Prioritization and exchange chains in privacy-preserving kidney exchange

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Computer Security Pub Date : 2024-02-05 DOI:10.3233/jcs-230012

Malte Breuer, Pascal Hein, Leonardo Pompe, Urike Meyer, Susanne Wetzel

{"title":"Prioritization and exchange chains in privacy-preserving kidney exchange","authors":"Malte Breuer, Pascal Hein, Leonardo Pompe, Urike Meyer, Susanne Wetzel","doi":"10.3233/jcs-230012","DOIUrl":null,"url":null,"abstract":"The Kidney Exchange Problem (KEP) aims at finding an optimal set of exchanges among pairs of patients and their medically incompatible living kidney donors as well as altruistic donors who are not associated with any particular patient but want to donate a kidney to any person in need. Existing platforms that offer the finding of such exchanges for patient-donor pairs and altruistic donors are organized in a centralized fashion and operated by a single platform operator. This makes them susceptible to manipulation and corruption. Recent research has targeted these security issues by proposing decentralized Secure Multi-Party Computation (SMPC) protocols for solving the KEP. However, these protocols fail to meet two important requirements for kidney exchange in practice. First, they do not allow for altruistic donors. While such donors are not legally allowed in all countries, they have been shown to have a positive effect on the number of transplants that can be found. Second, the existing SMPC protocols do not support prioritization, which is used in existing platforms to give priority to certain exchanges or patient-donor pairs, e.g., to patients who are hard to match due to their medical characteristics. In this paper, we introduce a generic gate for implementing prioritization in kidney exchange. We extend two existing SMPC protocols for solving the KEP such that they allow for altruistic donors and prioritization and present one novel SMPC protocol for solving the KEP with altruistic donors and prioritization based on dynamic programming. We prove the security of all protocols and analyze their complexity. We implement all protocols and evaluate their performance for the setting where altruistic donors are legally allowed and for the setting where they are not. Thereby, we determine the performance impact of the inclusion of altruistic donors and obtain those approaches that perform best for each setting.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2024-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jcs-230012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Kidney Exchange Problem (KEP) aims at finding an optimal set of exchanges among pairs of patients and their medically incompatible living kidney donors as well as altruistic donors who are not associated with any particular patient but want to donate a kidney to any person in need. Existing platforms that offer the finding of such exchanges for patient-donor pairs and altruistic donors are organized in a centralized fashion and operated by a single platform operator. This makes them susceptible to manipulation and corruption. Recent research has targeted these security issues by proposing decentralized Secure Multi-Party Computation (SMPC) protocols for solving the KEP. However, these protocols fail to meet two important requirements for kidney exchange in practice. First, they do not allow for altruistic donors. While such donors are not legally allowed in all countries, they have been shown to have a positive effect on the number of transplants that can be found. Second, the existing SMPC protocols do not support prioritization, which is used in existing platforms to give priority to certain exchanges or patient-donor pairs, e.g., to patients who are hard to match due to their medical characteristics. In this paper, we introduce a generic gate for implementing prioritization in kidney exchange. We extend two existing SMPC protocols for solving the KEP such that they allow for altruistic donors and prioritization and present one novel SMPC protocol for solving the KEP with altruistic donors and prioritization based on dynamic programming. We prove the security of all protocols and analyze their complexity. We implement all protocols and evaluate their performance for the setting where altruistic donors are legally allowed and for the setting where they are not. Thereby, we determine the performance impact of the inclusion of altruistic donors and obtain those approaches that perform best for each setting.

查看原文本刊更多论文

保护隐私的肾脏交换中的优先级和交换链

肾脏交换问题（Kepney Exchange Problem，KEP）的目的是在成对的患者及其医学上不相容的活体肾脏捐献者以及与任何特定患者无关但希望向任何有需要的人捐献肾脏的利他主义捐献者之间找到一组最佳交换方案。为患者-捐献者配对和利他主义捐献者提供此类交换的现有平台是集中式组织的，由单一平台运营商运营。这使它们容易受到操纵和腐败的影响。最近的研究针对这些安全问题，提出了解决 KEP 的分散式安全多方计算（SMPC）协议。然而，这些协议在实践中无法满足肾交换的两个重要要求。首先，它们不允许利他主义捐赠者。虽然并非所有国家的法律都允许利他主义捐赠者，但事实证明，利他主义捐赠者会对能够找到的移植数量产生积极影响。其次，现有的 SMPC 协议不支持优先级排序，而现有平台使用优先级排序来优先处理某些交换或患者-捐献者配对，例如，因其医疗特征而难以匹配的患者。在本文中，我们介绍了在肾脏交换中实现优先级的通用门。我们扩展了两个现有的解决 KEP 的 SMPC 协议，使其允许利他捐赠者和优先级，并提出了一个新颖的 SMPC 协议，用于解决具有利他捐赠者和优先级的基于动态编程的 KEP。我们证明了所有协议的安全性，并分析了它们的复杂性。我们实现了所有协议，并评估了它们在法律允许利他捐赠者和不允许利他捐赠者情况下的性能。因此，我们确定了纳入利他捐赠者对性能的影响，并获得了在各种情况下性能最佳的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.