Efficient Privacy-Preserving Approximation of the Kidney Exchange Problem

TL;DR

This paper tackles privacy-preserving kidney exchange by introducing a data-oblivious SMPC protocol, π_kep-ap, that computes a 1/3-approximation of the KEP for cycles up to size $3$ while preserving security against semi-honest or malicious adversaries in honest or dishonest majorities. It implements a Greedy-based approach that considers all 2- and 3-node subsets in a secure fashion, with a maximum-weight subset gate guiding selections and a four-phase protocol (Construction, Evaluation, Approximation, Resolution). The authors provide a rigorous security and complexity analysis, and demonstrate through UNOS data and dynamic simulations that π_kep-ap achieves substantial runtime speedups over prior exact privacy-preserving methods while maintaining comparable transplant counts in practice. The results indicate meaningful practical impact, enabling privacy-conscious kidney-exchange deployments in settings where centralized data sharing is unacceptable, and suggest avenues for future improvements such as function secret sharing and handling altruistic donors.

Abstract

The kidney exchange problem (KEP) seeks to find possible exchanges among pairs of patients and their incompatible kidney donors while meeting specific optimization criteria such as maximizing the overall number of possible transplants. Recently, several privacy-preserving protocols for solving the KEP have been proposed. However, the protocols known to date lack scalability in practice since the KEP is an NP-complete problem. We address this issue by proposing a novel privacy-preserving protocol which computes an approximate solution for the KEP that scales well for the large numbers of patient-donor pairs encountered in practice. As opposed to prior work on privacy-preserving kidney exchange, our protocol is generic w.r.t.\ the security model that can be employed. Compared to the most efficient privacy-preserving protocols for kidney exchange existing to date, our protocol is entirely data oblivious and it exhibits a far superior run time performance. As a second contribution, we use a real-world data set to simulate the application of our protocol as part of a kidney exchange platform, where patient-donor pairs register and de-register over time, and thereby determine its approximation quality in a real-world setting.

Figures (13)

• Figure 1: Common setup of a privacy-preserving kidney exchange platform where the hospitals secretly share the data of their patient-donor pairs (p.-d. pairs) among the computing peers who use SMPC to determine the exchange partners.
• Figure 2: Run time for our protocol $\pi_{\small{\textsc{kep-ap}}}$ and the protocol $\pi_{\small{\textsc{kep-ip}}}$Breuer_KepIp_2022Breuer_KepIpExtended_2022 that computes an exact solution for the KEP.
• Figure 3: Run time for our protocol $\pi_{\small{\textsc{kep-ap}}}$ with semi2k and the results from Birka_PPKidneyExchange_2022 which uses the ABY framework Demmler_ABY_2015. The latency in the LAN setting from Birka_PPKidneyExchange_2022 is 1.3ms.
• Figure 4: Quality of the solution obtained by our protocol $\pi_{\small{\textsc{kep-ap}}}$ compared to an optimal solution for the KEP.
• Figure 5: Arithmetic mean of the approximation quality for our protocol $\pi_{\small{\textsc{kep-ap}}}$ compared to the protocol from Birka_PPKidneyExchange_2022.

Theorems & Definitions (5)

• Definition 1: Compatibility graph
• Definition 2: Exchange cycle
• Definition 3: Kidney Exchange Problem (KEP)
• theorem 1
• proof