Research & Papers

New Game Theory Model Reveals Optimal Re-Keying for Encrypted Multi-Agent Control

CKKS encryption leaks noise with every decryption—researchers model the optimal refresh cadence to block advanced persistent threats.

Deep Dive

Encrypted control systems promise privacy for fleets of agents by letting a cloud coordinate them on fully homomorphic encrypted (FHE) state data. But the popular CKKS scheme, designed for real-valued control, returns decryptions that carry encryption noise—a key-recovery leak that is unavoidable because the loop must decrypt to actuate. Until now, security analysis of approximate FHE has been static, and persistent-threat models never reach inside the cryptosystem itself.

In this paper, Sai Sandeep Damera and John S. Baras model the loop's security under an advanced persistent threat as a two-phase game: passive reconnaissance followed by active manipulation, with a measured residual detector separating the phases. They show that the passive phase reduces to a known flooding tradeoff, while the active defense must be re-keying (not bootstrapping), since only re-keying resets accumulated leakage. The active phase becomes a detection-evasion timing game. At the Stackelberg equilibrium, the defender re-keys on the laziest cadence that denies the adversary—a cadence set by the control-theoretic fragility of the graph topology. Marginally stable graphs must re-key far more often than well-connected ones. The result is a three-way tension among FHE precision, control accuracy, and re-key cadence, defining a window between a securability floor and a static-suffices ceiling. The efficient secure point lives inside that window, where re-keying is the price of precision efficiency. The authors argue this game-theoretic view applies beyond control to any system that must repeatedly decrypt to act.

Key Points
  • The CKKS homomorphic encryption scheme leaks key information every time the cloud decrypts state data for actuation, making static security assumptions inadequate.
  • The optimal re-keying cadence is determined by the graph topology's stability margin; marginally-stable networks require significantly more frequent re-keying than well-connected ones.
  • The paper introduces a three-way tradeoff between FHE precision, control accuracy, and re-key frequency, defining a 'securability window' where efficient secure operation is possible.

Why It Matters

This work provides a dynamic security framework that applies to any system repeatedly decrypting encrypted data, from fleets to cloud AI.

📬 Get the top 10 AI stories daily