A Privacy-Preserving Protocol for the Kidney Exchange Problem

TL;DR

This paper introduces a distributed privacy-preserving protocol for kidney exchange that enables secure computation of exchange cycles without compromising donors' and patients' sensitive medical data.

Contribution

It presents the first distributed protocol ensuring privacy in kidney exchange algorithms, combining correctness, security, and practical efficiency.

Findings

Protocol guarantees privacy of medical data.

Ensures correct computation of exchange cycles.

Demonstrates practical performance in evaluations.

Abstract

Kidney donations from living donors form an attractive alternative to long waiting times on a list for a post-mortem donation. However, even if a living donor for a given patient is found, the donor's kidney might not meet the patient's medical requirements. If several patients are in this position, they may be able to exchange donors in a cyclic fashion. Current algorithmic approaches for determining such exchange cycles neglect the privacy requirements of donors and patients as they require their medical data to be centrally collected and evaluated. In this paper, we present the first distributed privacy-preserving protocol for kidney exchange that ensures the correct computing of the exchange cycles while at the same time protecting the privacy of the patients' sensitive medical data. We prove correctness and security of the new protocol and evaluate its practical performance.