Efficient Privacy-Preserving Approximation of the Kidney Exchange Problem

The kidney exchange problem (KEP) seeks to find possible exchanges among pairs of patients and their incompatible kidney donors while meeting specific optimization criteria such as maximizing the overall number of possible transplants. In practice, patient-donor pairs register with so-called kidney exchange platforms which determine exchange cycles in a centralized fashion. Such a centralized approach raises numerous security concerns. Thus, several privacy-preserving protocols for solving the KEP have been proposed recently. However, the protocols known to date lack scalability in practice since the KEP is an NP-complete problem. We address this issue by proposing a novel privacy-preserving protocol which computes an approximate solution to the KEP that scales well for the large numbers of patient-donor pairs encountered in practice. In contrast to the only other existing protocol that computes an approximate solution to the KEP, our protocol is entirely data oblivious and it exhibits a far superior run time performance without suffering a loss in the quality of the approximation. As a second contribution, we simulate the application of our novel protocol as part of a kidney exchange platform, where patient-donor pairs register and de-register over time and exchanges are determined on a regular basis. In this dynamic setting, the application of our novel privacy-preserving approximation protocol yields a larger number of transplants over time than using the best known privacy-preserving protocol for solving the KEP. Our simulation further shows that the difference between the number of transplants found when using our novel protocol in this dynamic setting compared to the non-privacy-preserving state-of-the-art approach is negligible in practice.