Towards a Secure and Resilient Grid

A Critical Evaluation of Privacy-Preserving Technologies for Resolving the Data Paradox

The transition of the electric grid from a hierarchical, centralized system to a complex, distributed energy network has created an inherent and critical tension: the vast, granular data necessary for reliable operation is systematically restricted due to stringent legal requirements for customer privacy, robust cybersecurity protocols, and commercial confidentiality. This constitutes the fundamental grid data paradox, a primary bottleneck in the global energy transition. Traditional, centralized planning methods, which relied on predictable averages and aggregate data, are fundamentally incompatible with a future dominated by volatile renewable generation, ubiquitous Distributed Energy Resources (DERs), and dynamic loads from electrification and high-demand data centers. Failure to access and integrate this system-edge data results in planning delays, economic inefficiency, and heightened reliability risks.

As a potential resolution, a class of technologies known as Privacy-Preserving Technologies (PPTs)—particularly Secure Enclaves (Trusted Execution Environments, or TEEs) and Federated Analytics/Federated Learning (FA/FL)—has emerged. These technologies embody a “code-to-data” paradigm, allowing algorithms to operate on sensitive data locally, within a protected environment, and share only abstract, aggregated, or mathematical results.¹ This approach aims to shift the basis of trust from complex legal contracts and centralized data management to auditable cryptographic assurance. However, while promising, PPTs are not a panacea. Their implementation presents a complex series of trade-offs between security, privacy, performance, and cost. Real-world deployments are challenged by significant vulnerabilities, including hardware-level side-channel attacks against TEEs and sophisticated inference and poisoning attacks against FL models.²

This report provides a critical evaluation of the role of PPTs in modernizing the electric grid, and offers an analysis of their technical underpinnings, documented vulnerabilities, and the practical barrier to their adoption: a policy landscape prioritizing immediate reliability fixes over foundational data architecture reform.⁴ By incorporating comparative case studies from the European Union, where stringent GDPR regulations drive a privacy-first approach, and China, where state-led optimization is the primary motivator, PPT adoption may be contextualized within divergent global regulatory philosophies.⁶ I argue that PPTs are a critical architectural component for the future grid, and their successful deployment requires a pragmatic and phased strategy that addresses not only their technical limitations but also significant gaps in workforce skills, legacy system interoperability, and long-term threats such as quantum computing.

Chapter 1: The Historical Context and Digital Inflection Point

1.1 From Predictability to Volatility: The Centralized Past

The initial architecture of the electric power system was defined by its centralized nature. Throughout the late nineteenth and early twentieth centuries, the infrastructure was built upon a “hub-and-spoke” model, wherein large, centralized power plants—typically thermal generators like coal, natural gas, or nuclear—generated electricity that flowed unidirectionally outward to consumers through a network of transmission and distribution lines. This paradigm was cemented during the mid-twentieth century with the development of efficient turbines and high-voltage, long-distance transmission lines, culminating in the establishment of regional “super grids” designed for stability and economies of scale.

Grid planning under this centralized model relied heavily on predictability. Supply from traditional power plants was largely steady, dispatchable, and controllable, allowing operators to match generation to load with a high degree of certainty. Consequently, operational forecasts and long-term planning decisions could be based on predictable load growth curves and coarse, aggregated demand data. The top-down power flow meant that system stability was managed primarily at the bulk transmission level, making detailed, near-real-time data from the grid’s extremities—the distribution networks where end-users connect—largely unnecessary for primary control functions.

1.2 The Decentralized Future and the Rise of Granularity

The introduction of information and communication technologies (ICT) has catalyzed the transformation of the traditional power system into a modern “smart” grid, demanding a dynamic evolution from its earlier, centralized form. This transformation is defined by two fundamental shifts: the introduction of two-way communication and advanced controls, and the increasing penetration of volatile, decentralized resources at the grid edge.

The proliferation of DERs, including rooftop solar photovoltaics (PV), battery energy storage systems (BESS), and electric vehicle supply equipment (EVSE), has fundamentally altered the physics of grid operation. The grid is no longer a passive consumption network but an active, distributed system characterized by bidirectional power flows and inherent volatility from intermittent renewable generation and unpredictable loads. To navigate this operational complexity, planners and operators require detailed, locational, near-real-time data from every inverter, smart meter, and battery at the grid’s edges. This data is essential for functions like voltage regulation, congestion management, and maintaining overall system stability.

This architectural shift from centralized predictability to distributed volatility has created a profound data imperative. The operational risk is now increasingly determined at the distribution level, making granular data an operational prerequisite for physical reliability.¹ However, the current technical, regulatory, and policy systems were designed for the 20th-century grid. This misalignment is starkly visible in the challenge of DER interconnection. The rapid growth in DER interconnection requests has overwhelmed utility queues, which were originally designed to process a small number of large, centralized power plants.¹ These bottlenecks, which are a focus of the Department of Energy’s interconnection roadmap, are a direct manifestation of a regulatory and technological infrastructure that is failing to process the required data volume and complexity at the necessary speed, leading to significant procedural delays in integrating clean energy resources.⁸

Chapter 2: The Grid Data Paradox

The data paradox arises from the inescapable conflict between the operational necessity for granular, real-time data and the corresponding legal, security, and ethical constraints against sharing that data. Three primary conflicts define this dilemma, leading to profound consequences for grid reliability, economic efficiency, and the social acceptance of the energy transition.

2.1 The Triple Conflict

2.1.1 Privacy Obligations and Stakeholder Distrust

At the heart of the paradox lies the highly sensitive nature of Customer Energy Usage Data (CEUD) collected by smart meters. This data, often recorded in intervals of 15 minutes or less, can reveal intimate details of household life, including occupancy patterns, sleep schedules, appliance usage, and even the presence of specific medical equipment.¹ The exposure of this information risks eroding public confidence in the energy transition, a concern vigorously articulated by consumer advocacy groups. Organizations like the Electronic Frontier Foundation (EFF) and Privacy International have argued that the granularity of smart meter data transforms it from a simple billing record into a detailed snapshot of private life, raising significant privacy implications that differ qualitatively from the single monthly readings of analog meters.⁹ This level of detail can be exploited for malicious purposes, such as targeting homes for burglary or enabling commercial or governmental surveillance.¹

This deep-seated concern about data privacy is not merely a technical issue but a crisis of trust that directly impacts the social license for grid modernization. Consumer distrust creates a powerful feedback loop: public apprehension leads to the implementation of stricter data access rules and legal challenges, which in turn forces utilities to adopt highly conservative data management policies to avoid liability and reputational damage.¹⁰ This conservatism slows the very DER integration and grid optimization efforts that require the data, ultimately exacerbating the reliability and economic problems the data was meant to solve. Any purely technical solution to the data paradox will fail if it does not also explicitly address this underlying trust deficit. The value proposition of any new technology must extend beyond efficiency to its potential to serve as a neutral, verifiable arbiter of trust between consumers, utilities, and third-party service providers. This reframes the problem from one of simple data access to one of complex trust brokerage. In the U.S., these concerns have raised Fourth Amendment questions regarding unreasonable searches, while in Europe, the collection and processing of CEUD falls squarely under the stringent requirements of the General Data Protection Regulation (GDPR).¹¹

2.1.2 Cybersecurity and Mandatory Compliance

The digitization of grid assets, while enabling greater efficiency, simultaneously increases the grid’s attack surface and vulnerability to sophisticated cyber-physical threats. Sharing raw, sensitive operational data across multiple external organizational boundaries—among transmission operators, distribution utilities, aggregators, and market participants—exponentially increases the financial and political risk of a catastrophic breach. To mitigate these risks, the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards impose mandatory, rigorous security controls on entities managing the Bulk Electric System.¹ These standards mandate strict isolation and control over operational data, creating a powerful regulatory incentive for data siloing. Any proposed data-sharing mechanism must demonstrate strict compliance with these federal mandates, adding a significant layer of regulatory complexity and operational caution that often defaults to minimizing data exchange.

2.1.3 Commercial and Competitive Constraints

Beyond privacy and security, powerful commercial interests create and reinforce data silos. Independent power producers, DER aggregators, and large industrial consumers possess proprietary information, such as bidding strategies in wholesale markets, technology deployment plans, and competitive load profiles, which they cannot expose to competitors or other stakeholders without suffering a material disadvantage. This fear of compromising market position is a core inhibitor to the voluntary sharing of system-critical operational data. In the absence of trusted sharing mechanisms, the default behavior is to hoard data, resulting in opacity and redundancy in market planning and operations.

2.2 Consequences of Restricted Data Access on Reliability and Economics

The failure to resolve this triple conflict results in direct, quantifiable harm to the energy system, manifesting as planning bottlenecks, increased reliability risks, and significant economic inefficiencies.

2.2.1 Planning Bottlenecks and Reliability Risk

Limited transparency in grid data directly hinders essential planning functions like interconnection studies and locational hosting capacity analysis. Developers seeking to connect new DERs often use the interconnection application process itself as a means of discovery to obtain necessary grid data, a practice that contributes to massive backlogs and delays that slow the integration of critical clean energy resources. From an operational standpoint, insufficient visibility into the real-time behavior and location of DERs prevents accurate network modeling. This lack of visibility confirms the reliability concerns repeatedly identified by NERC, which has highlighted that transmission operators need specific, detailed data on the nature of loads and resources at the distribution level to accurately maintain system integrity. Without this system-wide data integration, reliable planning is fundamentally compromised.

2.2.2 Economic Inefficiency and the Price Paradox

The economic consequences of data isolation impose a quantifiable drag on the energy transition. At a basic level, utilities and planners independently undertake costly, redundant efforts to acquire, clean, anonymize, and process similar datasets for their respective planning needs.

A more complex and pernicious effect is the emergence of the “price paradox” in highly decarbonized electricity markets. As increased renewable penetration drives day-ahead commodity energy prices to zero or below, end-users often still face high total electricity prices. This occurs because non-energy system costs—such as those for ancillary services required to manage volatility and ensure grid stability—increase significantly. While inadequate data access and forecasting capabilities are a direct contributor to this inefficient system management, it is crucial to recognize that other variables, such as inherent renewable volatility, transmission congestion, and fundamental market design flaws, are significant culprits. Nevertheless, resolving the data paradox is a critical component of improving operational efficiency and mitigating these rising non-energy costs.

2.3 The Ethical and Governance Dilemma

State utility regulators, such as those organized under the National Association of Regulatory Utility Commissioners (NARUC), recognize the complexity of balancing these competing needs. In 2023, NARUC developed a structured Grid Data Sharing Framework and Playbook to assist commissions in navigating the trade-offs and decision-making processes regarding third-party access to utility data. This framework correctly identifies the debate as a fundamental governance dilemma, requiring a structured process for collecting, examining, and documenting inputs to inform data-sharing decisions.

However, this regulatory approach, while necessary, often focuses on managing risks post hoc through negotiation and policy, inherently lagging behind the rapid technological pace of the grid’s evolution.¹ The central regulatory challenge is to move beyond defining who owns the data and how it should be governed legally, to defining where computation must occur to maintain security and trust by design.

Chapter 3: An Architectural Approach: Privacy-Preserving Technologies

The resolution to the grid data paradox may be achieved by embedding privacy and security directly into the system architecture. Privacy-Preserving Technologies (PPTs) enable systemic thinking about the grid without requiring systemic exposure of the underlying data. However, the security of these technologies is not an absolute guarantee but a dynamic trade-off. Their deployment introduces an inherent tension between privacy, accuracy, and performance that requires careful, application-specific calibration rather than a one-size-fits-all approach.

3.1 The Shift to “Code-to-Data” Paradigm

The core principle distinguishing PPTs from traditional centralized data management is the “code-to-data” paradigm. Instead of requiring the transfer of massive, sensitive datasets to a centralized location for processing, algorithms or model parameters are securely transmitted to the data’s local source (e.g., a utility server, a DER aggregator’s system, or a smart meter hub). Processing occurs locally within a protected environment, and only the mathematically aggregated, anonymized, or abstract results are shared system-wide.

While a range of technologies falls under the PPT umbrella, including Homomorphic Encryption (HE) and Multi-Party Computation (MPC), these remain computationally intensive and often suffer from limited scalability, making them impractical for the high-volume, real-time demands of many utility operations. This has directed practical utility adoption and research toward two complementary and more operationally feasible solutions: Secure Enclaves and Federated Analytics/Learning.

3.2 Secure Enclaves (TEEs): Guarantees and Real-World Constraints

Secure Enclaves, often relying on hardware-enabled Trusted Execution Environments (TEEs), provide an isolated, cryptographically protected container for processing sensitive data. The fundamental guarantee of a secure enclave is that raw data never leaves the data owner’s controlled environment. Algorithms are executed within this isolated memory space, ensuring that the processing remains confidential even from the host system’s operating system or a malicious cloud provider. Only aggregated, anonymized results or specific mathematical outputs are released from the enclave.

No security is perfect. A primary and persistent threat is side-channel attacks, where adversaries exploit physical effects of the hardware’s operation—such as power consumption patterns, electromagnetic emissions, or precise execution timing—to infer secret information being processed inside the enclave.² Variants of attacks like Spectre and Meltdown have demonstrated that even robust hardware isolation can be compromised. Furthermore, supply chain vulnerabilities present a critical risk. As emphasized in guidance from the National Institute of Standards and Technology (NIST), the trust in a TEE relies on a hardware root of trust (HRoT); if malicious or counterfeit components are introduced into the supply chain, the entire security model can be undermined before the system is even deployed.¹⁵ Finally, scalability and cost are major barriers to widespread adoption. Deploying specialized, TEE-capable hardware across millions of grid-edge devices like smart meters would involve substantial capital expenditure and logistical complexity, potentially adding to the overall grid load through increased energy consumption from cryptographic operations.¹⁷

3.3 Federated Analytics (FA) and Federated Learning (FL): Collaborative Intelligence and Inherent Risks

Federated Learning (FL) is a distributed machine learning paradigm that allows multiple entities to collaboratively train a shared, global model without ever exposing their proprietary raw data. In an FL framework, local clients—such as distribution utilities or DER aggregators—train machine learning models on their isolated datasets. Instead of exchanging raw data, only the mathematical model updates (e.g., gradients or parameters) are securely exchanged and aggregated by a central server to improve a global model.

This introduces significant privacy vulnerabilities. Inference attacks, particularly gradient leakage, have demonstrated that an honest-but-curious server or other participants can reconstruct sensitive portions of a client’s private training data from the shared model updates alone.¹⁸ This is especially true in the heterogeneous data environments common in smart grids. Beyond privacy risks, FL is susceptible to security threats. Model poisoning attacks occur when malicious participants intentionally submit corrupted model updates designed to degrade the performance of the global model or install a “backdoor” that causes it to misbehave on specific inputs.³ Furthermore, the problem of data heterogeneity (or non-IID data), where data distributions vary significantly across clients, poses a major challenge to model convergence and can lead to biased and poorly performing global models, undermining the very purpose of the collaborative effort.¹⁸

3.4 Limitations, Risks, and Mitigation Strategies for PPTs

The vulnerabilities inherent in TEEs and FL are not insurmountable, but they necessitate a layered defense strategy and a clear-eyed understanding of the associated trade-offs.

For TEEs, mitigation strategies focus on both hardware and software. Hardware manufacturers continuously release patches and new architectural designs to counter known side-channel attacks. At the software level, algorithmic countermeasures can be implemented to obscure execution patterns. However, the most critical mitigation is continuous remote attestation. As stressed in NIST guidance, this is a process where a TEE cryptographically proves its identity and the integrity of its software environment to a remote verifier before being entrusted with sensitive data or computation.¹⁶ While essential for security, this process adds communication and computational overhead, impacting performance and scalability.

For FL, the primary mitigation against inference attacks is the integration of Differential Privacy (DP). DP provides a formal, mathematical guarantee of privacy by adding carefully calibrated statistical noise to the model updates before they are shared.²² This makes it computationally infeasible to reverse-engineer an individual’s data from the aggregated result. However, this enhanced privacy comes at a direct cost to model accuracy—the more noise added (i.e., the stronger the privacy guarantee), the less accurate the final global model becomes. This creates a “trilemma” for system designers, forcing a choice between strong privacy, high model accuracy, and system performance. A utility might have to accept lower forecast accuracy to meet stringent privacy requirements, or accept higher privacy risk for a more accurate model needed for critical operations. This shifts the discussion from a binary question of “Are PPTs secure?” to a nuanced engineering and policy challenge: “What is the acceptable risk and performance profile for a given grid application?”

Chapter 4: Case Studies in PPT Deployment: A Global Perspective

The theoretical promise of PPTs is being tested through various initiatives worldwide. However, the adoption of these technologies is not a monolithic global trend; it is being shaped by divergent regulatory philosophies and national priorities. An examination of key initiatives in the United States, the European Union, and China reveals three distinct models of deployment: a market-driven reliability model in the U.S., a compliance-driven model in the EU, and a state-led optimization model in China.

4.1 United States Initiatives

The U.S. approach to PPTs is largely driven by the need to manage an increasingly complex grid with high DER penetration, focusing on reliability and the creation of new market mechanisms.

4.1.1 Federated DER Management: The FAST-DERMS Architecture

The Federated Architecture for Secure and Transactive Distributed Energy Resource Management Solutions (FAST-DERMS) is a major initiative advanced by the U.S. Department of Energy’s Grid Modernization Laboratory Consortium. Its objective is to develop an operational architecture capable of managing high levels of customer-owned energy sources and transactive energy markets. The architecture employs a federated approach to coordinate DERs at the substation level, transforming the volatile net load of a distribution feeder into a predictable, controllable resource from the perspective of the Transmission System Operator (TSO).

FAST-DERMS, developed by the National Renewable Energy Laboratory (NREL), is lab-tested, but not a widely operational, field-proven system.²⁵ Its primary value lies in demonstrating the feasibility of a federated control architecture through simulation and testing within NREL’s Advanced Distribution Management System (ADMS) Test Bed.²⁵ While this is a crucial step, it does not yet have a track record of proven, grid-wide reliability gains are premature. The project represents a foundational research and development effort to define the standards and protocols for future systems, rather than an existing, off-the-shelf solution.

4.2 European Union Approaches Under GDPR

In the European Union, the adoption of PPTs is strongly driven by the need to comply with the stringent data privacy and sovereignty requirements of the General Data Protection Regulation (GDPR).¹² This “privacy-first” imperative creates a powerful incentive for utilities and technology providers to explore architectures that enable data-driven services while minimizing the movement and exposure of personal data.

Several EU-funded projects under the Horizon research and innovation program are exploring these architectures. The ODEON project, for example, aims to create a coordinated European energy ecosystem by focusing on six key areas, including data connectivity and privacy, to enable a market that benefits both operators and consumers.²⁸

A more concrete example is the Enershare project, which concluded in 2024. Its Use Case 5A pilot specifically employed a federated learning framework, powered by TNO, to predict energy demand and reduce grid stress. The pilot successfully demonstrated that grid behavior could be forecasted more accurately—resulting in no observed transformer overloads—without any private customer data leaving the local site. Each participant trained its own model and shared only the abstract “knowledge” (model updates), a process that inherently respects GDPR constraints. This pilot serves as a tangible validation of a scalable, privacy-first solution for grid optimization in a strict regulatory environment.⁶

4.3 Federated Learning in China’s Smart Grid

China presents a contrasting case study, where the primary driver for PPT adoption appears to be state-led optimization rather than regulatory compliance. The goal is to leverage advanced technology to improve the operational efficiency and centralized management of a rapidly modernizing and state-owned grid.

A prominent example is the implementation of a hybrid federated learning framework by the Zhuhai Power Supply Bureau, a subsidiary of the state-owned China Southern Power Grid. This project, developed in collaboration with researchers from Tsinghua University, was designed to perform collaborative load forecasting across different districts of the city. The framework was explicitly created to break down internal data silos between different energy-related entities to achieve more accurate predictions for smart city planning and operation.⁷ This represents one of the first large-scale, real-world utility applications of federated learning. Broader research trends in China similarly focus on applying FL to solve pressing operational challenges, such as transmission line fault detection and overall energy management, underscoring a pragmatic, efficiency-first approach to technology deployment.²⁹

The divergence among these three regions is significant. It implies that a single, global standard for PPTs in the energy sector is unlikely to emerge in the near term. Technology vendors and policymakers will need to recognize and adapt to these different regional priorities, tailoring solutions to fit the EU’s compliance-driven model, China’s state-led optimization model, or the U.S.’s market-driven reliability model.

Chapter 5: Governance, Policy, and Regulatory Realities

The technical solutions offered by PPTs cannot be implemented in a vacuum; they require a corresponding evolution in governance models and a supportive, clear-eyed policy landscape. An examination of the current U.S. context reveals a complex and sometimes contradictory environment, where idealized governance concepts clash with practical challenges and long-term architectural needs are often superseded by immediate political pressures.

5.1 Nodal Governance: A Critical Assessment

The concept of “nodal governance” has been proposed as a model for the decentralized U.S. electricity system, where power and decision-making are distributed across a network of actors, including transmission operators, distribution utilities, regulators, and private firms. In theory, PPTs serve as an ideal technical architecture to support this model, providing cryptographic guarantees that enable these disparate nodes to collaborate and share actionable intelligence without centralized control or burdensome legal mediation.

However, this idealized view must be tempered with a critical assessment of the challenges inherent in decentralized governance. A nodal structure can lead to significant coordination failures. Policy implementation in complex, multi-agency environments must route around distinct institutional cultures, conflicting mandates, and unequal resources. This can lead to situations where agencies work at cross-purposes, resulting in policy gridlock or collapse.³¹ In the energy sector, this can manifest as a directionality failure, where the lack of a strong, unified vision prevents the collective action needed to overcome the inertia of the existing system.³² Simply deploying a decentralized technology like FL does not automatically create effective collaboration; it must be accompanied by robust governance frameworks that align incentives and bridge institutional divides.

5.2 U.S. Federal Momentum

The GRIData Act of 2024 (S. 4140), introduced in the 118th Congress by Senators Heinrich, Wyden, and Padilla, aligns closely with the goals discussed in this report. It directed the Department of Energy to explore methods for sharing granular grid data to improve reliability, with a specific requirement for built-in privacy protections.³³ However, congressional records show that after its introduction and referral to the Committee on Energy and Natural Resources in April 2024, the bill saw no further action and has effectively stalled.⁴

In stark contrast, the GRID Power Act (H.R. 1047), introduced in the 119th Congress in 2025, has seen significant legislative progress. This bill passed the House of Representatives in September 2025 on a largely party-line vote and was referred to the Senate.⁵ The crucial distinction lies in its focus. The GRID Power Act is not about data privacy or sharing architectures; its primary purpose is to reform the interconnection queue process to prioritize new dispatchable power projects that are deemed critical for improving grid reliability and resource adequacy.⁵

This legislative divergence is revealing. It demonstrates a critical disconnect between the architectural needs of the future grid, which depend on data-driven solutions like PPTs, and the immediate political pressures on legislators, which demand direct, easily understood solutions to prevent blackouts and ensure resource adequacy. In the current political climate, ensuring that dispatchable generation is available when renewables are not is a more tangible and politically salient goal than architecting a secure data-sharing ecosystem. To gain policy traction, proponents of PPTs must successfully reframe their technology not merely as a data privacy tool but as a critical enabler of reliability that can make variable resources like DERs function as predictably and reliably as the dispatchable assets that legislators are currently trying to fast-track.

5.3 Federal and State Standardization Efforts

While legislative momentum on data architecture is slow, important foundational work is proceeding at federal agencies and state regulatory bodies. The National Institute of Standards and Technology (NIST) is playing a critical role in developing technical guidance for confidential computing and hardware-enabled security, as detailed in its IR 8320 series. This work provides the technical underpinnings necessary for creating standardized certification and attestation processes for TEEs, which will be essential for their acceptance in NERC CIP-compliant environments.

At the state level, the NARUC Grid Data Sharing Framework provides a vital policy template, giving state commissions a structured process to evaluate the complex trade-offs involved in data access.¹ The key challenge lies in reconciling the high-level federal intent (e.g., national reliability) with local state guidance (e.g., customer privacy). Successful deployment will require that federally developed open protocols, such as those emerging from the FAST-DERMS initiative, are designed to be compatible with the specific privacy and disclosure requirements established by state commissions.

Chapter 6: Adoption Barriers and Strategic Pathways

Despite a compelling value proposition, several significant and practical hurdles must be overcome to institutionalize PPTs across the utility sector. These barriers span technology, workforce, and legacy systems, and require a coordinated strategic response.

6.1 Computational Overhead and Scalability

While FL and TEEs are generally more scalable than alternatives like fully homomorphic encryption, they still introduce significant computational and communication overhead. Large-scale FL deployment, especially in a cross-device setting involving millions of smart meters or other edge devices, requires robust infrastructure to efficiently orchestrate model updates and manage network bandwidth. The cryptographic operations inherent in TEEs add to the processing load and energy consumption of host systems. As the number of participating nodes increases, these overheads can become a critical bottleneck, requiring continued research into optimization techniques such as hierarchical FL architectures and more efficient cryptographic algorithms.

6.2 Workforce and Infrastructure Gaps

Perhaps the most significant and often underestimated barrier is the human element. The widespread adoption of PPTs requires a fundamental shift in the skill sets of the utility workforce. Utilities must hire and train personnel proficient in cryptographic assurance, secure AI/ML model governance, and the complex task of auditing the mathematical fitness of PPT outputs.³⁸ This moves far beyond traditional IT and OT data management skills. A 2024 industry report highlighted that a shortage of technical skills is the single most significant barrier to AI/ML adoption in the utility sector, cited by 43% of executives.³⁸ This workforce readiness gap, combined with the need for significant investment in new data infrastructure, presents a major practical impediment to deploying and maintaining these advanced systems.⁴⁰

6.3 Legacy System Integration and Interoperability

The modern grid is not a greenfield environment; it is a complex tapestry of modern IT systems and decades-old, proprietary Operational Technology (OT). A critical and unaddressed challenge is the practical difficulty of retrofitting PPTs into these legacy environments. Integrating a federated learning system or a network of secure enclaves with proprietary SCADA systems or outdated distribution management systems without disrupting critical operations is a formidable engineering task. Furthermore, any new system must be proven to comply with the rigid and prescriptive cybersecurity controls of NERC CIP, which were not designed with these novel, distributed architectures in mind. The risk of proprietary vendor systems locking utilities into non-interoperable, “walled garden” solutions is also high. To accelerate adoption and reduce costs, policy must prioritize the publicly funded development of open protocols and standardized certification, ensuring that the necessary computational layer becomes shared, accessible infrastructure rather than a collection of fragmented, proprietary products.

Chapter 7: Quantitative Evaluation and Economic Viability

Moving beyond theoretical benefits requires a rigorous quantitative framework to evaluate the performance and economic viability of PPTs in the grid context. While comprehensive, standardized metrics are still in development, a foundational cost-benefit analysis can be constructed to guide investment and policy decisions.

7.1 A Cost-Benefit Framework for PPT Implementation

A balanced economic assessment of PPTs must weigh their implementation and operational costs against a diverse set of direct and indirect benefits.

Costs: The quantifiable costs of deploying PPTs can be categorized as follows:

• Capital Expenditures (CAPEX): This includes the initial investment in new hardware, particularly for TEEs, which may require specific TEE-capable processors and servers. Upgrades to network infrastructure to handle increased communication loads for FL also fall into this category.⁴²

• Operational Expenditures (OPEX): These are the ongoing costs associated with running PPT-based systems. They include increased energy consumption from intensive cryptographic computations, bandwidth costs for transmitting model updates in FL, and software licensing or subscription fees for commercial PPT platforms.⁴²

• Human Capital Costs: As noted previously, a significant cost driver is the recruitment and continuous training of specialized personnel with expertise in cryptography, data science, and secure systems management. This represents a substantial and ongoing investment.³⁸

Benefits: The benefits are more varied and can be both direct and indirect:

• Direct Economic Benefits: The most tangible benefit is improved operational efficiency. More accurate load and generation forecasts enabled by FL can reduce the need for costly ancillary services and contingency reserves, leading to reductions in flexibility procurement costs. Coordinated DER management can also defer or avoid costly infrastructure upgrades.⁴³

• Risk Mitigation and Avoided Costs: PPTs can significantly reduce the financial risk associated with data breaches. By minimizing the exposure of raw data, they lower the potential costs of regulatory fines (e.g., under GDPR or state-level privacy laws), legal liabilities, and the operational disruption from a cyberattack.

• Increased Market Participation and Innovation: By providing a trusted mechanism for data sharing, PPTs can foster greater participation in emerging energy markets (e.g., transactive energy) and enable new data-driven services from third parties, creating new revenue streams.⁴⁴

• Enhanced Public Trust and Social License: While harder to quantify, building consumer trust through verifiable privacy protections is a significant long-term benefit that can accelerate the adoption of smart grid technologies and demand response programs.

7.2 Benchmarking Performance: From Theory to Practice

The efficacy of PPTs, particularly FL models, is often evaluated using standard machine learning metrics such as Root Mean Square Error (RMSE) and Mean Absolute Error (MAE). While some academic studies and simulations report modest improvements in these error metrics compared to non-federated baselines, these results have not yet been consistently translated into system-wide economic savings in large-scale, real-world deployments

The claim of “double-digit percentage reductions in flexibility procurement costs” from international pilots remains largely unsubstantiated by specific, publicly available, and peer-reviewed case studies. This highlights a critical gap in the field: the need for transparent, benchmarked reporting from pilot projects. One of the few concrete public examples, the EU’s Enershare project, provided qualitative and operational outcomes—such as improved forecasting accuracy and the prevention of transformer overloads—but did not release specific RMSE/MAE figures or a detailed cost-benefit analysis.⁶ The lack of such data makes it difficult for utilities and regulators to build a confident business case for investment.

7.3 Return on Investment (ROI) and Market Dynamics

Calculating a precise Return on Investment (ROI) for PPTs is challenging due to the difficulty in monetizing indirect benefits like enhanced security and public trust. Historically, investments in privacy and security have been viewed as a cost of compliance—a necessary expenditure to minimize the risk of data breaches.⁴⁴

However, this perspective is shifting. As the grid becomes more data-intensive, the ability to securely leverage data is transitioning from a compliance exercise to a core source of value creation. Organizations that can effectively use PPTs to unlock insights from sensitive data without compromising privacy will gain a significant competitive advantage.⁴⁴ To accelerate this shift, regulatory mechanisms such as performance-based ratemaking could be designed to reward utilities for investments in certified, interoperable PPT solutions. By framing PPTs as essential reliability infrastructure, akin to physical assets like transformers and wires, regulators can create a clear financial incentive for their adoption, moving them from the IT compliance budget to the core grid modernization investment portfolio.

Chapter 8: A Broader Technological Horizon: Alternatives and Hybrid Models

While this report focuses primarily on TEEs and FL, a comprehensive strategy for a secure grid must consider a broader portfolio of privacy-preserving technologies. No single tool is optimal for every use case, and the most robust and practical solutions will likely involve hybrid architectures that combine the strengths of different approaches.

8.1 Differential Privacy (DP)

Differential Privacy is a mature and mathematically rigorous framework for providing statistical privacy.²² Its core mechanism involves adding a precisely calibrated amount of statistical noise to a dataset or to the results of a query before they are released. This noise is calibrated to be large enough to mask the contribution of any single individual in the dataset, thus making it impossible to infer private information about a specific person, even if an adversary has access to all other data points.²³

The strength of DP lies in its formal, provable privacy guarantee, which is controlled by a parameter known as epsilon (ε). A smaller epsilon corresponds to more noise and stronger privacy, while a larger epsilon means less noise and higher data utility.²³ This creates a direct and quantifiable trade-off between privacy and accuracy. In the grid context, DP is highly effective for sharing aggregate statistics—for example, publishing neighborhood-level energy consumption patterns for public policy research. Its primary limitation for real-time grid operations is this inherent utility trade-off. The level of noise required for a strong privacy guarantee may degrade the accuracy of a load forecast or an operational model to a point where it is no longer useful for critical control functions.²³

8.2 Zero-Knowledge Proofs (ZKPs)

Zero-Knowledge Proofs are a powerful and rapidly emerging cryptographic primitive that allows one party (the “prover”) to prove to another party (the “verifier”) that they know a value or that a statement is true, without revealing any information whatsoever beyond the validity of the statement itself.⁴⁸ For example, a DER aggregator could use a ZKP to prove to a utility that its aggregated fleet can meet a specific grid service requirement (e.g., “I have 5 MW of flexible capacity available for the next hour”) without revealing any of the underlying data about the individual devices in its portfolio.

ZKPs offer extremely strong privacy guarantees and are uniquely suited for applications requiring verification without disclosure, such as in transactive energy markets or for authenticating DERs to the grid privately.⁵⁰ Their primary barrier to widespread adoption in the energy sector is their high computational intensity and relative immaturity for complex, high-volume, real-time applications. Generating and verifying proofs can be resource-intensive, potentially introducing latency that is unacceptable for time-sensitive grid operations. However, as the technology matures and becomes more efficient, ZKPs hold significant promise as a foundational tool for building trust in decentralized energy systems.⁴⁹

8.3 Hybrid Architectures

Given the distinct strengths and weaknesses of each technology, a purist approach is unlikely to be optimal. The most practical and resilient path forward will likely involve the development of hybrid architectures that combine different PPTs in a layered defense. For example:

• FL with DP: This is already an emerging best practice. By applying differential privacy to the model updates shared in a federated learning system, one can provide formal privacy guarantees that protect against the gradient leakage and inference attacks to which standard FL is vulnerable.²⁴

• TEEs for FL Aggregation: The central server in an FL architecture can be a single point of failure and a target for attack. Running the model aggregation process inside a secure enclave on the server can protect the integrity of the global model and prevent a compromised server from inspecting individual client updates.

• DP Pre-processing for TEEs: Data could be pre-processed using differential privacy to add a layer of statistical privacy before it is fed into a TEE for more complex computation. This provides a defense-in-depth approach, ensuring that even if the TEE itself were compromised by a sophisticated side-channel attack, the underlying data would still have a baseline level of privacy protection.

By thoughtfully combining these technologies, system architects can design solutions that are tailored to the specific privacy, security, and performance requirements of diverse grid applications.

Conclusion: A Pragmatic Roadmap for a Trustworthy Grid

The confluence of decentralized generation, dynamic loads, and stringent privacy mandates has created an insurmountable data paradox under traditional grid planning and operational paradigms. The grid, functioning as a collective nervous system, requires coordinated intelligence but cannot afford to expose every operational detail. Secure Enclaves and Federated Learning offer a compelling architectural resolution by decoupling essential computation from raw data exposure. These technologies enable a necessary shift in the basis of trust: away from vulnerable centralized data pools and protracted legal negotiations, toward cryptographic guarantees and auditable system outcomes.

However, PPTs are not a simple “plug-and-play” solution. Their adoption is contingent on solving significant technical, economic, and governance challenges. Real-world vulnerabilities, high implementation costs, a persistent workforce skills gap, and a hesitant policy environment are formidable barriers. To move from promising theory to widespread practice, a pragmatic, phased, and coordinated strategy is required.

Roadmap

A realistic path to integrating PPTs as core grid infrastructure could proceed in three distinct phases over the next decade:

Phase 1 (2026–2028): Foundational Research & Expanded Pilots: The immediate focus must be on building a robust empirical evidence base.

• Action: Federal and state agencies should fund large-scale, multi-jurisdictional pilot projects that go beyond technical feasibility to focus on operational and economic validation.

• Metrics: These pilots must be mandated to provide transparent, benchmarked reporting of both performance metrics (e.g., improvements in RMSE/MAE for forecasting) and economic outcomes (e.g., detailed cost-benefit analysis, measured reduction in ancillary service costs).

• Open Standards: To prevent vendor lock-in and reduce costs, public-private partnerships should be established to develop and promote open-source protocols and reference implementations for TEEs and FL platforms tailored to grid use cases.

Phase 2 (2029–2032): Standardization and Workforce Development: With a solid evidence base, the focus must shift to creating the institutional conditions for scaled deployment.

• Action: Regulatory bodies like FERC and NERC, leveraging the technical expertise of NIST, must define and implement rigorous, standardized certification processes for PPT platforms.

• Metrics: Certification must verify not only the cryptographic integrity of the technology but also its resilience against known attack vectors and its ability to comply with NERC CIP requirements.

• Workforce: A concerted national effort, involving utilities, universities, and government, is needed to fund and develop training and education programs to close the workforce gap in cybersecurity, cryptography, and secure AI.

Phase 3 (2033–2035): Regulatory Integration and Scaled Deployment: The final phase involves embedding these certified technologies into standard regulatory and market processes.

• Action: State regulators, guided by updated NARUC frameworks, should begin to integrate PPT certification as a requirement in interconnection proceedings, grid modernization plans, and rate cases.

• Metrics: Success will be measured by the number of utilities deploying certified, interoperable PPT solutions and the emergence of competitive markets for third-party services built upon these secure data-sharing architectures.

• Incentives: Regulatory mechanisms, such as performance-based ratemaking, should be used to provide clear financial incentives for utilities that invest in and deploy these technologies, recognizing them as essential reliability infrastructure.

Future-Proofing the Grid

Even as this roadmap is pursued, policymakers and system architects must look to the strategic horizon and plan for long-term, paradigm-shifting threats. The most significant of these is the advent of large-scale, fault-tolerant quantum computing. Quantum computers running algorithms like Shor’s algorithm will be capable of breaking the public-key cryptography (e.g., RSA and ECC) that underpins the security of the internet and forms the foundation for today’s TEEs and the secure communication channels used in FL.⁵¹

This is not a distant, academic threat; it is an existential one for any long-term digital infrastructure. The “harvest now, decrypt later” strategy, where adversaries collect encrypted data today with the intent of decrypting it once a quantum computer is available, means that data secured with classical cryptography is already at risk. Therefore, any grid modernization strategy that invests billions of dollars in digital infrastructure with a multi-decade lifespan must incorporate a plan for transitioning to Post-Quantum Cryptography (PQC). PQC refers to a new generation of cryptographic algorithms that are believed to be resistant to attack by both classical and quantum computers.⁵⁴

Ensuring the long-term security and resilience of the 21st-century electric grid requires that the PPT architectures deployed in the coming years are designed to be “crypto-agile”—capable of being upgraded to PQC standards as they are finalized and commercialized. Failing to plan for this quantum transition would be a critical strategic error, locking essential infrastructure into a security paradigm with a known expiration date. The tools to enable systemic thinking without systemic exposure are mature and proven; the immediate task is to embed them into the core governance and architectural standards of a grid built not just for tomorrow, but for the decades to come.

Works cited

1. Security of Smart-Meters against Side-Channel-Attacks (SCA) - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/339593548_Security_of_Smart-Meters_against_Side-Channel-Attacks_SCA

2. (PDF) Poisoning Attacks in Federated Learning: A Survey - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/367369296_Poisoning_Attacks_in_Federated_Learning_A_Survey

3. S.4140 - 118th Congress (2023-2024): GRIData Act of 2024 | Congress.gov, accessed October 25, 2025, https://www.congress.gov/bill/118th-congress/senate-bill/4140

4. Text - H.R.1047 - 119th Congress (2025-2026): GRID Power Act | Congress.gov, accessed October 25, 2025, https://www.congress.gov/bill/119th-congress/house-bill/1047/text

5. Shaping the Future of Smart Energy: Innovation ... - Enershare, accessed October 25, 2025, https://enershare.eu/enershare-shaping-the-future-of-smart-energy-innovation-flexibility-and-scalable-impact/

6. Federated learning and its application in smart cities, accessed October 25, 2025, https://www.sigs.tsinghua.edu.cn/en/2023/0421/c1303a62628/page.htm

7. Distributed Energy Resource Interconnection Roadmap, accessed October 25, 2025, https://www.energy.gov/sites/default/files/2025-01/i2X%20DER%20Interconnection%20Roadmap.pdf

8. Advocacy Groups Raise Concerns about Privacy Implications of Smart Meter Data in Newly Filed Brief, accessed October 25, 2025, https://smartgridawareness.org/2017/03/01/advocacy-groups-raise-concerns-about-smart-meters/

9. Smart Grid Advocacy Group Seeks to Refute Privacy and Data Security Concerns, accessed October 25, 2025, https://www.insideprivacy.com/smart-meters/smart-grid-advocacy-group-seeks-to-refute-privacy-and-data-security-concerns/

10. Living in a Glass House: Privacy Implications of Smart Meter Data - Bass Connections, accessed October 25, 2025, https://bassconnections.duke.edu/news/living-glass-house-privacy-implications-smart-meter-data/

11. Smart grid challenges through the lens of the European general data protection regulation, accessed October 25, 2025, https://scienceportal.tecnalia.com/en/publications/smart-grid-challenges-through-the-lens-of-the-european-general-da

12. Smart Grid Challenges Through the Lens of the European General Data Protection Regulation - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/343339480_Smart_Grid_Challenges_Through_the_Lens_of_the_European_General_Data_Protection_Regulation

13. Security of Smart-Meters against Side-Channel-Attacks (SCA) - DergiPark, accessed October 25, 2025, https://dergipark.org.tr/tr/download/article-file/813542

14. CSRIC VIII Report On Best Practices To Improve Supply Chain Security Of Infrastructure And Network Management Systems - Federal Communications Commission, accessed October 25, 2025, https://www.fcc.gov/sites/default/files/CSRIC8-Report-BestPracticesImproveSupplyChainSecurityInfrastructureNetworkMgmtSys-0623.docx

15. NIST IR 8320 - NIST Technical Series Publications - National ..., accessed October 25, 2025, https://nvlpubs.nist.gov/nistpubs/ir/2022/Nist.IR.8320.pdf

16. Evaluating the Performance of Smart Meters: Insights into Energy Management, Dynamic Pricing and Consumer Behavior - MDPI, accessed October 25, 2025, https://www.mdpi.com/2076-3417/15/2/960

17. Federated Learning for Smart Grid: A Survey on Applications and Potential Vulnerabilities, accessed October 25, 2025, https://arxiv.org/html/2409.10764v3

18. [2409.13004] Data Poisoning and Leakage Analysis in Federated Learning - arXiv, accessed October 25, 2025, https://arxiv.org/abs/2409.13004

19. [2403.02983] Federated Learning Under Attack: Exposing Vulnerabilities through Data Poisoning Attacks in Computer Networks - arXiv, accessed October 25, 2025, https://arxiv.org/abs/2403.02983

20. NISTIR 8320, 8320A, 8320B, Hardware-Enabled Security, accessed October 25, 2025, https://csrc.nist.gov/csrc/media/Presentations/2023/hardware-enabled-security/images-media/Jan-24-2023-bartock.pdf

21. Chapter 10 Differential Privacy in Energy Systems - Now Publishers, accessed October 25, 2025, https://nowpublishers.com/article/Chapter/9781638284765?cId=978-1-63828-477-2.ch10

22. [Literature Review] Practical Implications of Implementing Local Differential Privacy for Smart grids - Moonlight, accessed October 25, 2025, https://www.themoonlight.io/en/review/practical-implications-of-implementing-local-differential-privacy-for-smart-grids

23. Improving Smart Grid Management with Federated Learning - Integrate.ai, accessed October 25, 2025, https://www.integrate.ai/blog/improving-smart-grid-management-with-federated-learning

24. Advanced Distribution Management Systems | Grid Modernization - NREL, accessed October 25, 2025, https://www.nrel.gov/grid/advanced-distribution-management

25. FAST-DERMS: An Architecture to Control the Grid of the Future - Publications, accessed October 25, 2025, https://docs.nrel.gov/docs/fy25osti/92461.pdf

26. Electric Utility Companies and Co-Ops Can Unleash the Grid Edge With This Unique NREL Asset | Grid Modernization, accessed October 25, 2025, https://www.nrel.gov/grid/news/features/2023/electric-utility-companies-and-coops-can-unleash-the-grid-edge-with-this-unique-nrel-asset

27. Projects - International Data Spaces, accessed October 25, 2025, https://internationaldataspaces.org/make/projects/

28. Federated Learning-based 1D-CNN-LSTM Transmission Line Fault Location and Classification in Smart Grids - ManuscriptLink, accessed October 25, 2025, https://www.manuscriptlink.com/society/kics/media?key=kics/conference/icaiic2024/1570977689.pdf

29. Federated Learning for Smart Grid: A Survey on Applications and Potential Vulnerabilities, accessed October 25, 2025, https://arxiv.org/html/2409.10764v1

30. (PDF) Policy Design and Nodal Governance: A Comparative Analysis of Determinants of Environmental Policy Change in a South African City - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/271752797_Policy_Design_and_Nodal_Governance_A_Comparative_Analysis_of_Determinants_of_Environmental_Policy_Change_in_a_South_African_City

31. (PDF) Challenges for electricity network governance in Energy transitions: Insights from Norway - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/338901467_Challenges_for_electricity_network_governance_in_Energy_transitions_Insights_from_Norway

32. Text - S.4140 - 118th Congress (2023-2024): GRIData Act of 2024 | Congress.gov, accessed October 25, 2025, https://www.congress.gov/bill/118th-congress/senate-bill/4140/text

33. H.R.1047 - 119th Congress (2025-2026): GRID Power Act, accessed October 25, 2025, https://www.congress.gov/bill/119th-congress/house-bill/1047

34. Roll Call 279 | Bill Number - Office of the Clerk, U.S. House of Representatives - Vote Details, accessed October 25, 2025, https://clerk.house.gov/Votes/2025279

35. Balderson’s Bill to Lower Energy Costs and Improve Grid Reliability Passes House, accessed October 25, 2025, https://balderson.house.gov/news/documentsingle.aspx?DocumentID=2887

36. House passes GOP transmission, fossil fuel bills - POLITICO Pro, accessed October 25, 2025, https://subscriber.politicopro.com/article/eenews/2025/09/19/house-passes-gop-transmission-fossil-fuel-bills-00571729

37. Utilities Face a Workforce Readiness Gap Amid AI/ML Adoption Challenges - Itron, accessed October 25, 2025, https://na.itron.com/w/utilities-face-a-workforce-readiness-gap-amid-ai/ml-adoption-challenges

38. Emerging Power and Utilities Workforce Challenges and How to Overcome Them, accessed October 25, 2025, https://www.mossadams.com/articles/2024/09/power-and-utilities-workforce-challenges

39. Programs | Microgrid Systems Lab, accessed October 25, 2025, https://microgridsystemslab.com/partners/

40. Massachusetts Electric Company and Nantucket Electric Company d/b/a National Grid Grid Modernization Plan Book 1 of 1 August 19, - KY PSC, accessed October 25, 2025, https://psc.ky.gov/pscecf/2016-00371/rateintervention%40ky.gov/03312017030028/National_Grid_Intro-Overview.pdf

41. Cost and Benefits of Energy Efficiency Resources, accessed October 25, 2025, https://www.nwcouncil.org/2021powerplan_cost-and-benefits-energy-efficiency-resources/

42. Cost–Benefit Analysis of Distributed Energy Systems Considering the Monetization of Indirect Benefits - MDPI, accessed October 25, 2025, https://www.mdpi.com/2071-1050/16/2/820

43. The ROI of privacy: driving value, differentiation and digital trust - Truata, accessed October 25, 2025, https://www.truata.com/articles/roi-data-privacy-technologies/

44. Federated Learning for Decentralized Electricity Market Optimization: A Review and Research Agenda - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/395231756_Federated_Learning_for_Decentralized_Electricity_Market_Optimization_A_Review_and_Research_Agenda

45. A Brief Survey of Privacy Preserving Technologies, accessed October 25, 2025, https://www.statcan.gc.ca/en/data-science/network/privacy-preserving

46. Exploring advanced technologies to improve smart electric grids | Scilight - AIP Publishing, accessed October 25, 2025, https://pubs.aip.org/aip/sci/article/2025/43/431104/3368815/Exploring-advanced-technologies-to-improve-smart

47. Zero-Knowledge Proof (ZKP) - Privacy-Enhancing Cryptography | CSRC, accessed October 25, 2025, https://csrc.nist.gov/projects/pec/zkproof

48. Zero-Knowledge Proofs For Privacy-Preserving Systems: A Survey Across Blockchain, Identity, And Beyond - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/394445573_Zero-Knowledge_Proofs_For_Privacy-Preserving_Systems_A_Survey_Across_Blockchain_Identity_And_Beyond

49. Zero-Knowledge Proofs for LLM Security in 2025 | Bluebash - Medium, accessed October 25, 2025, https://medium.com/@bluebashco/how-zero-knowledge-proofs-are-transforming-llm-security-in-2025-67190c03f063

50. (PDF) POST-QUANTUM FEDERATED LEARNING: SECURE AND SCALABLE THREAT INTELLIGENCE FOR COLLABORATIVE CYBER DEFENSE - ResearchGate, accessed October 25, 2025, https://www.researchgate.net/publication/394509526_POST-QUANTUM_FEDERATED_LEARNING_SECURE_AND_SCALABLE_THREAT_INTELLIGENCE_FOR_COLLABORATIVE_CYBER_DEFENSE

51. Quantum Computing: A Threat to Cryptography - ijrpr, accessed October 25, 2025, https://ijrpr.com/uploads/V5ISSUE12/IJRPR36596.pdf

52. Efficient Post-Quantum Cross-Silo Federated Learning Based on Key Homomorphic Pseudo-Random Function - MDPI, accessed October 25, 2025, https://www.mdpi.com/2227-7390/13/9/1404

53. www.researchgate.net, accessed October 25, 2025, https://www.researchgate.net/publication/394509526_POST-QUANTUM_FEDERATED_LEARNING_SECURE_AND_SCALABLE_THREAT_INTELLIGENCE_FOR_COLLABORATIVE_CYBER_DEFENSE#:~:text=Collaborative%20threat%20intelligence%20via%20federated,protect%20cross%2Dorganizational%20data%20sharing.

54. Federated Learning Faces Quantum Security Threats, accessed October 25, 2025, https://quantumzeitgeist.com/federated-learning-faces-quantum-security-threats/