Stability Buys Time: A Re-Keying Game for Encrypted Multi-Agent Control

📅 2026-07-14
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study addresses the risk of secret key leakage induced by decryption operations in fully homomorphic encryption–based multi-agent control systems, particularly under advanced persistent threats. To tackle this challenge, the work proposes a two-stage security modeling framework grounded in attacker–defender game theory, encompassing passive reconnaissance and active manipulation phases. A residual-based detector triggers defensive responses, and periodic rekeying—replacing conventional bootstrapping—is introduced to mitigate cumulative information leakage. For the first time, dynamic game theory is integrated into CKKS approximate fully homomorphic encrypted feedback systems, revealing a fundamental trade-off among graph topology stability, encryption precision, and rekeying frequency. Theoretical analysis demonstrates that marginally stable topologies necessitate higher rekeying rates, enabling the identification of a feasible operational window that balances control accuracy and security with minimal overhead.
📝 Abstract
Encrypted control lets a cloud coordinate a fleet of agents on fully homomorphically encrypted state, keeping their positions and commands private. The approximate scheme for real-valued control, CKKS, returns decryptions that carry the encryption noise, a key-recovery leak; the loop must decrypt to actuate, so the leak is unavoidable. Yet the security of approximate FHE is studied statically, encrypted control assumes an honest-but-curious cloud, and persistent-threat games never reach inside the cryptosystem. We model the loop's security under an advanced persistent threat as a two-phase game, passive reconnaissance then active manipulation, separated by a measured residual detector that sees only the manipulation. The passive phase reduces to the known flooding tradeoff; the active defense is re-keying, not bootstrapping, since only re-keying resets accumulated leakage. The active phase is a detection-evasion timing game: overt manipulation is caught, so the rational adversary stays stealthy, and at its Stackelberg equilibrium the defender re-keys on the laziest cadence that denies it, set by the control-theoretic fragility of the graph topology. The marginally-stable graph must re-key far more often than the well-connected one. A three-way tension among FHE precision, control accuracy, and re-key cadence sets where this game lives, between a securability floor and a static-suffices ceiling. The efficient secure point is that window, where re-keying is the price of precision efficiency. More broadly, security for an approximate cryptosystem in a feedback loop is a dynamic game whose defender's move is the scheme's own refresh, applying beyond control to any system that must repeatedly decrypt to act.
Problem

Research questions and friction points this paper is trying to address.

encrypted control
approximate FHE
advanced persistent threat
key-recovery leakage
feedback loop security
Innovation

Methods, ideas, or system contributions that make the work stand out.

re-keying
encrypted control
approximate FHE
dynamic security game
residual detection
🔎 Similar Papers
No similar papers found.