xTrial: Federated Learning on Health Data
Privacy-preserving federated learning that computes gradient aggregation on XorIDA shares via xCompute. Hospitals train shared models without exposing patient data.
The Problem
Federated learning promises collaborative model training without data sharing, but gradient updates can leak patient information through model inversion and membership inference attacks.
Research has demonstrated that gradient updates contain enough information to reconstruct individual training samples. In healthcare, this means patient records, diagnoses, and genomic data can be inferred from gradients alone.
Differential privacy adds noise that degrades model quality. Secure aggregation protocols add latency that makes large-scale federated training impractical across hospital networks with varying connectivity.
The Old Way
The PRIVATE.ME Solution
xTrial aggregates gradients on XorIDA shares via xCompute. No aggregation server sees raw gradients. The aggregation is information-theoretically secure — not noise-based, not computationally bounded.
Each hospital splits its gradient update into XorIDA shares distributed to independent aggregation nodes. Gradient summation runs on shares via xCompute’s XOR-gate-free addition. The aggregated gradient is reconstructed only after summation.
No noise is added — model quality is preserved. xLink M2M authenticates each hospital. HMAC-chained logs provide HIPAA-compliant training audit trails.
The New Way
How It Works
xTrial combines xCompute gradient aggregation with xLink hospital authentication and HMAC-chained training audit trails.
Use Cases
Train diagnostic AI across hospital networks without sharing patient data.
HIPAACollaborative genomic model training across research institutions.
GenomicsFederated drug interaction modeling without sharing proprietary compound data.
PharmaFederated learning compliant with both HIPAA and GDPR simultaneously.
ComplianceIntegration
import { FedTrain } from '@private.me/xtrial'; const session = await FedTrain.create({ hospitals: [hospitalA, hospitalB, hospitalC], modelConfig: modelDef, threshold: { k: 2, n: 3 } }); const model = await session.trainRound(localGradients);
Viral Onboarding: < 2 Minute M2M Setup
Traditional M2M integration: 42-67 minutes per connection (API key generation, secure storage, rotation setup, monitoring)
With Xlink: < 2 minutes, zero configuration
Speedup: 21-33× faster
One-Line Connection (SDK)
import { connect } from '@private.me/agent-sdk'; // Zero-config discovery const trialSite = await connect('clinical-trial-site'); // Use immediately for trial data submission const result = await trialSite.send({ type: 'submit', data: { nctId: 'NCT04567890', siteId: 'SITE-42', patientData: gradients } });
Network effects: When your CRO or research site already uses Xlink, connection is instant. When they don't, you send an invite (< 10 sec), they accept (< 60 sec), and all future connections are instant.
CLI Alternative
# Initialize once xlink init # Connect to trial coordinator xlink connect trial-coordinator # Invite a research site to join xlink invite research-site-university
Zero-Downtime Migration
import { DualModeAdapter } from '@private.me/agent-sdk'; // Both Xlink AND your existing API key work const adapter = new DualModeAdapter({ xlink: trialAgent, fallback: { apiKey: process.env.FDA_TRIAL_API_KEY } }); const result = await adapter.call('submitGradients', { nctId: 'NCT04567890', siteId: 'SITE-42', gradients: localGradients }); // Track adoption progress console.log(adapter.getMetrics()); // { xlinkPercentage: 73, xlinkCalls: 146, fallbackCalls: 54 }
As your trial sites and CROs adopt Xlink, your xlinkPercentage automatically increases. No code changes required.
Why Clinical Trials Need Viral M2M
- FDA compliance critical: 21 CFR Part 11 requires verifiable data integrity and audit trails. API key setup delays violate GCP submission deadlines.
- Multi-party coordination: Clinical trials involve sponsors, CROs, research sites, IRBs, data monitoring committees, and FDA. Manual key exchange across 8+ parties is untenable.
- Patient enrollment pressure: Trial sites compete for enrollment. Delays in data submission infrastructure cost weeks of patient recruitment.
- Network effects: Each sponsor's adoption reduces friction for their entire CRO network—sites connect instantly to multiple trials.
Each sponsor connects to ~3 CROs → exponential growth. Growth projection: Month 1 (100 sponsors) → Month 12 (74,185 sponsors) with VC = 1.2
Security Properties
| Property | Mechanism | Guarantee |
|---|---|---|
| Gradients | XorIDA split | ✓ Never shared raw |
| Aggregation | xCompute on shares | ✓ Information-theoretic |
| Model quality | No noise added | ✓ Full fidelity preserved |
| Audit | HMAC-chained log | ✓ HIPAA-compliant trail |
Verifiable Data Protection
Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.
Read the xProve white paper →
Ready to deploy xTrial?
Talk to Ren, our AI sales engineer, or book a live demo with our team.
Deployment Options
SaaS Recommended
Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.
- Zero infrastructure setup
- Automatic updates
- 99.9% uptime SLA
- Enterprise SLA available
SDK Integration
Embed directly in your application. Runs in your codebase with full programmatic control.
npm install @private.me/xtrial- TypeScript/JavaScript SDK
- Full source access
- Enterprise support available
On-Premise Upon Request
Enterprise CLI for compliance, air-gap, or data residency requirements.
- Complete data sovereignty
- Air-gap capable deployment
- Custom SLA + dedicated support
- Professional services included
Enterprise On-Premise Deployment
While xTrial is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:
- Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
- Air-gapped environments — SCIF, classified networks, offline operations
- Data residency requirements — EU GDPR, China data laws, government mandates
- Custom integration needs — Embed in proprietary platforms, specialized workflows
Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.
Ship Proofs, Not Source
xTrial generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.
- Tier 1 HMAC (~0.7KB)
- Tier 2 Commit-Reveal (~0.5KB)
- Tier 3 IT-MAC (~0.3KB)
- Tier 4 KKW ZK (~0.4KB)