Multi-party computation enables secure polynomial control based solely on secret-sharing

TL;DR

This paper introduces multi-party computation methods for secure polynomial control using only secret sharing, significantly reducing computational demands compared to previous two-party schemes with homomorphic encryption.

Contribution

It presents a novel three-party control scheme and an n-party scheme that securely evaluate polynomial feedback laws without inter-server communication, enhancing efficiency and security.

Findings

Multi-party schemes are less computationally demanding than two-party schemes.

The n-party scheme guarantees perfect security with non-colluding servers.

Simulations demonstrate practical efficiency improvements.

Abstract

Encrypted control systems allow to evaluate feedback laws on external servers without revealing private information about state and input data, the control law, or the plant. While there are a number of encrypted control schemes available for linear feedback laws, only few results exist for the evaluation of more general control laws. Recently, an approach to encrypted polynomial control was presented, relying on two-party secret sharing and an inter-server communication protocol using homomorphic encryption. As homomorphic encryptions are much more computationally demanding than secret sharing, they make up for a tremendous amount of the overall computational demand of this scheme. For this reason, in this paper, we demonstrate that multi-party computation enables secure polynomial control based solely on secret sharing. We introduce a novel secure three-party control scheme based on three-party computation. Further, we propose a novel $n$-party control scheme to securely evaluate polynomial feedback laws of arbitrary degree without inter-server communication. The latter property makes it easier to realize the necessary requirement regarding non-collusion of the servers, with which perfect security can be guaranteed. Simulations suggest that the presented control schemes are many times less computationally demanding than the two-party scheme mentioned above.