A Multiparty Homomorphic Encryption Approach to Confidential Federated Kaplan Meier Survival Analysis

Abstract

The proliferation of real-world health data enables multi-institutional survival studies, yet privacy constraints preclude centralizing sensitive records. We present a privacy-preserving federated Kaplan--Meier framework based on threshold CKKS (Cheon-Kim-Kim-Song) homomorphic encryption that supports approximate floating-point computation and encrypted aggregation of per-time-point counts while exposing only public outputs. Sites compute aligned at-risk and event tallies on a shared time grid and encrypt compact vectors; a coordinator aggregates ciphertexts; and a decryptor committee produces partial shares fused per block to recover aggregated plaintexts without releasing per-time-point tables. We prove correctness, stability, and slot-optimal vector packing, and derive scaling laws showing that communication grows linearly with the number of sites and predictably with the number of time points. Empirically, using synthetic breast-cancer data (N=60,000) distributed across 500 sites, encrypted federated curves match the pooled oracle to numerical precision. In contrast, plaintext protocols permit trivial reconstruction by subtraction; our threshold-gated design precludes this attack under the stated threat model, enabling high-fidelity survival estimation with predictable overhead and substantially reduced privacy risk.