Weisfeiler and Lehman Go Measurement Modeling: Probing the Validity of the WL Test

The expressive power of graph neural networks is usually measured by comparing how many pairs of graphs or nodes an architecture can possibly distinguish as non-isomorphic to those distinguishable by the $k$-dimensional Weisfeiler-Lehman ($k$-WL) test. In this paper, we uncover misalignments between graph machine learning practitioners' conceptualizations of expressive power and $k$-WL through a systematic analysis of the reliability and validity of $k$-WL. We conduct a survey ($n = 18$) of practitioners to surface their conceptualizations of expressive power and their assumptions about $k$-WL. In contrast to practitioners' opinions, our analysis (which draws from graph theory and benchmark auditing) reveals that $k$-WL does not guarantee isometry, can be irrelevant to real-world graph tasks, and may not promote generalization or trustworthiness. We argue for extensional definitions and measurement of expressive power based on benchmarks. We further contribute guiding questions for constructing such benchmarks, which is critical for graph machine learning practitioners to develop and transparently communicate our understandings of expressive power

Cryptanalysis of Random Affine Transformations for Encrypted Control

Cloud-based and distributed computations are of growing interest in modern control systems. However, these technologies require performing computations on not necessarily trustworthy platforms and, thus, put the confidentiality of sensitive control-related data at risk. Encrypted control has dealt with this issue by utilizing modern cryptosystems with homomorphic properties, which allow a secure evaluation at the cost of an increased computation or communication effort (among others). Recently, a cipher based on a random affine transformation gained attention in the encrypted control community. Its appeal stems from the possibility to construct security providing homomorphisms that do not suffer from the restrictions of ``conventional'' approaches. This paper provides a cryptanalysis of random affine transformations in the context of encrypted control. To this end, a deterministic and probabilistic variant of the cipher over real numbers are analyzed in a generalized setup, where we use cryptographic definitions for security and attacker models. It is shown that the deterministic cipher breaks under a known-plaintext attack, and unavoidably leaks information of the closed-loop, which opens another angle of attack. For the probabilistic variant, statistical indistinguishability of ciphertexts can be achieved, which makes successful attacks unlikely. We complete our analysis by investigating a floating point realization of the probabilistic random affine transformation cipher, which unfortunately suggests the impracticality of the scheme if a security guarantee is needed.Comment: 8 pages, 2 figures, to be published in the proceedings of the 22nd World Congress of the International Federation of Automatic Control (2023

Privacy Against Adversarial Classification in Cyber-Physical Systems

For a class of Cyber-Physical Systems (CPSs), we address the problem of performing computations over the cloud without revealing private information about the structure and operation of the system. We model CPSs as a collection of input-output dynamical systems (the system operation modes). Depending on the mode the system is operating on, the output trajectory is generated by one of these systems in response to driving inputs. Output measurements and driving inputs are sent to the cloud for processing purposes. We capture this "processing" through some function (of the input-output trajectory) that we require the cloud to compute accurately - referred here as the trajectory utility. However, for privacy reasons, we would like to keep the mode private, i.e., we do not want the cloud to correctly identify what mode of the CPS produced a given trajectory. To this end, we distort trajectories before transmission and send the corrupted data to the cloud. We provide mathematical tools (based on output-regulation techniques) to properly design distorting mechanisms so that: 1) the original and distorted trajectories lead to the same utility; and the distorted data leads the cloud to misclassify the mode

Private Computation of Polynomials over Networks

This study concentrates on preserving privacy in a network of agents where each agent seeks to evaluate a general polynomial function over the private values of her immediate neighbors. We provide an algorithm for the exact evaluation of such functions while preserving privacy of the involved agents. The solution is based on a reformulation of polynomials and adoption of two cryptographic primitives: Paillier as a Partially Homomorphic Encryption scheme and multiplicative-additive secret sharing. The provided algorithm is fully distributed, lightweight in communication, robust to dropout of agents, and can accommodate a wide class of functions. Moreover, system theoretic and secure multi-party conditions guaranteeing the privacy preservation of an agent's private values against a set of colluding agents are established. The theoretical developments are complemented by numerical investigations illustrating the accuracy of the algorithm and the resulting computational cost.Comment: 12 pages, 4 figure