient Cyber-Physical Systems. By establishing a concrete understanding of system vulnerability and the time required for potential decryption – exceeding operational lifespans in demonstrated scenarios – these advances move beyond theoretical safeguards to provide practical, demonstrable robustness. This methodology isn’t simply about preventing attacks, but about building systems that can withstand increasingly sophisticated threats without compromising performance or operational integrity. The implications extend to critical infrastructure, autonomous vehicles, and any application reliant on secure, real-time control, offering a pathway to a future where these systems are less susceptible to malicious interference and more capable of maintaining stable operation even under duress.

The pursuit of an unassailable encrypted control system, as detailed in this work, demands a rigorous adherence to provable security. Every layer of defense, from the dynamic key updates to the LWE encryption scheme, must withstand mathematical scrutiny. This aligns perfectly with Bertrand Russell’s observation: “The point of the question is to discover whether the things we believe are true or false.” The paper’s focus on protecting against system identification attacks through constantly evolving keys isn’t merely about practical implementation; it’s about establishing a mathematically sound barrier against potential breaches, ensuring the underlying principles are demonstrably true and resistant to falsification. A system built on anything less invites inevitable compromise.

Future Directions

The presented scheme, while a demonstrable step towards practical post-quantum control, sidesteps a rather fundamental question: at what cost is this security achieved? The computational overhead of dynamic key updates, and the attendant homomorphic operations, remains significant. One suspects that practical implementations will necessitate a careful balancing act, trading off security margins against real-time performance. If it feels like magic that this system works at all, one hasn’t yet fully revealed the invariant governing its complexity.

Further exploration should address the limitations inherent in relying solely on Learning With Errors (LWE). While currently considered robust, cryptographic assumptions are rarely immutable truths. A prudent approach involves investigating hybrid schemes, incorporating multiple post-quantum primitives to provide defense in depth. The current focus on system identification attacks, while important, neglects other potential vulnerabilities – fault injection, side-channel leakage, and the ever-present specter of implementation errors.

Ultimately, the true measure of this work, and its successors, will not be the elegance of the mathematics – though that is, admittedly, a high bar – but its resilience against relentless, adversarial scrutiny. The pursuit of provable security, not merely empirical robustness, remains the most intellectually honest path forward. The challenge, then, is not simply to encrypt control signals, but to construct systems whose very foundations are mathematically unassailable.

Original article: https://arxiv.org/pdf/2604.23564.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

The Expanding Attack Surface of Cyber-Physical Systems

Homomorphic Encryption: A Foundation for Secure Computation

Dynamic-Key Encryption: Fortifying Security Through Constant Rotation

Quantifiable Resilience: Assessing the Security of Encrypted Control Systems

Future Directions

See also: