pith. sign in

arxiv: 2412.20495 · v2 · submitted 2024-12-29 · 💻 cs.CR · cs.AI· cs.LG· stat.ML

A Multiparty Homomorphic Encryption Approach to Confidential Federated Kaplan Meier Survival Analysis

Narasimha Raghavan Veeraragavan , Svetlana Boudko , Jan Franz Nyg{\aa}rd This is my paper

Pith reviewed 2026-05-23 06:15 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.LGstat.ML
keywords federated learninghomomorphic encryptionKaplan-Meier estimatorsurvival analysisprivacy-preserving computationthreshold decryptionhealth data aggregation
0
0 comments X

The pith

Threshold CKKS encryption lets sites compute shared Kaplan-Meier curves without exposing per-site data or allowing reconstruction by subtraction.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a federated version of the Kaplan-Meier estimator that keeps raw patient records at each institution while still producing the same survival curve a central pool would yield. Sites align on a common time grid, encrypt their at-risk and event counts under threshold CKKS, and send only the ciphertexts to a coordinator. A decryption committee then fuses partial shares so that only the summed counts become public. On 60,000 synthetic records spread across 500 sites the resulting curves match the centralized reference to machine precision. The design blocks the simple subtraction attacks that any plaintext federated protocol permits.

Core claim

We present a privacy-preserving federated Kaplan--Meier framework based on threshold CKKS homomorphic encryption that supports approximate floating-point computation and encrypted aggregation of per-time-point counts while exposing only public outputs. Sites compute aligned at-risk and event tallies on a shared time grid and encrypt compact vectors; a coordinator aggregates ciphertexts; and a decryptor committee produces partial shares fused per block to recover aggregated plaintexts without releasing per-time-point tables.

What carries the argument

Threshold CKKS homomorphic encryption applied to encrypted aggregation of per-time-point at-risk and event vectors, with a multiparty decryption committee that releases only the final sums.

If this is right

  • Correctness, stability, and slot-optimal vector packing are proved for the encrypted aggregation step.
  • Communication cost grows linearly with the number of sites and predictably with the number of time points.
  • Encrypted federated curves match the pooled oracle to numerical precision on the reported synthetic data.
  • The threshold-gated design prevents trivial reconstruction attacks that plaintext federated protocols allow.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same per-time-point count structure could support privacy-preserving versions of other discrete-time survival estimators if they can be expressed as tallies on a shared grid.
  • Deployment would require an operational multiparty decryption infrastructure whose trust assumptions match the paper's threat model.
  • Linear scaling in sites suggests the approach remains practical when the number of institutions grows but the time grid stays moderate.
  • The technique links classical epidemiological survival methods to existing federated-learning toolkits that already use threshold homomorphic encryption.

Load-bearing premise

All sites agree in advance on the same time grid and the decryption committee never colludes to leak individual site contributions.

What would settle it

Execute the protocol on the N=60,000 synthetic breast-cancer dataset split across 500 sites and verify whether the decrypted aggregated survival probabilities differ from the pooled oracle by more than floating-point rounding error, or whether an adversary can recover any site's per-time-point counts when the threshold is not met.

read the original abstract

The proliferation of real-world health data enables multi-institutional survival studies, yet privacy constraints preclude centralizing sensitive records. We present a privacy-preserving federated Kaplan--Meier framework based on threshold CKKS (Cheon-Kim-Kim-Song) homomorphic encryption that supports approximate floating-point computation and encrypted aggregation of per-time-point counts while exposing only public outputs. Sites compute aligned at-risk and event tallies on a shared time grid and encrypt compact vectors; a coordinator aggregates ciphertexts; and a decryptor committee produces partial shares fused per block to recover aggregated plaintexts without releasing per-time-point tables. We prove correctness, stability, and slot-optimal vector packing, and derive scaling laws showing that communication grows linearly with the number of sites and predictably with the number of time points. Empirically, using synthetic breast-cancer data (N=60,000) distributed across 500 sites, encrypted federated curves match the pooled oracle to numerical precision. In contrast, plaintext protocols permit trivial reconstruction by subtraction; our threshold-gated design precludes this attack under the stated threat model, enabling high-fidelity survival estimation with predictable overhead and substantially reduced privacy risk.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 0 minor

Summary. The manuscript proposes a privacy-preserving federated Kaplan-Meier survival analysis framework based on threshold CKKS homomorphic encryption. Sites compute aligned at-risk and event counts on a shared time grid, encrypt compact vectors, and a coordinator aggregates ciphertexts; a decryptor committee produces fused partial shares to recover only aggregated plaintexts. The work asserts proofs of correctness, stability, and slot-optimal vector packing, derives linear communication scaling laws, and reports that encrypted federated curves match a pooled oracle to numerical precision on synthetic breast-cancer data (N=60,000 across 500 sites), while claiming the threshold design precludes reconstruction attacks possible in plaintext protocols under the stated threat model.

Significance. If the technical claims, proofs, and security analysis hold, the approach could enable high-fidelity multi-institutional survival studies without centralizing sensitive records, addressing a practical barrier in health data research. The emphasis on approximate floating-point support via CKKS, predictable overhead, and empirical scale are potentially valuable if the multiparty trust assumptions and numerical stability are rigorously established.

major comments (3)
  1. [Abstract] Abstract: The security claim that the 'threshold-gated design precludes this attack' (reconstruction by subtraction) rests on an unspecified threat model and the assumption that the decryptor committee will not collude to reveal per-site contributions. No t-out-of-n parameters, formal reduction, or partial-collusion analysis are supplied, which is load-bearing for the central privacy guarantee.
  2. [Abstract] Abstract: Proofs of correctness, stability, and slot-optimal vector packing are asserted along with scaling laws, but the available text contains no equations, derivations, or proof outlines. Without these, potential gaps in time-grid alignment handling or numerical stability under CKKS approximation cannot be checked and are central to the claimed high-fidelity match.
  3. [Abstract] Abstract: The empirical result that curves 'match the pooled oracle to numerical precision' on N=60,000 data across 500 sites is presented without reported error metrics, time-grid details, or verification artifacts. This evidence is load-bearing for the claim of practical utility but cannot be assessed from the provided text.

Simulated Author's Rebuttal

3 responses · 3 unresolved

We thank the referee for the constructive comments on our abstract. We provide point-by-point responses below. However, since only the abstract is available and the full manuscript text is not provided, we cannot supply the specific equations, parameters, or metrics requested.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The security claim that the 'threshold-gated design precludes this attack' (reconstruction by subtraction) rests on an unspecified threat model and the assumption that the decryptor committee will not collude to reveal per-site contributions. No t-out-of-n parameters, formal reduction, or partial-collusion analysis are supplied, which is load-bearing for the central privacy guarantee.

    Authors: The abstract refers to the 'stated threat model' in the full manuscript. The details of the threat model, including t-out-of-n parameters for the decryptor committee and analysis of collusion, are elaborated in the body of the paper. As only the abstract is available here, we are unable to provide those specifics. revision: no

  2. Referee: [Abstract] Abstract: Proofs of correctness, stability, and slot-optimal vector packing are asserted along with scaling laws, but the available text contains no equations, derivations, or proof outlines. Without these, potential gaps in time-grid alignment handling or numerical stability under CKKS approximation cannot be checked and are central to the claimed high-fidelity match.

    Authors: The proofs and derivations are included in the full manuscript, as is standard when an abstract asserts results. The abstract itself does not contain equations. Without access to the full text, we cannot reproduce the specific derivations or address potential gaps here. revision: no

  3. Referee: [Abstract] Abstract: The empirical result that curves 'match the pooled oracle to numerical precision' on N=60,000 data across 500 sites is presented without reported error metrics, time-grid details, or verification artifacts. This evidence is load-bearing for the claim of practical utility but cannot be assessed from the provided text.

    Authors: The abstract summarizes the empirical result as matching to numerical precision. Detailed error metrics, time-grid information, and verification would be in the results section of the full paper. Since only the abstract is provided, these cannot be supplied in this response. revision: no

standing simulated objections not resolved
  • The specific t-out-of-n parameters, formal security reduction, and partial-collusion analysis from the threat model.
  • The equations, derivations, and proof outlines for correctness, stability, and vector packing.
  • The error metrics, time-grid details, and verification artifacts for the empirical evaluation on the synthetic data.

Circularity Check

0 steps flagged

No circularity: construction relies on standard CKKS primitives

full rationale

The abstract presents a protocol for federated Kaplan-Meier analysis using threshold CKKS homomorphic encryption, with claims of proving correctness, stability, slot-optimal packing, and deriving scaling laws for communication. No equations, fitted parameters, or self-citations appear in the provided text. The security statement is conditioned on an external threat model (non-collusion of decryptors) rather than reducing any prediction or result to a self-defined input or prior self-work by construction. The derivation chain is therefore self-contained against external cryptographic assumptions.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

Central claim rests on cryptographic security assumptions for threshold CKKS and the ability to perform private time-grid alignment; no free parameters or invented entities are introduced in the abstract.

axioms (2)
  • domain assumption Security properties of threshold CKKS homomorphic encryption hold under the stated threat model.
    Framework security against per-site reconstruction depends on this property.
  • domain assumption Sites can align time grids without leaking private information.
    Method requires shared time grid for aggregation while preserving privacy.

pith-pipeline@v0.9.0 · 5725 in / 1377 out tokens · 58080 ms · 2026-05-23T06:15:41.576053+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

33 extracted references · 33 canonical work pages

  1. [1]

    Nature Communications 12(1), 5910 (2021) https://doi.org/10.1038/ s41467-021-25972-y

    Froelicher, D., Troncoso-Pastoriza, J.R., Raisaro, J.L., Cuendet, M.A., Sousa, J.S., Cho, H., Berger, B., Fellay, J., Hubaux, J.-P.: Truly privacy-preserving federated analytics for precision medicine with multiparty homomorphic encryp- tion. Nature Communications 12(1), 5910 (2021) https://doi.org/10.1038/ s41467-021-25972-y

    work page 2021

  2. [2]

    Proceedings of the National Academy of Sciences 120(33), 2304415120 (2023)

    Geva, R., Gusev, A., Polyakov, Y., Liram, L., Rosolio, O., Alexandru, A., Genise, N., Blatt, M., Duchin, Z., Waissengrin, B., et al.: Collaborative privacy- preserving analysis of oncological data using multiparty homomorphic encryption. Proceedings of the National Academy of Sciences 120(33), 2304415120 (2023)

    work page 2023

  3. [3]

    Therneau, T., Atkinson, E., Crowson, C.: Lung Cancer Data in the Survival Package. (2024). Accessed: 2024-12-02. https://rdrr.io/cran/survival/man/lung. html

    work page 2024

  4. [4]

    north central cancer treatment group

    Loprinzi, C.L., Laurie, J.A., Wieand, H.S., Krook, J.E., Novotny, P.J., Kugler, J.W., Bartel, J., Law, M., Bateman, M., Klatt, N.E.: Prospective evaluation of prognostic variables from patient-completed questionnaires. north central cancer treatment group. Journal of Clinical Oncology 12(3), 601–607 (1994)

    work page 1994

  5. [5]

    https://iknl.nl/en/ncr

    (IKNL), N.C.C.O.: Netherlands Cancer Registry (NCR). https://iknl.nl/en/ncr. Accessed: 2024-12-12 (2024)

    work page 2024

  6. [6]

    In: 2022 IEEE 35th Inter- national Symposium on Computer-Based Medical Systems (CBMS), pp

    Masciocchi, C., Gottardelli, B., Savino, M., Boldrini, L., Martino, A., Mazzarella, C., Massaccesi, M., Valentini, V., Damiani, A.: Federated cox proportional haz- ards model with multicentric privacy-preserving lasso feature selection for survival 37 analysis from the perspective of personalized medicine. In: 2022 IEEE 35th Inter- national Symposium on C...

    work page doi:10.1109/cbms55023.2022.00012 2022

  7. [7]

    Future Generation Computer Systems 149, 343–358 (2023) https:// doi.org/10.1016/j.future.2023.07.036

    Archetti, A., Ieva, F., Matteucci, M.: Scaling survival analysis in healthcare with federated survival forests: A comparative study on heart failure and breast cancer genomics. Future Generation Computer Systems 149, 343–358 (2023) https:// doi.org/10.1016/j.future.2023.07.036

    work page doi:10.1016/j.future.2023.07.036 2023

  8. [8]

    https://arxiv.org/abs/ 2006.08997

    Andreux, M., Manoel, A., Menuet, R., Saillard, C., Simpson, C.: Federated Sur- vival Analysis with Discrete-Time Cox Models (2020). https://arxiv.org/abs/ 2006.08997

    work page arXiv 2020

  9. [9]

    Journal of Biomedical Informatics 137, 104264 (2023) https://doi.org/10.1016/j.jbi.2022.104264

    Imakura, A., Tsunoda, R., Kagawa, R., Yamagata, K., Sakurai, T.: Dc-cox: Data collaboration cox proportional hazards model for privacy-preserving survival anal- ysis on multiple parties. Journal of Biomedical Informatics 137, 104264 (2023) https://doi.org/10.1016/j.jbi.2022.104264

    work page doi:10.1016/j.jbi.2022.104264 2023

  10. [10]

    Cybersecurity 7(1), 40 (2024) https://doi.org/10.1186/ s42400-024-00232-w

    Pan, Y., Chao, Z., He, W., Jing, Y., Hongjia, L., Liming, W.: Fedshe: pri- vacy preserving and efficient federated learning with adaptive segmented ckks homomorphic encryption. Cybersecurity 7(1), 40 (2024) https://doi.org/10.1186/ s42400-024-00232-w

    work page 2024

  11. [11]

    In: 2021 Reconciling Data Analytics, Automation, Pri- vacy, and Security: A Big Data Challenge (RDAAPS), pp

    Madi, A., Stan, O., Mayoue, A., Grivet-S´ ebert, A., Gouy-Pailler, C., Sirdey, R.: A secure federated learning framework using homomorphic encryption and verifiable computing. In: 2021 Reconciling Data Analytics, Automation, Pri- vacy, and Security: A Big Data Challenge (RDAAPS), pp. 1–8 (2021). https: //doi.org/10.1109/RDAAPS48126.2021.9452005

    work page doi:10.1109/rdaaps48126.2021.9452005 2021

  12. [12]

    Future Internet 13(4) (2021) https://doi.org/ 10.3390/fi13040094

    Fang, H., Qian, Q.: Privacy preserving machine learning with homomorphic encryption and federated learning. Future Internet 13(4) (2021) https://doi.org/ 10.3390/fi13040094

    work page doi:10.3390/fi13040094 2021

  13. [13]

    ArXiv abs/2303.10837 (2023)

    Jin, W., Yao, Y., Han, S., Joe-Wong, C., Ravi, S., Avestimehr, A.S., He, C.: Fedml-he: An efficient homomorphic-encryption-based privacy-preserving federated learning system. ArXiv abs/2303.10837 (2023)

    work page arXiv 2023

  14. [14]

    Cryptology ePrint Archive, Paper 2020/563 (2020)

    Blatt, M., Gusev, A., Polyakov, Y., Goldwasser, S.: Secure large-scale genome- wide association studies using homomorphic encryption. Cryptology ePrint Archive, Paper 2020/563 (2020). https://doi.org/10.1073/pnas.1918257117 . https://eprint.iacr.org/2020/563

    work page doi:10.1073/pnas.1918257117 2020

  15. [15]

    Scien- tific Reports 13(1), 1661 (2023) https://doi.org/10.1038/s41598-023-28481-8

    Sarkar, E., Chielle, E., Gursoy, G., Chen, L., Gerstein, M., Maniatakos, M.: Privacy-preserving cancer type prediction with homomorphic encryption. Scien- tific Reports 13(1), 1661 (2023) https://doi.org/10.1038/s41598-023-28481-8

    work page doi:10.1038/s41598-023-28481-8 2023

  16. [16]

    Medical Image Analysis 92, 103059 (2024) https://doi.org/10.1016/j.media.2023.103059

    Truhn, D., Tayebi Arasteh, S., Saldanha, O.L., M¨ uller-Franzes, G., Khader, F., Quirke, P., West, N.P., Gray, R., Hutchins, G.G.A., James, J.A., Loughrey, M.B., Salto-Tellez, M., Brenner, H., Brobeil, A., Yuan, T., Chang-Claude, J., Hoffmeis- ter, M., Foersch, S., Han, T., Keil, S., Schulze-Hagen, M., Isfort, P., Bruners, P., Kaissis, G., Kuhl, C., Nebel...

    work page doi:10.1016/j.media.2023.103059 2024

  17. [17]

    Foundations of Secure Computation, Academia Press, 169–179 38 (1978)

    Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homo- morphisms. Foundations of Secure Computation, Academia Press, 169–179 38 (1978)

    work page 1978

  18. [18]

    In: Proceed- ings of the Forty-First Annual ACM Symposium on Theory of Computing

    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceed- ings of the Forty-First Annual ACM Symposium on Theory of Computing. STOC ’09, pp. 169–178. Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1536414.1536440 . https://doi.org/10. 1145/1536414.1536440

    work page doi:10.1145/1536414.1536440 2009

  19. [19]

    In: Proceedings of the 3rd Innovations in The- oretical Computer Science Conference

    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in The- oretical Computer Science Conference. ITCS ’12, pp. 309–325. Association for Computing Machinery, New York, NY, USA (2012). https://doi.org/10.1145/ 2090236.2090262 . https://doi.org/10.1145/2090236.2090262

    work page doi:10.1145/2090236.2090262 2012

  20. [20]

    In: Safavi-Naini, R., Canetti, R

    Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical gapsvp. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology – CRYPTO 2012, pp. 868–886. Springer, Berlin, Heidelberg (2012)

    work page 2012

  21. [21]

    In: Cheon, J.H., Takagi, T

    Chillotti, I., Gama, N., Georgieva, M., Izabach` ene, M.: Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In: Cheon, J.H., Takagi, T. (eds.) Advances in Cryptology – ASIACRYPT 2016, pp. 3–33. Springer, Berlin, Heidelberg (2016)

    work page 2016

  22. [22]

    In: Canetti, R., Garay, J.A

    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) Advances in Cryptology – CRYPTO 2013, pp. 75–92. Springer, Berlin, Heidelberg (2013)

    work page 2013

  23. [23]

    In: Pointcheval, D., Johansson, T

    Asharov, G., Jain, A., L´ opez-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and inter- action via threshold fhe. In: Pointcheval, D., Johansson, T. (eds.) Advances in Cryptology – EUROCRYPT 2012, pp. 483–501. Springer, Berlin, Heidelberg (2012)

    work page 2012

  24. [24]

    In: Shacham, H., Boldyreva, A

    Boneh, D., Gennaro, R., Goldfeder, S., Jain, A., Kim, S., Rasmussen, P.M.R., Sahai, A.: Threshold cryptosystems from threshold fully homomorphic encryp- tion. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology – CRYPTO 2018, pp. 565–596. Springer, Cham (2018)

    work page 2018

  25. [26]

    (eds.) Differential Privacy, pp

    Schoenmakers, B.: In: Tilborg, H.C.A., Jajodia, S. (eds.) Threshold Homomorphic Cryptosystems, pp. 1293–1294. Springer, Boston, MA (2011). https://doi.org/10. 1007/978-1-4419-5906-5 13 . https://doi.org/10.1007/978-1-4419-5906-5 13

    work page doi:10.1007/978-1-4419-5906-5 2011

  26. [27]

    In: Micciancio, D

    Bendlin, R., Damg˚ ard, I.: Threshold decryption and zero-knowledge proofs for lattice-based cryptosystems. In: Micciancio, D. (ed.) Theory of Cryptography, pp. 201–218. Springer, Berlin, Heidelberg (2010)

    work page 2010

  27. [28]

    Cryptology ePrint Archive, Paper 2022/915

    Badawi, A.A., Alexandru, A., Bates, J., Bergamaschi, F., Cousins, D.B., Erabelli, S., Genise, N., Halevi, S., Hunt, H., Kim, A., Lee, Y., Liu, Z., Micciancio, D., Pascoe, C., Polyakov, Y., Quah, I., R.V., S., Rohloff, K., Saylor, J., Suponitsky, D., Triplett, M., Vaikuntanathan, V., Zucca, V.: OpenFHE: Open-Source Fully Homomorphic Encryption Library. Cry...

    work page 2022

  28. [29]

    Online: https://github.com/tuneinsight/lattigo

    Lattigo v5. Online: https://github.com/tuneinsight/lattigo. accessed: 2024-10-01 (2023)

    work page 2024

  29. [30]

    Cryptology ePrint Archive, Paper 2012/144

    Fan, J., Vercauteren, F.: Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Paper 2012/144. accessed: 2024-10-01 (2012). https: //eprint.iacr.org/2012/144

    work page 2012

  30. [31]

    In: Oswald, E., Fischlin, M

    Ducas, L., Micciancio, D.: Fhew: Bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology – EUROCRYPT 2015, pp. 617–640. Springer, Berlin, Heidelberg (2015)

    work page 2015

  31. [32]

    In: Takagi, T., Peyrin, T

    Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology – ASIACRYPT 2017, pp. 409–437. Springer, Cham (2017)

    work page 2017

  32. [33]

    arXiv e-prints, 2412 (2024)

    Raghavan Veeraragavan, N., Praneeth Karimireddy, S., Nyg˚ ard, J.F.: A differ- entially private kaplan-meier estimator for privacy-preserving survival analysis. arXiv e-prints, 2412 (2024)

    work page 2024

  33. [34]

    In: Proceedings of the 23rd Workshop on Privacy in the Electronic Society, pp

    Rahimian, S., Kerkouche, R., Kurth, I., Fritz, M.: Private and collaborative kaplan-meier estimators. In: Proceedings of the 23rd Workshop on Privacy in the Electronic Society, pp. 212–241 (2024) 40

    work page 2024