Attorney Docket No.10046-486WO1 7971 TAN Method and System using Homomorphically Encrypted Nonlinear Dynamic Controller STATEMENT OF GOVERNMENT SUPPORT [0001] This invention was made with government support under Grant No.1944318 awarded by the National Science Foundation. The government has certain rights in the invention. RELATED APPLICATION [0002] This PCT application claims priority to, and the benefit of, U.S. Provisional Patent Application No.63/412,824, filed October 3, 2022, which is hereby incorporated by reference herein in its entirety. BACKGROUND [0003] There is growing interest in using third-party cloud-based infrastructure for cloud- based controls of industrial, medical, or business operational applications. While the use of cloud infrastructure can reduce the cost of operation while providing more flexibility, it also opens the intellectual property of the controller to potential theft, snooping, or misappropriation as the hardware is under the control of a semi-trusted party. Encryption of control systems can be employed to encrypt and decrypt the model during operations to make the model more secure, but such encryption operation can be computationally expensive and still open the model to snooping, limiting the use of such implementation for non-real-time operation. [0004] Homomorphic encryption is a form of encryption that permits users to perform computations on encrypted data without first decrypting it. Practical deployment of homomorphic encryption is still limited, and early prototypes and theoretical basis for them are limited to a small subset of linear models. [0005] There is a benefit to improving the privacy or security of controls, particularly for cloud-based implementations of them. SUMMARY [0006] An exemplary method and system are disclosed that can provide homomorphically encrypted real-time control operation of nonlinear dynamical systems, including AI or ML control systems, by linearizing and quantizing such nonlinear dynamical systems as a linear time-invariant (LTI) control system for homomorphic encryption. The real-time control operation can be applied to non-linear AI or ML control systems (i.e., having non-linear Attorney Docket No.10046-486WO1 7971 TAN components) to be implemented as a complex dynamical system, e.g., for predictive analytics, remote controls, and other advanced controls while ensuring that the data and control model is secured from third-party service providers and from third-party hackers. A dynamic controller generally refers to the data analysis and decision-making using an algorithm or controls that can continuously and/or iteratively update its internal memory state based on an input, e.g., input time series, or other data format to produce an output, e.g., an output time-series, in real-time. The dynamic controller can be used to perform video processing, speech recognition, industrial equipment, or component controls, among others described herein. [0007] In some embodiments, a proprietary control model (e.g., a non-linear AI model) and associated internal states or parameters can be homomorphically encrypted and then stored and executed while in the homomorphically encrypted state on third-party hardware or semi-trusted party hardware (e.g., cloud infrastructure). The control operation can thus be performed in a secured and confidential manner, with the homomorphically encrypted real-time controller being maintained in an encrypted state without the need to decrypt the controller or input during execution. [0008] In some embodiments, cloud infrastructure is provided that can operate with a client service residing at the client site to generate and transmit the homomorphically encrypted data or measurements for control generation on the cloud infrastructure and retrieve the encrypted control signal at the client site, an edge device or local controller, for operations. In other embodiments, the homomorphically encrypted real-time controller can be executed on edge devices. In some embodiments, a company can create a homomorphically encrypted real-time control using the exemplary process and provide that homomorphically encrypted real-time controller to third-party hardware or semi-trusted party hardware. [0009] A study was performed that developed and evaluated a process to operate a general nonlinear dynamical system over HE for an infinite time horizon without bootstrapping. In the context of statistics and data science, bootstrapping refers to techniques to reduce encryption noise by performing decryption and re-encryption on the cipher-text domain using an encrypted secret key [10]. Prior to the study, it was unknown whether linearization and quantization operations could produce a stable homomorphically encrypted real-time controller that would not accrue errors during run-time without having to perform a system or control reset. Attorney Docket No.10046-486WO1 7971 TAN [0010] The exemplary process of generating a homomorphically encrypted real-time control may be applied to various state-of-the-art decision-making algorithms that are nonlinear and memory-based algorithms. As used herein, memory-based algorithms refer to algorithms or control-based operations that retain the state information of a controller in memory. [0011] In an aspect, a method is disclosed of operating an encrypted controller (e.g., homomorphic encrypted controller), the method comprising providing, by a processor executed instructions from a memory, an encrypted controller comprising a homomorphically-encrypted state-transition matrix configured as a linear time-invariant dynamical system generated from a non-linear control model, wherein the homomorphically encrypted state transition matrix is a linearized components representing a; non-linear control model after having been quantized and encrypted; receiving, by the processor, an encrypted sensor input message (e.g., ciphertexts) from an edge device or a local controller configured, via an actuator, to control a controllable device, wherein the encrypted sensor input comprises a sensor measurement having been encrypted with an encryption operation at the edge device or local controller, the encryption operation having an associated public key and a private key, wherein the private key is not available to the encrypted controller; determining, by the processor, an output of the encrypted controller by applying the encrypted sensor input to the homomorphically-encrypted state- transition matrix, or matrix portion, wherein the determining is performed directly on the encrypted sensor input message without decrypting the received data; and transmitting, by the processor, the output of the encrypted controller to the edge device or the local controller to adjust controls of the actuator of the controllable device. [0012] In some embodiments, the encrypted sensor input is applied, via a first arithmetic operation, to the homomorphically-encrypted state-transition matrix, or matrix portion, and via a second arithmetic operation, wherein outputs of the first and second arithmetic operations are combined via a third arithmetic operation to generate the output of the encrypted controller. [0013] In some embodiments, the determining and the transmitting operations are performed in real time (e.g., for a real-time control application). [0014] In some embodiments, the edge device or the local controller is configured to decrypt the output of the encrypted controller using the private key, wherein the decrypted output of the encrypted controller is used to adjust the controls of the actuator of the controllable device. Attorney Docket No.10046-486WO1 7971 TAN [0015] In some embodiments, the non-linear control model had been linearized using a subspace identification (SID) operation to generate the control components. [0016] In some embodiments, the non-linear control model had been linearized using a Koopman linearization (KL) operation to generate the control components. [0017] In some embodiments, the non-linear control model had been linearized using a Carleman linearization (CL) operation to generate the control components. [0018] In some embodiments, the non-linear control model had been linearized and selected from a plurality of linearization operations. [0019] In some embodiments, the homomorphically-encrypted state-transition matrix is generated from components of a first model (e.g., proprietary model) and trajectory data by receiving, at the encrypted controller or cloud infrastructure resource, components of the first model, wherein the first model was linearized, via a linearization operation, and encrypted at the edge device or the local controller (e.g., via subspace identification (SID), Koopman linearization (KL), or Carleman linearization (CL)); and generating, at the encrypted controller or cloud infrastructure resource, a state-transition matrix of the linearized model. [0020] In some embodiments, the homomorphically-encrypted state-transition matrix is generated from components of a first model (e.g., proprietary model) and trajectory data by: receiving, at the encrypted controller or cloud infrastructure resource, the first model; and generating, at the encrypted controller or cloud infrastructure resource, components of the first model by (i) linearizing, via a linearization operation, the first model at the encrypted controller or cloud infrastructure resource and (ii) quantizing and encrypting the control components of the first model. [0021] In some embodiments, the non-linear control model comprises a proprietary model topology, the model topology and associated parameters being opaque and private to the encrypted controller. [0022] In some embodiments, the non-linear control model comprises a neural network topology, the neural network topology, and associated parameters being opaque and private to the encrypted controller. [0023] In some embodiments, the controllable device has characteristics of a dynamical non- linear or linear system. Attorney Docket No.10046-486WO1 7971 TAN [0024] In some embodiments, the controllable device comprises an internet-of-things (IoT) device, a chemical or fluid processing equipment, an energy storage system, an autonomous vehicle system, a robotic system, a model predictive control system, or a medical device. [0025] In some embodiments, the encrypted controller is implemented in a cloud or remote- server infrastructure. [0026] In some embodiments, the homomorphically-encrypted state-transition matrix is generated from components of a second model (e.g., proprietary model) and trajectory data by: (i) receiving, at the encrypted controller or cloud infrastructure resource, components of the second model, wherein the second model was linearized, via a linearization operation, and encrypted at the edge device or the local controller; and generating, at the encrypted controller or cloud infrastructure resource, a state-transition matrix of the linearized model; or (ii) receiving, at the encrypted controller or cloud infrastructure resource, the second model; and generating, at the encrypted controller or cloud infrastructure resource, components of the second model by linearizing, via a linearization operation, second model and quantizing and encrypting the control components of the second model at the encrypted controller or cloud infrastructure resource. [0027] In some embodiments, the sensor measurement includes at least one of a temperature reading, a pressure reading, a force reading, a valve position reading, a level sensor reading, a speed reading, a position reading, an accelerator reading, a current reading, a voltage reading, a phase reading, and a combination thereof. [0028] In some embodiments, the sensor measurement includes financial data, social media data, or derived metrics from a database for a plurality of equipment or people. [0029] In some embodiments, the actuator includes a temperature output, a pressure output, a force output, a valve position output, a level sensor output, a speed output, a position output, an accelerator output, a current output, a voltage output, a phase output, and a combination thereof. [0030] In an aspect, a system comprising a processor; and a memory having instruction stored hereon, wherein execution of the instructions by the processor causes the processor to perform any one of the above-discussed methods. [0031] In some embodiments, the system further includes a cloud-associated infrastructure configured to execute the encrypted controller. Attorney Docket No.10046-486WO1 7971 TAN [0032] In some embodiments, the system further includes a cloud-associated infrastructure configured to receive components of the first model and to generate the encrypted controller therefrom, wherein the components are encrypted. [0033] In some embodiments, the system further includes an edge device or local controller configured to operate (e.g., in real-time) with the encrypted controller, wherein the edge device or local controller is configured to generate components of a model and to provide the components to the cloud-associated infrastructure to combine to form an encrypted controller. [0034] In an aspect, a non-transitory computer-readable medium having instructions stored thereon, wherein execution of the instructions by a processor causes the processor to perform any one of the above-discussed methods or systems. BRIEF DESCRIPTION OF THE DRAWINGS [0035] Embodiments of the present invention may be better understood from the following detailed description when read in conjunction with the accompanying drawings. Such embodiments, which are for illustrative purposes only, depict novel and non-obvious aspects of the invention. The drawings include the following figures: [0036] Figs.1A-1D each shows an example system comprising a homomorphically encrypted (HE) controller configured to operate a secured control algorithm in accordance with an illustrative embodiment [0037] Figs.2A and 2B each shows an example method of generating and operating the homomorphically encrypted (HE) controller in accordance with an illustrative embodiment. [0038] Fig.3A shows a summary of a generalized homomorphically encrypt-able model generation process in accordance with an illustrative embodiment. [0039] Fig.3B shows a summary of a SID homomorphically encrypt-able model generation process in accordance with an illustrative embodiment. [0040] Fig.3C shows a summary of a Koopman-linearized homomorphically encrypt-able model generation process in accordance with an illustrative embodiment. [0041] Fig.3D shows a summary of a Carleman-linearized homomorphically encrypt-able model generation process in accordance with an illustrative embodiment. [0042] Figs.4A-4D show the experimental results of a study that developed and evaluated a neural network-based homomorphically encrypted model in accordance with an illustrative embodiment. Attorney Docket No.10046-486WO1 7971 TAN [0043] Fig.5 shows an example encrypted nonlinear dynamic control considered for a study. [0044] Figs. 6A-6G shows example SID, KL and CL-based linearized homomorphically encrypt-able models for an SISO model and corresponding experimental and characterization results. DETAILED SPECIFICATION [0045] Some references, which may include various patents, patent applications, and publications, are cited in a reference list and discussed in the disclosure provided herein. The citation and/or discussion of such references is provided merely to clarify the description of the present disclosure and is not an admission that any such reference is “prior art” to any aspects of the present disclosure described herein. In terms of notation, “[n]” corresponds to the n ^th reference in the list. All references cited and discussed in this specification are incorporated herein by reference in their entireties and to the same extent as if each reference was individually incorporated by reference. [0046] Example System #1 [0047] Fig.1A shows a system 100 (shown as 100a) comprising a homomorphically encrypted (HE) controller 102 (shown as “Homomorphically Encrypted (HE) Controller” 102a) configured to operate a secured control algorithm 104 (shown as “Homomorphically Encrypted Control Model” 104a) for one or more edge devices or local control systems 106 (shown as 106a) in accordance with an illustrative embodiment. In the example shown in Fig.1A, the homomorphically encrypted controller 102a is implemented on cloud infrastructure hardware or a remote server that connects to the edge devices or local control systems 106 over a network 108. In other embodiments, the homomorphically encrypted controller 102 can be implemented in a local controller (e.g., as described in relation to Figs.1B, 1C, 1D). [0048] The homomorphically encrypted model 104 (e.g., 104a and others described herein) is a linear time-invariant (LTI) model having a control structure and internal states that are encrypted, and thus private, to the native computing platform (e.g., cloud infrastructure system or local edge device) to maintain the confidentiality of the controller’s execution and storage of its inputs, intermediate states, and/or outputs in a semantically secured manner. In cryptography, a semantically secured cryptosystem is one where only negligible information about the plaintext can be feasibly extracted from the ciphertext. Indeed, the control structure and internal states of the homomorphically encrypted controller 102 (e.g., 102a-102d) (including control structure and Attorney Docket No.10046-486WO1 7971 TAN values of the internal states), during runtime execution or non-run-time execution are not observable to administrators of the executing computing platform or any parties having access (physical or otherwise) to the executing computing platform, file storage, application space, operating system, and program workspace. The homomorphically encrypted controller 102 is thus protected and secured from reversed engineering efforts and from third-party efforts to extract confidential information about the model employed in the control application. [0049] Proprietary non-linear control algorithms such as machine-learning algorithms and other AI algorithms and models can be made secured from, and private to, third-parties, including the service providers, by converting them into a homomorphically encrypted control model. In some embodiments, the process of the conversion can be performed across multiple infrastructures or resources. This can facilitate the use of hardware or equipment of semi-trusted parties that can be more economically advantageous to implement but are not necessarily within the owner’s control. For local-controller implementations, the homomorphically encrypted controller 102 can additionally be employed to maintain the security, confidentiality, and privacy of data employed in the control operation; the data can be maintained in an encrypted form to maintain confidentiality or privacy of the data. [0050] The control algorithm 104 (e.g., 104a and others described herein) can be a single- input single-output (SISO) controller or multiple-input multiple-output (MIMO) controller configured with one or more proportional-integrator (PI) control, proportional-integrator- differentiator (PID) control, lead-lag control as a linear or nonlinear dynamic controller. In some embodiments, the control algorithm 104 can be implemented as a neural network (DNN) controller such as a recurrent neural network (RNN) controller, long short-term memory (LSTM) controller, convolutional neural network (CNN), or regional convolutional neural network (R- CNN). Other machine-learning or AI-based controllers may be employed. [0051] The homomorphically encrypted controller 102 (e.g., 102a and others described herein) employs a state-transition matrix 110 (also referred to as a state matrix or a transition matrix) having components that have been linearized (e.g., having real number, non-integer values) and quantized to have integer-only values. The integer-only state-transition matrix 110 can then be encrypted to produce an encrypted state-transition matrix to which homomorphically-encrypted arithmetic and multiplication operations can be performed over ciphertext comprising encrypted control input or parameters. In some embodiments, the Attorney Docket No.10046-486WO1 7971 TAN homomorphic encryption operations employ a learning-with-error (LWE) cryptosystem that is configured to infer a linear n-ary function over a finite ring from a given sample. The cryptosystem may maintain a ciphertext error function in an iterative or recursive loop for the computation. The homomorphically encrypted controller 102, generated using the exemplary method, can be generated to be stable. This can prevent the encryption error from growing over time without resorting to computationally expensive procedures such as data re-encryption or bootstrapping. [0052] In the example shown in Fig. 1A, the system 100a includes a set-up cloud infrastructure or remote server 112 (shown as 112a), which can be the same as that used to execute the controller 102a or a separate infrastructure to be used for generating the controller 102a, configured to receive a source model 114 (shown as “Proprietary Control Model” 114a) and trajectory data 116, e.g., a model owner. The model owner may be a third-party owner or a party that controls the set-up cloud infrastructure or remote server 112a. The set-up cloud infrastructure or remote server 112a may receive the source model 114, or a portion of the model, from a client application 115 (shown as a “Homomorphically Encrypted (HE) Controller Setup Client” 115a). The setup client 115a, in some embodiments, is configured to operate on an edge device or local control system 106a or a prototype version thereof and to provide the source model 114 to the set-up cloud infrastructure or remote server 112a. In some embodiments, the model 114a may be created offline (e.g., on a remote computing device) or in a development/simulation environment and then provided to the set-up cloud infrastructure or remote server 112a to be converted to the homomorphically encrypted control model 104a. [0053] The setup cloud infrastructure or remote server 112 (e.g., 112a), or a set thereof, in the example of Fig.1A, includes a data store 118, a linearization and quantization module 120, an encryption module 122 (shown as “Homomorphic Encryption” module 122), to generate the homomorphically encrypted control model 104a that can be stored in another data store or data store 118 (shown as 124). The set-up cloud infrastructure or remote server 112a can then provide the homomorphically encrypted control model 104a to the homomorphically encrypted controller 102 to execute during run-time production operation, e.g., with the edge device or local control system 106a. The set-up cloud infrastructure or remote server 112a may include a controller 123 configured to control the different operations of the modules (e.g., 118, 120, 122, 124). In some embodiments, the various modules (e.g., 120, 122) of the set-up cloud Attorney Docket No.10046-486WO1 7971 TAN infrastructure or remote server 112a are implemented in control simulation and design environment or software. [0054] In the example shown in Fig. 1A, the edge devices or local control systems 106a include a local controller 126 (shown as 126a) that is configured to operate with one or more sensors 128 and one or more actuators 130 at the edge device or local control system 106a to regulate or control a piece of equipment or process 132 (shown as “controllable device” 132; also referred to as “Observed System” 132). The edge devices or local control systems 106a may include a network interface 134 and an encryption module 136. [0055] During runtime operation, the local controller 126 (e.g., 126a) is configured to acquire sensor measurements from the sensor 128 and encrypt, via the encryption module 136, the acquired sensor measurements as an encrypted sensor message 140 (shown having encrypted data and a secret key shown in this example as “Encrypting Key::Encrypted Data” 140). In some embodiments, the encrypting key is a public key (e.g., when the source model is provided by a third-party). In other embodiments, the encrypting key is a private key (e.g., when the source model is provided by an internal source). The homomorphically encrypted controller 102 receives, via network interface 142, over network 108, the encrypted sensor message 140 and applies the encrypted data 140, in its encrypted form, to the homomorphically encrypted control model 104a to generate an encrypted output. The homomorphically encrypted controller 102 then transmits the encrypted output in an encrypted message 144 (shown as “Encrypted Control command” message 144) to the edge devices or local control systems 106a. The edge devices or local control systems 106a receive the encrypted message 144 and can decrypt, e.g., via the encryption module 136 using a private key (corresponding to, or used to generate, the public key that was a part of data message 140), the encrypted message 144 to generate a control output that can be used to drive the actuator 130 to regulate or control the equipment or process 132. [0056] The equipment or process/observed system 132 may be a piece of equipment to which the output command 144 may be related to a temperature output, a pressure output, a force output, a valve position output, a level sensor output, a speed output, a position output, an accelerator output, a current output, a voltage output, a phase output, and a combination thereof for a corresponding equipment subcomponent. In examples in which the observed system 132 is a model for a set of people or equipment, the output command 144 may be a model output. Attorney Docket No.10046-486WO1 7971 TAN [0057] The sensor measurement may include at least one of temperature reading, a pressure reading, a force reading, a valve position reading, a level sensor reading, a speed reading, a position reading, an accelerator reading, a current reading, a voltage reading, a phase reading, and a combination thereof. The sensor measurement may be acquired for a process, e.g., from a database, and can include financial data, social media data, or derived metrics from the database in relation to a plurality of equipment or people. The sensor 128 may include any one of temperature sensors, pressure sensors, strain gauges, valve position sensors, level sensors, speed sensors, position sensors, accelerometers, volt meters, current meters, medical instruments, medical imaging devices such as ultrasound, computed tomography (CT), magnetic resonance imaging (MRI), optical sensors, acoustic sensors, capacitance sensors, or a combination thereof. [0058] The edge device or local control system 106a and homomorphically encrypted controller 102a can be used for secured real-time operations, e.g., having guaranteed control response within its hardware and software resource within seconds, milliseconds, or micro- seconds resolution. The edge device or local control system 106a and homomorphically encrypted controller 102a can be used for secured non-real-time control operations. [0059] Machine Learning. In addition to the machine learning features described above, the analysis system can be implemented using one or more artificial intelligence and machine learning operations. The term “artificial intelligence” can include any technique that enables one or more computing devices or computing systems (i.e., a machine) to mimic human intelligence. Artificial intelligence (AI) includes but is not limited to knowledge bases, machine learning, representation learning, and deep learning. The term “machine learning” is defined herein to be a subset of AI that enables a machine to acquire knowledge by extracting patterns from raw data. Machine learning techniques include, but are not limited to, logistic regression, support vector machines (SVMs), decision trees, Naïve Bayes classifiers, and artificial neural networks. The term “representation learning” is defined herein to be a subset of machine learning that enables a machine to automatically discover representations needed for feature detection, prediction, or classification from raw data. Representation learning techniques include, but are not limited to, autoencoders and embeddings. The term “deep learning” is defined herein to be a subset of machine learning that enables a machine to automatically discover representations needed for feature detection, prediction, classification, etc., using layers of processing. Deep learning Attorney Docket No.10046-486WO1 7971 TAN techniques include but are not limited to artificial neural networks or multilayer perceptron (MLP). [0060] Machine learning models include supervised, semi-supervised, and unsupervised learning models. In a supervised learning model, the model learns a function that maps an input (also known as feature or features) to an output (also known as target) during training with a labeled data set (or dataset). In an unsupervised learning model, the algorithm discovers patterns among data. In a semi-supervised model, the model learns a function that maps an input (also known as a feature or features) to an output (also known as a target) during training with both labeled and unlabeled data. [0061] Neural Networks. An artificial neural network (ANN) is a computing system including a plurality of interconnected neurons (e.g., also referred to as “nodes”). This disclosure contemplates that the nodes can be implemented using a computing device (e.g., a processing unit and memory as described herein). The nodes can be arranged in a plurality of layers, such as an input layer, an output layer, and optionally one or more hidden layers with different activation functions. An ANN having hidden layers can be referred to as a deep neural network or multilayer perceptron (MLP). Each node is connected to one or more other nodes in the ANN. For example, each layer is made of a plurality of nodes, where each node is connected to all nodes in the previous layer. The nodes in a given layer are not interconnected with one another, i.e., the nodes in a given layer function independently of one another. As used herein, nodes in the input layer receive data from outside of the ANN, nodes in the hidden layer(s) modify the data between the input and output layers, and nodes in the output layer provide the results. Each node is configured to receive an input, implement an activation function (e.g., binary step, linear, sigmoid, tanh, or rectified linear unit (ReLU) function), and provide an output in accordance with the activation function. Additionally, each node is associated with a respective weight. ANNs are trained with a dataset to maximize or minimize an objective function. In some implementations, the objective function is a cost function, which is a measure of the ANN’s performance (e.g., error such as L1 or L2 loss) during training, and the training algorithm tunes the node weights and/or bias to minimize the cost function. This disclosure contemplates that any algorithm that finds the maximum or minimum of the objective function can be used for training the ANN. Training algorithms for ANNs include but are not limited to backpropagation. It should be understood that an artificial neural network is provided only as an example machine Attorney Docket No.10046-486WO1 7971 TAN learning model. This disclosure contemplates that the machine learning model can be any supervised learning model, semi-supervised learning model, or unsupervised learning model. Optionally, the machine learning model is a deep learning model. Machine learning models are known in the art and are therefore not described in further detail herein. [0062] A convolutional neural network (CNN) is a type of deep neural network that has been applied, for example, to image analysis applications. Unlike traditional neural networks, each layer in a CNN has a plurality of nodes arranged in three dimensions (width, height, depth). CNNs can include different types of layers, e.g., convolutional, pooling, and fully-connected (also referred to herein as “dense”) layers. A convolutional layer includes a set of filters and performs the bulk of the computations. A pooling layer is optionally inserted between convolutional layers to reduce the computational power and/or control overfitting (e.g., by downsampling). A fully-connected layer includes neurons, where each neuron is connected to all of the neurons in the previous layer. The layers are stacked similarly to traditional neural networks. GCNNs are CNNs that have been adapted to work on structured datasets such as graphs. [0063] Other Supervised Learning Models. A logistic regression (LR) classifier is a supervised classification model that uses the logistic function to predict the probability of a target, which can be used for classification. LR classifiers are trained with a data set (also referred to herein as a “dataset”) to maximize or minimize an objective function, for example, a measure of the LR classifier’s performance (e.g., an error such as L1 or L2 loss), during training. This disclosure contemplates that any algorithm that finds the minimum of the cost function can be used. LR classifiers are known in the art and are therefore not described in further detail herein. [0064] An Naïve Bayes’ (NB) classifier is a supervised classification model that is based on Bayes’ Theorem, which assumes independence among features (i.e., the presence of one feature in a class is unrelated to the presence of any other features). NB classifiers are trained with a data set by computing the conditional probability distribution of each feature given a label and applying Bayes’ Theorem to compute the conditional probability distribution of a label given an observation. NB classifiers are known in the art and are therefore not described in further detail herein. Attorney Docket No.10046-486WO1 7971 TAN [0065] A k-NN classifier is an unsupervised classification model that classifies new data points based on similarity measures (e.g., distance functions). The k-NN classifiers are trained with a data set (also referred to herein as a “dataset”) to maximize or minimize a measure of the k-NN classifier’s performance during training. This disclosure contemplates any algorithm that finds the maximum or minimum. The k-NN classifiers are known in the art and are therefore not described in further detail herein. [0066] A majority voting ensemble is a meta-classifier that combines a plurality of machine learning classifiers for classification via majority voting. In other words, the majority voting ensemble’s final prediction (e.g., class label) is the one predicted most frequently by the member classification models. The majority voting ensembles are known in the art and are therefore not described in further detail herein. [0067] Example Method of Operating the Homomorphically Encrypted (HE) Controller [0068] Fig.2A shows an example method of generating and operating the homomorphically encrypted (HE) controller 102, e.g., of Fig.1A, in accordance with an illustrative embodiment. [0069] Controller Setup. In the example of Fig.2A, in an initials setup operation 210, the edge device or local control system 106 (shown as “Edge System” 202) is configured to operate with a client setup service, e.g., executing set-up cloud infrastructure or remote server 112, (shown as 204) to generate, from a source model 114 (shown as “Proprietary Model 203”), components of the homomorphically encrypted (HE) controller 102. Client setup service 204 may perform a two-step process to linearize (212) the model 203 (which is original unencrypted and accessible only to the owner of the model) to generate a state-transition matrix from the linearization operation. The client setup service 204 then may quantize the real-number components of the state-transition matrix as integer numbers. A linearized model, e.g., based on subspace identification, Carleman linearization, and Koopman linearization, among others disclosed herein, can take the form of Equation Set #1. χ ^{(t + 1) = Aχ(t) + Bφ(t)} y _{(t) = Cχ(t) + Dφ(t)} χ(0) = χ _^ (Eq. Set 1) [0070] In Equation Set #1, the terms A, B, C, and D are pre-defined vectors or matrices that can be encrypted (213) by the client setup service 204. In the example shown in Fig.2A, the Attorney Docket No.10046-486WO1 7971 TAN encryption key 205 may be provided to the edge device 202 to provide to the client setup service 204. In other embodiments, the client setup service 204 may generate the encryption key 205 (not shown). To determine the vectors or matrices A, B, C, and D for encryption, the client setup service 204 may generate a similarity transformation matrix T such that ^^(t) = The resulting transformed system can be expressed per Equation set 2. ^^(0) = Tχ _^ (Eq. Set 2) [0071] The client setup service 204 may formulate for an observable pair ( ^^, ^^), a close-loop matrix ^^( ^^ − ^^ ^^) ^^ ^{ି^} as having only integer values by adjusting the gain matrix L, e.g., using the pole placement method, to place the closed-loop poles in the complex domain and force the closed-loop matrix elements of Eq. Set #2 to be integer values in an equivalent system shown in Equation set #3. This conversion effectively separates the integer part and the non-integer part using the ^^(0) = Tχ _^ (Eq. Set 3) [0072] From Eq. Set 3, the client setup service 204 can generate a quantized control system, which can be expressed as Eq. Set #4. (Eq. Set 4) _{[0073] In Equation Set #4, vectors and matrices ^ത^(t), ^ത^^(t), ^̅^, ^} ^ത _{^ , ^̅^, ^} ^ഥ _{^, and ^} ^ത _{^ are adjusted} to the nearest integer-valued vectors and matrices. The precision loss in implementing the system of Eq. Set #4 can be reduced by adjusting the scaling factors s0, s1, and s2. Attorney Docket No.10046-486WO1 7971 TAN [0074] Fig.3A shows a summary of a generalized homomorphically encryptable model generation process as described above. [0075] The client setup service 204 may perform the encryption of plaintext m comprising the matrix, vector, or parameter of Eq. Set 4 as a ciphertext matrix m per Equation 5. The mod q may employ 64 bits, 128 bits, 192 bits, 256 bits, 512 bits, among others. where b ← (-a ⋅ sk + l ⋅ m + e) mod q (Eq.5) [0076] As used herein, boldface fonts in connection with variables denote an encrypted data object such that m:= Encrypt(m) is the ciphertext for the plaintext m. A superscript with square brackets defines the p-th Kronecker power of x ∈ ℝ ^{^} such that x ^[p] := x⊗x ^[p-1] ∈ ℝ ^{^} . The Kronecker product is denoted with ⊗. [0077] Client setup service 204 may then send (216) the encrypted vectors or matrices: _{encrypted( ^̅^), encrypted( ^} ^ത _{^), encrypted( ^̅^), encrypted( ^} ^ഥ _{^), encrypted (state parameter ^} ^ത _{^) to a} cloud setup service 206 (e.g., executing on the set-up cloud infrastructure or remote server 112a). The cloud setup service 206 can receive the encrypted vectors and matrix components of the encrypted control model (e.g., 104) to assemble an encrypted production model and then provide to the cloud runtime service 208 (e.g., executing on a cloud infrastructure hardware or a remote server). Attorney Docket No.10046-486WO1 7971 TAN [0078] In some embodiments, the client setup service 204 may assemble the production encrypted model and then provide the encrypted production model to the cloud infrastructure hardware or a remote server for runtime execution. [0079] Indeed, the homomorphically encrypted controller 102, once generated by the client setup service 204, is configured to maintain the assembled production encrypted model _{comprising the encrypted vectors or matrices ^̅^, ^} ^ത _{^ , ^̅^, and ^} ^ഥ _{^, encrypted state parameter ^} ^ത _{^, and} encrypted state χ in encrypted form during run-time operation in a public key cryptographic framework. That is, every control operation performed would employ the same encryption key comprising the public key, while the model owner (e.g., in control of the local device 106) is the sole entity holding the decryption key comprising the private key. [0080] Runtime Operation. During runtime operation 222, the edge system 202 can receive (224) sensor measurements from sensors 118 (shown as “Sensor or Database” 214), encrypt (226) the sensor reading, e.g., using the same encryption operation as those used to generate the _{encrypted vectors or matrices ^̅^, ^} ^ത _{^ , ^̅^, and ^} ^ഥ _{^, encrypted state parameter ^} ^ത _{^, and transmit (228) the} encrypted input to the cloud runtime service 208 to perform (230) the homomorphic-encrypted control operation. Cloud runtime service 208 can execute the homomorphic encryption operation using homomorphically encrypted model of Eq.6 (derived from Eq. Set #4). ^ ^{^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ = enc(Aഥ) ∗^ enc൫ ^̅^( ^^)൯+^ enc( ^ത^) ∗^ enc൫ ^ത^( ^^)( ^^)൯+^} e _{nc(Lത) ∗^ [enc(Cത) ∗^ enc൫ ^̅^( ^^)൯+^ enc( ^ഥ^) ∗^ enc൫ ^ത^( ^^)( ^^)൯]} (Eq. 6) ^{[0081] In Equation 6, enc൫ ^̅^( ^^)൯ is the encrypted control output of the prior time step,} _{enc൫ ^ത^( ^^)( ^^)൯ is the encrypted input, and enc(Aഥ), enc( ^ത^), enc(Cത), enc( ^ഥ^), and enc(Lത) are stored ciphertext of ^̅^, ^} ^ത _{^ , ^̅^, ^} ^ഥ _{^, and ^} ^ത _^. [0082] The operator ∗ _^ indicates a binary multiplication operation in the ciphertext space in ^{which enc(m1) ∗^ enc(m2) can be determined as a binary multiply operation between ciphertext} _{enc(m1) and ciphertext enc(m2). In Equation 6, 5 ciphertext binary multiplication operations can} be performed. [0083] The operator + _^ indicates a homomorphic addition operation in the ciphertext space, which can be performed using Equation 7. Attorney Docket No.10046-486WO1 7971 TAN enc(m ₁ ) + _c enc(m ₂ ) = [-(a ₁ +a ₂ )⋅sk + l(m ₁ +m ₂ ) + (e ₁ +e ₂ )] (Eq. 7) [0084] In Equation 6, matrix a ₁ and a ₂ are each a random matrix ^^ ^^ that is sampled from a uniform distribution over L is a power, e.g., or 2 or 10, etc.; the secret key sk is the public key, and vectors e ₁ and e ₂ are each injected error that is defined as a modulus of random number. The error vector appears only during the encryption operation to make the encryption scheme secure and is eliminated during decryption. In Equation 6, 3 ciphertext binary addition operations can be performed. [0085] The cloud runtime service 208 can then transmit (232) the encrypted control command to the edge device 202, which can decrypt (234) the decrypted (236) the encrypted control command using its private key. The decrypted control command can then be used to perform action via the actuator 120 to the controllable device 132. [0086] In some embodiments, the model may be provided by a secured third-party entity 201. Fig. 2B shows an example method of generating and operating the homomorphically encrypted (HE) controller 102, e.g., of Fig.1A, in accordance with an illustrative embodiment. In Fig. 2B, a third-party entity 201 is configured to perform the two-step process to linearize (212) the model 203’ that resides at the third-party entity 201 to generate a state-transition matrix from the linearization operation. The third-party entity 201 can receive an encryption key 205 (e.g., public key) from the client setup service 204 along with instructions to perform the operation 212, 213. In some embodiments, the instructions may be a library file or an executable file. The third-party entity 201 can then send (216) the encrypted vectors or matrices: _{encrypted( ^̅^), encrypted( ^} ^ത _{^), encrypted( ^̅^), encrypted( ^} ^ഥ _{^), encrypted (state parameter ^} ^ത _{^) to a} cloud setup service 206 to provide to a cloud runtime service, e.g., as described in relation to Fig. 2A. In Fig. 2B, the original proprietary model 203’ is maintained solely at the third-party entity 201 and only encrypted parts of the model are provided to runtime service 208. [0087] Additional examples of homomorphic encryption have been shown in [9] and [32] for integer-values state matrix. The integer values can only be used that would, otherwise, cause the accumulation of rounding errors during the recursive multiplication performed in the homomorphic addition operation and the homomorphic multiplication operation involving the state matrix. The homomorphically encrypted (HE) controller 102 results from a further determination and experimental validation that non-linear models can be linearized to produce Attorney Docket No.10046-486WO1 7971 TAN non-integer state matrices to which the non-integers values of the matrices can be quantized to a nearest integer value to generate integer values state matrix that preserve such homomorphically stable operations. [0088] For every iteration step, the cumulative scaling factor for each equation remains the same, with the factor of s ₀ s ₁ for the first equation of Eq. Set 4, and s ₀ s ₁ s ₂ for the second equation of Eq. Set 4. This implies that if the plaintext remains in the correct encryption range of the chosen HE scheme, the decrypted value can be generated correctly up to known encryption errors. Such encryption errors can be further suppressed [9] by introducing an additional scaling factor. [0089] The output ^ത^( ^^) may be decrypted at the plant for every time step for local uses and then transmitted back to the controller ^ത^ _^ ( ^^) after re-scaling with s ₁ and s ₂ . In this way, the plant would not have to decrypt and encrypt against the ciphertext of the internal state, saving computations at the plant side when ^^ ^^ ^^( ^^) > ^^ ^^ ^^ ( ^ത^). [0090] Example Linearization Operation [0091] Examples of linearized models are shown in Table 1 for a subspace identification model, a Koopman linearized model, and a Carleman bi-linearized model, respectively. Table 1 [0092] Subspace identification (SID) linearization operation for Homomorphic Encryption _{can be defined based on parameters ^} ^{^} _{^, ^} ^{^} _{^ , ^} ^{^} _{^, and ^} ^{^} _{^ and the system state ^^^( ^^) via Equation set #8.} Attorney Docket No.10046-486WO1 7971 TAN ^ _^ ⁽ _^^ ⁾ _{= ^} ^{^} _{^ ^^^} ⁽ _^^ ⁾ _{+ ^} ^{^} _{^ ^^} ⁽ _^^ ⁾ ^^^(0) = ^^^(0) (Eq. Set 8) [0093] In Equation Set 8, the term ^^( ^^) denotes a vector of monomials of the input ^^( ^^). [0094] Subspace identification identifies a linear time-invariant (LTI) state-space model from input-output data without the user parameterizing the system matrices before solving a parametric optimization problem. To this end, SID methods is less affected by problems related to local minima that can lead to unsatisfactory identification results. [0095] The LTI system stores Markov parameters into a finite-dimensional Hankel matrix and derives from this matrix an (A, B, C) realization of the LTI system. When the Hankel matrix is properly dimensioned versus the order of the LTI system, the rank of the Hankel matrix is the order of the LTI system, and the single-value decomposition (SVD) of the Hankel matrix can provide a basis for the column space observability matrix and row space of the controllability matrix of the LTI system. Knowledge of the key spaces can be used to estimate the system matrices via linear least squares. [0096] For k >> n, Equation set 9 shows the block Hankel matrices ^^ _^|^ି^ and ^^ _^|^ି^ for the input and output data ^^ _^ and ^^ _^ ^ᇱ ା _^ (Equation set 10) as an extension of the standard observability matrix (Equation 11) having the estimated state trajectories of some future times. Attorney Docket No.10046-486WO1 7971 TAN [0097] The block Toeplitz matrix may be defined per Equation 12. (Eq. 12) [0098] The first step may be to find the LQ decomposition per Equation 13 in which LQ decomposition is the orthogonal decomposition of a matrix into lower trapezoidal matrices. (Eq. 13) [0099] In Equation Set 13, from Eq.3, ^^ _^ = ^^ _^|^ି^ from Eq.3, and ^^ _^ = ^^ _^|ଶ^ି^ . Under mild assumptions on the rank of the matrices in Eq. ^{13 and the subspace they span, Eq. 14 can be expressed per Eq. 14.} Y _{^ = ^^^ ^^^ + Π^ ^^^} (Eq. 14) [0100] The direct sum argument then provides Equation 15a and their singulation value decomposition in Equation 15b. [0101] The estimated state trajectories ^^ _^ can be determined per Equation 16. (Eq. 16) Attorney Docket No.10046-486WO1 7971 TAN [0102] Finally, with the input-output data and the shifted estimated state trajectory determined per Equation 17, the least-squares problem can be solved per Equation 18. (Eq. 18) [0103] In Equation 18, the term [0104] Fig.3B shows a summary of a SID homomorphically encryptable model generation process as described above, which is based on the N4SID method, e.g., described in [21]. Other SID-based operations or techniques may be employed. [0105] Koopman Linearization (KL) for Homomorphic Encryption. The Koopman operator framework is a global linearization method that employs the state lifting technique and statistical parameter estimation techniques such as the least squares. The framework was shown to be successful in many applications in control literature [22], [23]. It was recently extended to obtain an actuated LTI system in [24]. The method combines the dynamic mode decomposition with control (DMDc) [25] and the extended dynamic mode decomposition (EDMD) [26] by first considering the extended state-space formed by the state-actuation product followed with restricted structures on the lifting functions for the extended state-space. [0106] The dynamics can be expressed as Equation Set 19. (Eq. Set 19) [0107] ^^( ^^) is the extended state at time t and F(·) is a nonlinear recurrence map. Attorney Docket No.10046-486WO1 7971 TAN [0108] Let the vector of N nonlinear scalar observables ^^ _^ :ℝ ^{^} ^ ℝ , for i = 1, 2, …, N, be denoted with ^^ = [ ^^ _^ ( ^^) ^^ _^ ( ^^) ⋯ and let the map ℒ: ℝ ^{^} ^ ℝ ^{^} be linear in u. The vector-valued lifting function ^^ ∈ ℝ ^ேഝ can be defined as the finite approximation of the infinite-dimensional Koopman operator such that ℳ satisfies the following linear dynamics in the lifted extended state per Equation 19a. (Eq.19a) [0109] The linear operator ℳ ∈ ℝ ^{ேഝ௫ேഝ} can be defined as the finite approximation of the infinite-dimensional Koopman operator such that ℳ satisfies the following linear dynamics in the lifted extended state: ℳ ^^( ^^) = ^^( ^^( ^^)). [0110] The operator ℳ can then be solved numerically as a least-squares problem per ^{Equation set 20.} m _{ℳin ‖ ^^ − ^^X‖ி (Eq. set 20)} [0111] The Koopman LTI system parameters ^^ _^ and ^^ _^ (the subscript k for Koopman) can be extracted from the first N rows of per Equation 21. (Eq. 21) [0112] In Equation 21, the term may be combined with an output equation to form the Koopman LTI dynamics in Equation Set # 22 to approximate Equation Set #19. ^^(0) = ^^ _^ (Eq. Set 22) [0113] Although the numerical algorithm originally presented in [24] and reproduced above is simple and completely data-driven, it does not guarantee the stability of the state matrix ^^ _^ by Attorney Docket No.10046-486WO1 7971 TAN itself. There exist several attempts in the literature to remedy this issue [27], [28]. A recent study [29] further claims that the core optimization problems of SID and DMD are equivalent. [0114] Fig.3C shows a summary of a Koopman-linearized homomorphically encryptable model generation process as described above. [0115] Carleman Linearization (CL) for Homomorphic Encryption. Carleman linearization can be used to convert a function composition into matrix multiplication. The new system can be made up of a state linear, a control linear (for linearization) matrix generated from a bilinear matrix (for bilinearization) in the state space format. [0116] Carleman bi-linearization (CB): Suppose the system of Equation Set 23 admits a power series expansion, shown as Equation Set 24, within an approximate radius of convergence. ^ _^ ⁽ ₀ ⁾ _{= ^^^} (Eq. Set 24) [0117] In Equation Sets #23 and 24, for ^^( ^^) ∈ ℝ ^{^} , ^^( ^^) ∈ ℝ ^{^} , ^^( ^^) ∈ ℝ ^௪ and coefficient vectors ai, bjk, ci, and djk with appropriate dimensions, an embedding or feature mapping from ^{x(t) and u(t) can be found in higher dimensional vectors. For instance, let ^^( ^^) =} _{[1 ⋯]⊺ be an infinite dimensional vector embedding the powers of x(t).} Similarly, let ^^( ^^) be an infinite dimensional vector embedding the Kronecker products of Kronecker powers of ^^( ^^) and ^^( ^^), where each entry of ^^( ^^) can be represented with terms of the sequence for ^^ ∈ ℕ ∪ ^0^ and ^^ ∈ ℕ in the ascending order of l, e.g., per Equation 25. ^ _^ ⁽ _^^ ⁾ ₌ ^[ _{^^( ^^) ^^( ^^) ^ ^^( ^^) ^^} ^[ଶ] _{( ^^)} (Eq. 25) Attorney Docket No.10046-486WO1 7971 TAN [0118] Such embedding is also prevalent in ML as kernel operation and has been shown to find a global linear approximation of nonlinear functions [30] in control literature. [0119] Equation Set # 24 may be transformed into an infinite-dimensional bi-linear system shown as Equation Set #25. ^^( ^^ + 1) = ^^ ^^( ^^) + ℬ ^^( ^^) ^ _^ ⁽ _^^ ⁾ _{= ^^ ^^} ⁽ _^^ ⁾ _{+ ^^ ^^} ⁽ _^^ ⁾ ^^(0) = ^^ _^ (Eq. Set 26) [0120] In Equation Set 26, the term infinite dimensional matrices ^^, ℬ, ^^, ^^ can be constructed by matching the two systems (Equation Set 24) and (Equation Set 26). One can _{exactly recover the original state x(t) by indexing in ^^} ⁽ _^^ ⁾ _. [0121] Since an infinite-dimensional system (Equation Set 26) is not computationally feasible, a finite approximation of it can be first determined. One choice of truncation is a p-th _{order truncation of ^^} ⁽ _^^ ⁾ _{such that ^^^} ⁽ _^^ ⁾ ₌ ^[ _{1 where} ^^ ^{^} . Likewise, let ^^ _^ ( ^^) be a p-th order finite truncation of (Equation 25) with each entry being terms of the sequence for ^^ ∈ ℕ ∪ ^{^} 0 ^{^} and ^^ ∈ ℕ in the ascending order of l up to p-th power monomials as the last few entries, e.g., per Equation 27. ^ _^ ⁽ _^^ ⁾ _{= ^^^ ^^^} ⁽ _^^ ⁾ _{+ ^^^ ^^^} ⁽ _^^ ⁾ ^ _^^ ⁽ ₀ ⁾ _{= ^^^,^} (Eq. Set 27) [0122] In Equation Set 27, matrices ^^ _^ , ℬ _^ , ^^ _^ , ^^ _^ can be found by observing the p-th Kronecker product terms of ^^( ^^) and ^^ _^ ( ^^). Bilinear systems (Equation Set 26) and (Equation Set 27) are not yet in the appropriate form for implementing over HE for infinite time horizon using techniques shown in [9] because of the additional recurrence terms implicit in the product ℬ ^^( ^^) and ℬ _^ ^^ _^ ( ^^), respectively. [0123] Carleman linearization (CL): To run the dynamics over HE for an infinite time horizon, the surrogate LTI system of the state may be determined per Equation Set #28. ^^( ^^) = ^^ _^ ^^ _^ ( ^^; ^^) + ^^ _ஐ ^^ _^ ( ^^) Attorney Docket No.10046-486WO1 7971 TAN (Eq. Set 28) ^{[0124] In Equation Set 28, ^^} _^ ^{( ^^) = [} _{^^( ^^) ^^} ^[ଶ] _{( ^^) ⋯ ^^} ^[୯] _{( ^^)} ^{]⊺ is a vector of powers of} ^^( ^^). Constant matrices ∈ ℝ ^{௪^^} can linearly parameterize ^^ _^ ( ^^). [0125] A candidate matrix Ω in and ^^ _ஐ for a system (Eq. Set 28) can be assumed to satisfy the approximation shown in Equation 29. ^ _^^ ⁽ _{^^ + 1} ⁾ _{≈ ^^^} ⁽ _{^^ + 1; ^^} ⁾ (Eq. 29) [0126] It is desired that the state-to-state matrix A obtained from Carleman embedding is fixed. To obtain the unknown matrix ℬ _ஐ , a variation of the DMDc method can be performed, e.g., as described below. By rearranging (Equation 29), the approximation can be expressed as Equation 30. (Eq. 30) [0127] Then, as trajectories ^^ _^ ⁽ ^^ ⁾ are simulated, snapshot matrices Ω _୮ and Θ can be constructed, as shown in Equation Set 31. (Eq. Set 31) [0128] Using Equation 30, a relationship can be defined between the snapshot matrix Ω _^ and the solution matrix where Ω _^ ≈ ℬ _ஐ Θ. As a result, the solution matrix can be determined per Equation 32. (Eq. 32) [0129] The solution matrix can also be determined by solving the norm minimization ^{problem, per Equation 33, when the problem is under-determined.} (Eq. 33) Attorney Docket No.10046-486WO1 7971 TAN [0130] Fig.3D shows a summary of a Carleman-linearized homomorphically encryptable model generation process as described above. [0131] The constructed state matrix of the Carleman Linearization can be considered stable when the original nonlinear dynamics have a stable Jacobian. That is, per [31], if the Jacobian matrix of (the first equation of Equation Set #23) is stable, then the matrix A _c of Equation Set #27 and Equation Set #28 can be considered stable for any truncation order p. [0132] Both the Koopman Linearization and Carleman Linearization can be considered to be similar in that they can each approximate (in the least squares sense) the propagation of the state dynamics with LTI parameters and by limiting the vector of lifting functions to be finite- dimensional and linear in the input. In Carleman Linearization, however, the knowledge of original dynamics assists in constructing the state matrix and in inferring its stability. [0133] Example System #2 and #3 [0134] Figs. 1B and 1C each shows a system 100 (shown as 100b and 100c, respectively) comprising the homomorphically encrypted (HE) controller 102 of Fig.1 implemented in a local controller 106 (shown as 106b and 106c, respectively). [0135] In the example shown in Fig.1B, the local controller 106b includes a HE controller setup client 115 (shown as 115b) configured to operate with a set-up cloud infrastructure or remote server 112 (shown still as 112a), which serves as infrastructure to be used for generating the controller, configured to receive a source model 114 and trajectory data 116, e.g., a model owner. The set-up cloud infrastructure or remote server 112a may receive the source model 114, or a portion of the model, from the client application 115b over a network 108. [0136] The setup cloud infrastructure or remote server 112a, as described in relation to Fig. 1A, includes the data store 118, the linearization and quantization module 120, the encryption module 122 (shown as “Homomorphic Encryption” module 122), to generate the homomorphically encrypted control model 104 (shown as 104b) that can be stored in another data store or data store 124. The set-up cloud infrastructure or remote server 112a can then provide the homomorphically encrypted control model 104a to the homomorphically encrypted controller 102 over the network 108 to execute during run-time production operation, e.g., with the edge device or local control system 106b. In other embodiments, the model can be provided over other means, such as over a direct connection or as a file stored in a memory device that is coupled to the edge device or local control system 106b. Attorney Docket No.10046-486WO1 7971 TAN [0137] In the example shown in Fig. 1C, the local controller 106c does not include a HE controller setup client. Rather, the set-up cloud infrastructure or remote server 112 (shown as 112b) includes a user interface to receive the source model 114 and trajectory data 116, e.g., a model owner. The set-up cloud infrastructure or remote server 112 can generate the homomorphically encrypted control model 104 (shown as 104c) and provide the model 104c over a network 108 to the edge device or local control system 106c. In other embodiments, the model can be provided over other means, such as over a direct connection or as a file stored in a memory device that is coupled to the edge device or local control system 106c. [0138] The setup cloud infrastructure or remote server 112a, as described in relation to Fig. 1A, includes the data store 118, the linearization and quantization module 120, the encryption module 122 (shown as “Homomorphic Encryption” module 122) to generate the homomorphically encrypted control model 104 (shown as 104b or 104c) that can be stored in another data store or data store 124. The set-up cloud infrastructure or remote server 112a can then provide the homomorphically encrypted control model 104a to the homomorphically encrypted controller 102 over the network 108 to execute during run-time production operation, e.g., with the edge device or local control system 106b. [0139] During runtime operation (for the system of Figs.1B or 1C), the local controller (106b or 106c) is configured to acquire sensor measurements from the sensor 128 and encrypt, via the encryption module, the acquired sensor measurements as an encrypted sensor data and provide the sensor data to the homomorphically encrypted control model (104b or 104c) to generate an encrypted output. The homomorphically encrypted controller decrypts the encrypted output to generate a control output that can be used to drive the actuator 130 to regulate or control the equipment or process 132. [0140] Fig.2A also shows an example process for the system of Figs. 1B or 1C. [0141] Example System #4 [0142] Figs.1D shows a system 100 (shown as 100d) comprising the homomorphically encrypted (HE) controller 102 and a set-up client 115 (shown as 115c) implemented in a local controller 106 (shown as 106d). [0143] In the example shown in Fig. 1D, the setup client 115c includes the components of the server of Fig.1A, including, e.g., the data store 118, the linearization and quantization Attorney Docket No.10046-486WO1 7971 TAN module 120, the encryption module 122 to locally generate the homomorphically encrypted control model 104 (shown as 104d). [0144] During runtime operation, the local controller 106d is configured to acquire sensor measurements from the sensor 128 and encrypt, via the encryption module, the acquired sensor measurements as encrypted sensor data and provide the sensor data to the homomorphically encrypted control model 104d to generate an encrypted output. The homomorphically encrypted controller decrypts the encrypted output to generate a control output that can be used to drive the actuator 130 to regulate or control the equipment or process 132. [0145] Experimental Results and Additional Examples [0146] A study was conducted that evaluated a homomorphically encrypted model 104 comprising a recurrent neural network (RNN). RNN is a DNN-based controller that can be trained to solve highly complex tasks. One rising concern for such ML-based controller is its high dependency on data and tuned models, which may compromise privacy. In the example of the study, a model comprising an Elman-type RNN [35]; the RNN can be expressed per Equation Set # 34. ℎ( ^^ + 1) = tanh ( ^^ _^^ ℎ( ^^) + ^^ _^ௗ ^^( ^^) + ^^ _^^ + ^^ _^ௗ ) ^^( ^^) = ^^ _௬^ ℎ(t) + b _௬^ (Eq. Set 34) [0147] In Equation Set 34, h(t), d(t), and y(t) are the hidden state, input, and output of the RNN, respectively. The network weights and biases ^^ _^^ , ^^ _^ௗ , ^^ _^^ , ^^ _^ௗ , ^^ _௬^ , and b _௬^ are pre- trained. In the study, the number of hidden layers is set 2 to illustrate an example model with dynamics of dimension 2, and the RNN is configured to predict a value of a sine wave sin(t) given the value at sin(t − 1). To convert the RNN model to a homomorphic encryption- compatible LTI set of equations, Equation Set #34 is first represented as finite polynomial terms of a Taylor series, as shown in Equation Set #35, with the highest order of choice (order of 5 is chosen). ^^( ^^) = ^^ _௬^ ℎ(t) + b _௬^ (Eq. Set 35) Attorney Docket No.10046-486WO1 7971 TAN ^{[0148] In this example, the pre-trained matrices are set as: ^^} _^^ ^{= ^ 1.183 0.174} − _{2.161 −0.433} ^{^, 1.003]், ^^^^ = [−0.338 −0.01]், ^^^ௗ = [0.34 −0.006]், ^^௬^ =} _{[2.1 1.48], and b௬^ = [0.014].} [0149] To obtain the LTI systems and quantized resultant using the Carleman Linearization operation and the Koopman Linearization operation, a polynomial-basis lifting operation can be performed with p=2, p=3, and p=4 as shown in Equation 36. ^ _^ ⁽ _t ⁾ ₌ ^[ _{1 ℎ( ^^) ℎ} ^[ଶ] _{( ^^) …} (Eq. 36) [0150] For subspace identification, the dimension of the estimated state can be same as that for KL and CL. [0151] Figs. 4A-4D show experimental results for a neural network-based homomorphically encrypted model. Specifically, Fig.4A shows the operation of an RNN-based sine-wave predictor (p = 4) and its output predictive trajectories for a trained time window. For the evaluation, since the input and output values are periodic, the input values d(t) was corrupted with a small noise for the test time window. [0152] Fig.4B shows the RNN-based sine-wave predictor (p = 3) quantized trajectories for the trained time window. Fig.4C shows performance degradation in CB, CL, and quantized CL (p = 4) for RNN-based sine-wave predictor Fig.4D shows the RNN-based sine-wave predictor trajectories for the last 300 seconds of the test time window. [0153] It can be observed, from the accompanying MMSE values, that the LTI model generated by KL fitted the ground truth the closest to the trained time window. Perhaps it was because KL does utilize the state data (compared to SID) while the state matrix is not prescribed (compared to CL). [0154] Fig 4C shows further advantages of accurately modeling the internal state trajectory. It can be observed that both the KL and CL LTI models can track the ground truth even on noisy inputs due to having an accurate model of the internal state trajectory. SID likely deviated from the ground truth model as time passed, in this example, because it was not supplied with sufficient state trajectory data. Attorney Docket No.10046-486WO1 7971 TAN [0155] Example Non-Linear Dynamic Control System. Fig. 5 shows an example encrypted nonlinear dynamic control considered for the study. The study considered the discrete-time forced autonomous system as shown in Equation System #23 (reproduced below). ^^( ^^ + 1) = ^^൫ ^^(t), ^^(t)൯ ^ _^ ⁽ _^^ ⁾ _{= ℎ( ^^} ⁽ _^^ ⁾ _{, ^^} ⁽ _^^ ⁾ ₎ ^^(0) = ^^ _^ (Eq. Set 23, reproduced) [0156] In Equation Set 23, f and h are analytic maps that propagate the state x(t) ∈ ℝ ^ே and the actuation u(t) to the next state x(t + 1) and the output y(t), respectively. [0157] Depending on the context, Equation Set #23 can serve as either a nonlinear plant- sensor dynamics or a nonlinear dynamic controller (controller with memory) in which ^^(t) is the controller state, and ^^( ^^) is the controller output with ^^( ^^) denoting the plant output. [0158] In the study, Equation Set #23 was run over a homomorphically encrypted framework in a distributed network setting while ensuring confidentiality by semantic security [5] for all entities involved. Fig.5 shows the HE-secured network control diagram 500. Diagram 504 illustrates the nonlinear dynamic controller in an unencrypted form, which was converted to an encrypted nonlinear dynamic controller 506. [0159] In Fig.5, the study considered a scenario in which a client (i.e., distributed sensors) collects encrypted measurements ^^ ⁽ ^^ ⁾ , and transmits to a server (i.e., edge or cloud) along with an encrypted initial-state ^^(0). The server has an encrypted proprietary-controller (f, h) with _{supplied ^^} ⁽ ₀ ⁾ _{and ^^} ⁽ _^^ ⁾ _{producing the encrypted control signal ^^} ⁽ _^^ ⁾ _{to be transmitted back to the} client for use after decryption. [0160] The server can represent a remote or distributed computing resources such as the remote cloud, edge processors, or even local (semi-trusted possessors). The server includes the model, program, or computing capabilities that can be represented by the encrypted dynamic controller. The term “dynamic” denotes to the continuous update of the information (with memory) which enriches the analysis capability of computing machine (for instance, video processing or speech recognition works much better with previously processed information). [0161] The study considered a scenario in which a client (e.g., distributed sensors) collects encrypted measurements u(t) and transmits, to a server (e.g., edge or cloud), said measurements along with an encrypted initial state x(0). The server employs an encrypted proprietary-controller Attorney Docket No.10046-486WO1 7971 TAN (f, h) with the provided encrypted initial state x(0) and encrypted measurements u(t) to generate the encrypted control signal y(t), which is then transmitted back to the client for use after decryption. [0162] Encrypting any nonlinear operation and recursive operation via homomorphic- encryption operation such as LWE, among others, can introduce ciphertext error that can grow per each arithmetic operation. This error growth can arise from the necessary plaintext encoding when rational numbers are converted to integers. To this end, a naive implementation of encrypting nonlinear operations has been largely prohibited in prior literature. [0163] The study implemented the homomorphic encryption (HE) controller prototype using a sequential method that can encrypt a nonlinear dynamic controller. The study first generated an approximation of the nonlinear dynamic controller using both the model and trajectory data as a linear-time-invariant (LTI) dynamic system with an integer state matrix. In the study, three linear system approximations and identification were employed: subspace identification (SID), Koopman linearization (KL), and Carleman linearization (CL). The study then applied homomorphic encryption (HE), using an LWE-based cryptosystem, to generate the HE controller, which can be employed to run for an infinite time horizon without bootstrapping. The study evaluated and analyzed the computation loads of the HE controller. The prototype was implemented in Matlab and Python. [0164] The two-step procedure faciliates an encrypted execution of nonlinear dynamic controllers for infinite time horizon without resorting to the bootstrapping operation [10] while ensuring confidentiality for both client data and the model. [0165] Problem Formulation. The study considered a discrete-time forced autonomous system per Equation Set #23. ^ _^ ⁽ _{^^ + 1} ⁾ _{= ^^൫ ^^} ⁽ _^^ ⁾ _{, ^^} ⁽ _^^ ⁾ _൯ ^^( ^^) = ℎ൫ ^^( ^^), ^^( ^^)൯ ^^(0) = ^^ _^ (Eq. Set 23, reproduced) [0166] In Equation Set #23, f and h are analytic maps that propagate the state x(t) ∈ ℝ ^{^} and the actuation u(t) to the next state x(t + 1) and the output y(t), respectively. [0167] Depending on the application, Equation Set #23 can model a nonlinear plant-sensor dynamics or a nonlinear dynamic controller (controller with memory) in which x(t) is the Attorney Docket No.10046-486WO1 7971 TAN controller state, and y(t) is the controller output with u(t) denoting the plant output. In the study, Equation 1 was viewed as a nonlinear dynamic controller, which can run in a distributed network configuration while ensuring confidentiality by semantic security [5] for all entities involved. [0168] Numerical SISO Example. The study also considered and presented herein numerical example illustration of the synthesis process for the nonlinear dynamic controller. Multi-step approximation processes are compared and analyzed in detail. [0169] In the example, a single-input and single-output (SISO) nonlinear dynamical system with a constant disturbance d and a constant error e having the model expressed per Equation Set # 37. ^ _^ ⁽ _^^ ⁾ _{= ^^ ^^} ⁽ _^^ ⁾ _{+ ^^} (Eq. Set 37) [0170] The inputs used for the system (Equation Set #37) were randomly sampled for all t ∈ [0, tf ] and the parameter set {x0 = 0, tf = 30000, α = 0.12, β = 0.20, c = 1.2, d = 0.3, e = −0.05} for simulation. [0171] For the LTI system identification, using CL or KL, the lifted state and input vector ^{can be determined as ^^(t) = [1 ^^( ^^) ^^ଶ( ^^) ^^ଷ( ^^)]் and ^^(t) =} _{[ ^^( ^^) ^^ଶ( ^^) ^^ଷ( ^^) ^^ସ( ^^) ^^ହ( ^^) ^^^( ^^)]். This setup corresponds to the lifted state} vector corresponding to the third-order truncation shown in Equation 30. For the comparison, the study fixed the order of the system to be identified as 4 for SID (MATLAB’s N4SID) and treated the lifted state and input vectors as the result of the lifting functions (Equation 19a) for KL. [0172] Fig.6A shows LTI system parameters obtained using SID, KL and CL. In Fig.6A, the notations of Table 1 are employed. Fig.6B shows an example of linearization and quantization operation for a Carleman-linearized LTI model. In Fig. 6B, the controllable canonical form (CCF) is given where z1−z4 are integer values that can be arbitrarily chosen by designing the gain matrix L. In the example, the resulting gain matrix L (Fig. 6B) was designed such that z1 = −1, z2 = 1, z3 = 1 and z4 = −1. Similar operations, as described herein, were performed for KL and SID. Attorney Docket No.10046-486WO1 7971 TAN [0173] To obtain the quantized matrices shown in Fig.6B (for CL), the study used two scaling factors s0 = 0.00001 and s1 = 0.00001. In the case where CCF is feasible, the study did not use the additional scaling factor s2, or s2 = 1, as the output matrix C is already integer-valued by construction. [0174] Figs. 6C and 6D show the simulated state and output trajectories, respectively, of the example system (Equation Set #37) corresponding to three methods of obtaining the LTI system for the trained time window [0, 30000] (Fig.6C) and for the test time window [30000, 90000] (Fig.6D). Fig.6C shows trajectories for a trained time window. The left plots show the initial 100 time steps. The right plots show the last 100 time steps. Fig.6D shows trajectories for a test time window. The left plots show the initial 100 time steps. The right plots show the last 100 time steps. [0175] It can be observed that the CL and KL replicate the state propagation of the ground truth dynamics, while SID does not. Likely, because KL and CL utilize more information about the ground truth dynamics than SID does. For example, KL utilizes snapshots of the state data on top of the input and the output that SID requires. CL can take advantage of the model known a priori in constructing the system parameters and lifting functions. [0176] Fig.6E shows quantized trajectories for a trained time window (last 100 time steps). Due to quantization effects involved in encryption and decryption operations, MMSE values are larger for trajectories of Fig.6E compared to those of Fig.6C. [0177] In the study, once system matrices and the state and input data are scaled and rounded to the nearest integer values (within the plaintext domain), they were encrypted. While any HE cryptosystem based on computational requirements may be employed, the study employed a variant of the Learning-with-errors (LWE)-based cryptosystem [33] and adopt the exposition detailed in [34]. The size of plaintext space and the security of LWE-based cryptosystem was adjusted by encryption parameters pLWE, LLWE, rLWE, and NLWE. For the fixed cryptosystem, higher security may come at the cost of increasing computational loads. [0178] Fig.6F shows an evaluated relationship between the encryption time and the security parameter for the encryption of the matrix ^̅^ as an example. The encrypted nonlinear dynamic control were carried out jointly by the server and its clients. A client was employed to supply the _{system-specific models in ciphertexts, for example, A = Encrypt( ^̅^), B = Encrypt( ^} ^ത _{^), C =} Encrypt( ^̅^), L = Encrypt( ^ ^ത ^) along with the encrypted input u(t) and output y(t), and the initial Attorney Docket No.10046-486WO1 7971 TAN state x(0) of the controller. The server then executed the encrypted update of the internal state of the dynamic controller and transmitted the encrypted control back to the client. [0179] It was observed that offline encryption of the system matrices took significantly longer than online encryption of the input and output. For instance, encrypting the input was 300 faster than encrypting the matrix ^̅^. Furthermore, about 99% of intensive online computation time was taken up by the server performing a large-scale homomorphic multiplications and additions and the remaining by the local client. Such distribution of loads is well aligned with practical scenarios where the local devices are computationally prohibitive compared to the central server. [0180] Fig.6G shows the quantized state of the CL controller and its output trajectories implemented over HE. Since the encrypted values are higher dimensional and incomprehensible, only the decrypted values are displayed after the entire run. For the demonstration purpose, the encryption module was set using the security parameters pLWE = 233, LLWE = 233, rLWE = 212 and NLWE = 210. The parameters were adjusted according to the desired security requirements. Because the scaling factors were sufficiently large, the behavior of the decrypted system trajectory obtained showed comparable performance to that of the quantized system. [0181] Discussion [0182] In many practical situations, the system dynamics may be either unknown or difficult to model, and often the observables may not include the full state of the system. Under such circumstances, a dynamic neural network (DNN) such as a recurrent neural network (RNN) can serve as a highly expressive nonlinear dynamic controller. Correspondingly, many businesses are now seeking to deploy machine learning (ML) inference on the edge computing devices [1]. Yet many opt in for pre-trained models from existing Infrastructure as a Service (IaaS) providers due to high cost of development and management for in-house models [2]. [0183] However, the complex interplay of private data and proprietary algorithms in such multi-party networked systems brings in ever more difficult security and privacy challenges [3], [4]. Encrypted control [5] using homomorphic encryption (HE) is a cryptographic solution that can conceal system parameters and data while leaving the computation results unharmed. When encrypted control is best practiced in the distributed network, clients can maintain the privacy of sensor data while the model providers can keep highly specialized and finely-tuned models and algorithms as trade secrets. Attorney Docket No.10046-486WO1 7971 TAN [0184] Every year new results and applications advance the field of encrypted control with some recent ones including, but not limited to, predictive control by encrypted distributed Lasso[6], secure two-party computation of max-out neural networks using garbled circuits [7], and encrypted gain scheduled controller for linear parameter varying systems [8]. In [9], the authors proposed a method of running linear time invariant (LTI) dynamic controller for infinite time horizon without reset of the sensor data. [0185] The concept of partially homomorphic encryption can be traced back to historically well-known cryptography algorithms such as RSA, El Gamal and Paillier, [11]. The inception of fully homomorphic encryption (FHE) has been credited to [10]. The field of encrypted control emerged as HE recently rose as a solution to the privacy issue in the networked control system. [0186] Earlier applications of HE included concealing a controller parameter or state in the linear static setting [12], [13], [14] or an interactive protocol enabling quadratic optimization [15]. Applications such as private MPC [16], [17], experimental verification on motion control [18], and encrypted reinforcement learning (RL) [19] then followed. [0187] The realization of full encryption of both the control parameter and data required the use of FHE. However, it was generally deemed too expensive computationally and conflicted with the real-time requirements in control applications. A system could periodically decrypt and re-encrypt the state x(t) to keep the error growth in check. However, this means either compromising the confidentiality requirement by giving the server the secret key for decryption or severely burdening the client with periodic decryption and encryption operations. Such fundamental difficulties in encrypted control were soon identified by many researchers and practitioners. [0188] Control-theoretic methods have been proposed in [9], [20] to suppress such error growth without relying on bootstrapping while restricted to an observable LTI system. In these works, the decrypted controller output could be injected as another external disturbance with the gain to the controller in which the gain could be selected to make the fictitious closed-loop state matrix includes only integer values (e.g., due to the pole placement theorem for the observable LTI system). [0189] In contrast, the exemplary HE controller can be generated, without bootstrapping, via a control-theoretic tool that apples HE on nonlinear dynamic controllers generated by (i) obtaining the best LTI representation of the given nonlinear dynamical controller and (ii) Attorney Docket No.10046-486WO1 7971 TAN applying a pole-placement like transformation to the system such that the fictitious closed-loop state-to-state matrix includes separate integer-valued matrices: one for integer matrix components and a second for non-integer matrix components. This reduced computational requirements facilitate the use of the exemplary HE controller in real-time operations. It has been observed that even in cases when the model is unknown, as long as an LTI model can be generated by simulation or experimentation, an HE controller as described herein, can be subsequently generated. [0190] Bootstrapping or periodic decryption can eliminate encryption-induced numerical errors that can accumulate during iterative ciphertext operations. Bootstrapping is known to be computationally expensive, while periodic decryption of states can be limited in scalability and not as secure as it would require either burdening the plant with decrypting the large internal memory state continuously or require granting the controller an access to decryption key. [0191] Example Computing System [0192] It should be appreciated that the logical operations described above for the homomorphically encrypted system can be implemented (1) as a sequence of computer- implemented acts or program modules running on a computing system and/or (2) as interconnected machine logic circuits or circuit modules within the computing system. The implementation is a matter of choice dependent on the performance and other requirements of the computing system. Accordingly, the logical operations described herein are referred to variously as state operations, acts, or modules. These operations, acts, and/or modules can be implemented in software, in firmware, in special purpose digital logic, in hardware, and any combination thereof. It should also be appreciated that more or fewer operations can be performed than shown in the figures and described herein. These operations can also be performed in a different order than those described herein. [0193] The computer system is capable of executing the software components described herein for the exemplary method or systems. In an embodiment, the computing device may comprise two or more computers in communication with each other that collaborate to perform a task. For example, but not by way of limitation, an application may be partitioned in such a way as to permit concurrent and/or parallel processing of the instructions of the application. Alternatively, the data processed by the application may be partitioned in such a way as to permit concurrent and/or parallel processing of different portions of a data set by the two or more Attorney Docket No.10046-486WO1 7971 TAN computers. In an embodiment, virtualization software may be employed by the computing device to provide the functionality of a number of servers that are not directly bound to the number of computers in the computing device. For example, virtualization software may provide twenty virtual servers on four physical computers. In an embodiment, the functionality disclosed above may be provided by executing the application and/or applications in a cloud computing environment. Cloud computing may comprise providing computing services via a network connection using dynamically scalable computing resources. Cloud computing may be supported, at least in part, by virtualization software. A cloud computing environment may be established by an enterprise and/or can be hired on an as-needed basis from a third-party provider. Some cloud computing environments may comprise cloud computing resources owned and operated by the enterprise as well as cloud computing resources hired and/or leased from a third-party provider. [0194] In its most basic configuration, a computing device includes at least one processing unit and system memory. Depending on the exact configuration and type of computing device, system memory may be volatile (such as random-access memory (RAM)), non-volatile (such as read-only memory (ROM), flash memory, etc.), or some combination of the two. [0195] The processing unit may be a standard programmable processor that performs arithmetic and logic operations necessary for the operation of the computing device. While only one processing unit is shown, multiple processors may be present. As used herein, processing unit and processor refers to a physical hardware device that executes encoded instructions for performing functions on inputs and creating outputs, including, for example, but not limited to, microprocessors (MCUs), microcontrollers, graphical processing units (GPUs), application- specific circuits (ASICs), and AI processors. Thus, while instructions may be discussed as executed by a processor, the instructions may be executed simultaneously, serially, or otherwise executed by one or multiple processors. The computing device may also include a bus or other communication mechanism for communicating information among various components of the computing device. [0196] Computing devices may have additional features/functionality. For example, the computing device may include additional storage such as removable storage and non-removable storage including, but not limited to, magnetic or optical disks or tapes. Computing devices may also contain network connection(s) that allow the device to communicate with other devices, Attorney Docket No.10046-486WO1 7971 TAN such as over the communication pathways described herein. The network connection(s) may take the form of modems, modem banks, Ethernet cards, universal serial bus (USB) interface cards, serial interfaces, token ring cards, fiber distributed data interface (FDDI) cards, wireless local area network (WLAN) cards, radio transceiver cards such as code division multiple access (CDMA), global system for mobile communications (GSM), long-term evolution (LTE), worldwide interoperability for microwave access (WiMAX), and/or other air interface protocol radio transceiver cards, and other well-known network devices. Computing devices may also have input device(s) such as keyboards, keypads, switches, dials, mice, trackballs, touch screens, voice recognizers, card readers, paper tape readers, or other well-known input devices. Output device(s) such as printers, video monitors, liquid crystal displays (LCDs), touch screen displays, displays, speakers, etc., may also be included. The additional devices may be connected to the bus in order to facilitate the communication of data among the components of the computing device. All these devices are well known in the art and need not be discussed at length here. [0197] The processing unit may be configured to execute program code encoded in tangible, computer-readable media. Tangible, computer-readable media refers to any media that is capable of providing data that causes the computing device (i.e., a machine) to operate in a particular fashion. Various computer-readable media may be utilized to provide instructions to the processing unit for execution. Example tangible, computer-readable media may include but is not limited to volatile media, non-volatile media, removable media, and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. System memory, removable storage, and non-removable storage are all examples of tangible computer storage media. Example tangible, computer-readable recording media include, but are not limited to, an integrated circuit (e.g., field-programmable gate array or application-specific IC), a hard disk, an optical disk, a magneto-optical disk, a floppy disk, a magnetic tape, a holographic storage medium, a solid-state device, RAM, ROM, electrically erasable program read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. [0198] In light of the above, it should be appreciated that many types of physical transformations take place in the computer architecture in order to store and execute the software Attorney Docket No.10046-486WO1 7971 TAN components presented herein. It also should be appreciated that the computer architecture may include other types of computing devices, including hand-held computers, embedded computer systems, personal digital assistants, and other types of computing devices known to those skilled in the art. [0199] In an example implementation, the processing unit may execute program code stored in the system memory. For example, the bus may carry data to the system memory, from which the processing unit receives and executes instructions. The data received by the system memory may optionally be stored on the removable storage or the non-removable storage before or after execution by the processing unit. [0200] It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, where appropriate, with a combination thereof. Thus, the methods and apparatuses of the presently disclosed subject matter, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium wherein, when the program code is loaded into and executed by a machine, such as a computing device, the machine becomes an apparatus for practicing the presently disclosed subject matter. In the case of program code execution on programmable computers, the computing device generally includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. One or more programs may implement or utilize the processes described in connection with the presently disclosed subject matter, e.g., through the use of an application programming interface (API), reusable controls, or the like. Such programs may be implemented in a high-level procedural or object-oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language, and it may be combined with hardware implementations. [0201] Although example embodiments of the present disclosure are explained in some instances in detail herein, it is to be understood that other embodiments are contemplated. Accordingly, it is not intended that the present disclosure be limited in its scope to the details of construction and arrangement of components set forth in the following description or illustrated Attorney Docket No.10046-486WO1 7971 TAN in the drawings. The present disclosure is capable of other embodiments and of being practiced or carried out in various ways. [0202] It must also be noted that, as used in the specification and the appended claims, the singular forms “a,” “an,” and “the” include plural referents unless the context clearly dictates otherwise. Ranges may be expressed herein as from “about” or “approximately” one particular value and/or to “about” or “approximately” another particular value. When such a range is expressed, other exemplary embodiments include from the one particular value and/or to the other particular value. [0203] By “comprising” or “containing” or “including,” it means that at least the name compound, element, particle, or method step is present in the composition or article or method, but does not exclude the presence of other compounds, materials, particles, method steps, even if the other such compounds, material, particles, method steps have the same function as what is named. [0204] In describing example embodiments, terminology will be resorted to for the sake of clarity. It is intended that each term contemplates its broadest meaning as understood by those skilled in the art and includes all technical equivalents that operate in a similar manner to accomplish a similar purpose. It is also to be understood that the mention of one or more steps of a method does not preclude the presence of additional method steps or intervening method steps between those steps expressly identified. Steps of a method may be performed in a different order than those described herein without departing from the scope of the present disclosure. Similarly, it is also to be understood that the mention of one or more components in a device or system does not preclude the presence of additional components or intervening components between those components expressly identified. [0205] The term “about,” as used herein, means approximately, in the region of, roughly, or around. When the term “about” is used in conjunction with a numerical range, it modifies that range by extending the boundaries above and below the numerical values set forth. In general, the term “about” is used herein to modify a numerical value above and below the stated value by a variance of 10%. In one aspect, the term “about” means plus or minus 10% of the numerical value of the number with which it is being used. Therefore, about 50% means in the range of 45%-55%. Numerical ranges recited herein by endpoints include all numbers and fractions subsumed within that range (e.g., 1 to 5 includes 1, 1.5, 2, 2.75, 3, 3.90, 4, 4.24, and 5). Attorney Docket No.10046-486WO1 7971 TAN [0206] Similarly, numerical ranges recited herein by endpoints include subranges subsumed within that range (e.g., 1 to 5 includes 1-1.5, 1.5-2, 2-2.75, 2.75-3, 3-3.90, 3.90-4, 4-4.24, 4.24-5, 2-5, 3-5, 1-4, and 2-4). It is also to be understood that all numbers and fractions thereof are presumed to be modified by the term “about.” [0207] The following patents, applications, and publications, as listed below and throughout this document, are hereby incorporated by reference in their entirety herein. [1] J. Jackson, S. Lin, and M. Savio, “The edge computing advantage,” report, IBM, 2021. [2] Algorithmia, “2021 enterprise trends in machine learning,” report, Algorithmia, Dec 2020. [3] T. Bittman, B. Gill, T. Zimmerman, T. Friedman, N. MacDonald, and K. Brown, “Predicts 2022: The distributed enterprise drives computing to the edge,” Oct 2021. [4] S. L. Garfinkel, “A peek at proprietary algorithms,” American scientist, vol.105, no.6, pp. 326–327, 2017. [5] M. Schulze Darup, A. B. Alexandru, D. E. Quevedo, and G. J. Pappas, “Encrypted control for networked systems: An illustrative introduction and current challenges,” IEEE Control Systems Magazine, vol.41, no.3, pp. 58–78, 2021. [6] A. B. Alexandru, A. Tsiamis, and G. J. Pappas, “Encrypted distributed lasso for sparse data predictive control,” in 202160th IEEE Conference on Decision and Control (CDC), pp.4901– 4906, 2021. [7] K. Tjell, N. Schl¨uter, P. Binfet, and M. S. Darup, “Secure learning-based mpc via garbled circuit,” in 202160th IEEE Conference on Decision and Control (CDC), pp.4907–4914, 2021. [8] K. Teranishi and K. Kogiso, “Encrypted gain scheduling with quantizers for stability guarantee,” in 202160th IEEE Conference on Decision and Control (CDC), pp.5628–5633, 2021. [9] J. Kim, H. Shim, and K. Han, “Dynamic controller that operates over homomorphically encrypted data for infinite time horizon,” IEEE Transactions on Automatic Control, pp.1–1, 2022. [10] C. Gentry, A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009. crypto.stanford.edu/craig. [11] X. Yi, R. Paulet, and E. Bertino, “Homomorphic encryption and applications,” in Springer Briefs in Computer Science, 2014. Attorney Docket No.10046-486WO1 7971 TAN [12] K. Kogiso and T. Fujita, “Cyber-security enhancement of networked control systems using homomorphic encryption,” 201554th IEEE Conference on Decision and Control (CDC), pp. 6836–6843, 2015. [13] F. Farokhi, I. Shames, and N. Batterham, “Secure and private cloud-based control using semi-homomorphic encryption,” IFACPapersOnLine, vol.49, no.22, pp. 163 – 168, 2016. [14] J. Kim, C. Lee, H. Shim, J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Encrypting controller using fully homomorphic encryption for security of cyber-physical systems,” IFAC- PapersOnLine, vol. 49, no.22, pp.175 – 180, 2016. [15] A. B. Alexandru, K. Gatsis, and G. J. Pappas, “Privacy preserving cloud-based quadratic optimization,” in 55th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2017, Monticello, IL, USA, October 3-6, 2017, pp. 1168–1175, IEEE, 2017. [16] M. Schulze Darup, A. Redder, I. Shames, F. Farokhi, and D. Quevedo, “Towards encrypted MPC for linear constrained systems,” IEEE Control Systems Letters, vol.2, no.2, pp. 195–200, 2018. [17] A. B. Alexandru, M. Morari, and G. J. Pappas, “Cloud-based MPC with encrypted data,” in 2018 IEEE Conference on Decision and Control (CDC), pp. 5014–5019, 2018. [18] K. Teranishi, M. Kusaka, N. Shimada, J. Ueda, and K. Kogiso, “Secure observer-based motion control based on controller encryption,” in 2019 American Control Conference (ACC), pp. 2978–2983, 2019. [19] J. Suh and T. Tanaka, “Encrypted value iteration and temporal difference learning over leveled homomorphic encryption,” 2021. [20] J. Kim, H. Shim, H. Sandberg, and K. H. Johansson, “Method for running dynamic systems over encrypted data for infinite time horizon without bootstrapping and re-encryption,” in 2021 60th IEEE Conference on Decision and Control (CDC), pp.5614–5619, Dec 2021. [21] T. Katayama, Subspace Methods for System Identification. Communications and Control Engineering, Springer London, 2006. [22] S. L. Brunton, M. Budiˇsi´c, E. Kaiser, and J. N. Kutz, “Modern Koopman theory for dynamical systems,” SIAM Review, vol. 64, no.2, pp.229–340, 2022. [23] A. Mauroy, I. Mezic, and Y. Susuki, The Koopman Operator in Systems and Control Concepts, Methodologies, and Applications: Concepts, Methodologies, and Applications. Springer Cham, 012020. Attorney Docket No.10046-486WO1 7971 TAN [24] M. Korda and I. Mezi´c, “Linear predictors for nonlinear dynamical systems: Koopman operator meets model predictive control,” Automatica (Oxford), vol.93, pp.149–160, 2018. [25] J. L. Proctor, S. L. Brunton, and J. N. Kutz, “Dynamic mode decomposition with control,” SIAM Journal on Applied Dynamical Systems, vol. 15, no. 1, pp.142–161, 2016. [26] M. O. Williams, I. G. Kevrekidis, and C. W. Rowley, “A data–driven approximation of the koopman operator: Extending dynamic mode decomposition,” Journal of Nonlinear Science, vol. 25, no. 6, p.1307–1346, 2015. [27] F. Fan, B. Yi, D. Rye, G. Shi, and I. R. Manchester, “Learning stable koopman embeddings,” arXiv, 2021. [28] G. t. Y. . Mamakoukas, O. Xherija, and T. Murphey, “Memory-efficient learning of stable linear dynamical systems for prediction and control,” in Advances in Neural Information Processing Systems (H. Larochelle, M. Ranzato, R. Hadsell, M. F. Balcan, and H. Lin, eds.), vol. 33, pp.13527–13538, Curran Associates, Inc., 2020. [29] S. Shin, Q. Lu, and V. M. Zavala, “Unifying theorems for subspace identification and dynamic mode decomposition,” 2020. [30] A. Amini, Q. Sun, and N. Motee, “Approximate optimal control design for a class of nonlinear systems by lifting hamilton-jacobi-bellman equation,” in 2020 American Control Conference (ACC), pp.2717–2722, AACC, 2020. [31] A. Amini, Q. Sun, and N. Motee, “Error bounds for carleman linearization of general nonlinear systems,” 2021 Proceedings of the Conference on Control and its Applications, pp. 1– 8, 2021. [32] J. H. Cheon, K. Han, H. Kim, J. Kim, and H. Shim, “Need for controllers having integer coefficients in homomorphically encrypted dynamic system,” in 2018 IEEE Conference on Decision and Control (CDC), pp. 5020–5025, 2018. [33] C. Gentry, A. Sahai, and B. Waters, “Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based,” 2013. [34] J. Kim, H. Shim, and K. Han, Comprehensive Introduction to Fully Homomorphic Encryption for Dynamic Feedback Controller via LWE-Based Cryptosystem, pp.209–230. Singapore: Springer Singapore, 2020. [35] J. L. Elman, “Finding structure in time,” Cognitive Science, vol.14, no.2, pp.179–211, 1990. Attorney Docket No.10046-486WO1 7971 TAN [36] U.S. Patent Publication No. US20110110525Al. [37] U.S. Patent Publication No. US20190363872Al. [38] U.S. Patent Publication No. US11196541B2. [39] PCT Patent Publication No. WO2021260451Al. [40] U.S. Patent Publication No. US20190065974Al. [41] U.S. Patent Publication No. US20200036510Al. [42] U.S. Patent No. US11087223B2. [43] U.S. Patent No. US9946970B2. [44] European Patent No. EP3166251B1. [45] European Patent No. EP3301617B1. [46] U.S. Patent Publication No. US20180349740Al. [47] U.S. Patent No. US9270446B2.