To address privacy risks arising from bidirectional leakage—of both system-sensitive data and verification specifications—in third-party runtime monitoring, this paper proposes a lightweight, secure compliance verification framework. Methodologically, we design two novel privacy-preserving protocols: (i) one guarantees that the monitor learns only the verification outcome without inferring the system’s internal state; and (ii) another ensures the monitored system remains completely oblivious to the specification being verified—achieving, for the first time, bidirectional privacy isolation. Both protocols are built upon an optimized multi-party computation (MPC) scheme, tailored for temporal specifications modeled as register automata, and require only a single message exchange per observation step. Prototype implementation and evaluation demonstrate low communication overhead, bounded monitoring latency, and support for flexible verification granularities (e.g., daily), thereby balancing security, efficiency, and practical deployability.

Runtime verification offers scalable solutions to improve the safety and reliability of systems. However, systems that require verification or monitoring by a third party to ensure compliance with a specification might contain sensitive information, causing privacy concerns when usual runtime verification approaches are used. Privacy is compromised if protected information about the system, or sensitive data that is processed by the system, is revealed. In addition, revealing the specification being monitored may undermine the essence of third-party verification. In this work, we propose two novel protocols for the privacy-preserving runtime verification of systems against formal sequential specifications. In our first protocol, the monitor verifies whether the system satisfies the specification without learning anything else, though both parties are aware of the specification. Our second protocol ensures that the system remains oblivious to the monitored specification, while the monitor learns only whether the system satisfies the specification and nothing more. Our protocols adapt and improve existing techniques used in cryptography, and more specifically, multi-party computation. The sequential specification defines the observation step of the monitor, whose granularity depends on the situation (e.g., banks may be monitored on a daily basis). Our protocols exchange a single message per observation step, after an initialisation phase. This design minimises communication overhead, enabling relatively lightweight privacy-preserving monitoring. We implement our approach for monitoring specifications described by register automata and evaluate it experimentally.