Abstract
Contact tracing is among the most important interventions to mitigate the spread of any pandemic, usually in the form of manual contact tracing. Smartphone-facilitated digital contact tracing may help to increase tracing capabilities and extend the coverage to those contacts one does not know in person. Most implemented protocols use local Bluetooth Low Energy (BLE) communication to detect contagion-relevant proximity, together with cryptographic protections, as necessary to improve the privacy of the users of such a system. However, current decentralized protocols, including DP3T [T+20], do not sufficiently protect infected users from having their status revealed to their contacts, which raises fear of stigmatization.
We alleviate this by proposing a new and practical solution with stronger privacy guarantees against active adversaries. It is based on the upload-what-you-observed paradigm, includes a separation of duties on the server side, and a mechanism to ensure that users cannot deduce which encounter caused a warning with high time resolution. Finally, we present a simulation-based security notion of digital contact tracing in the real–ideal setting, and prove the security of our protocol in this framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See https://coronadetective.eu for a service that detects the contacts that caused a warning for DP3T-based approaches.
- 2.
This captures a relaxed notion of “proximity”, as high-gain antennas could be used to register a contact, although not physically being in proximity.
- 3.
Internally, the author(s) humorously prefer to read the name of \(\mathcal {F}_{\text {mat}}\) as “the matrix”.
- 4.
We give a simple example of how this might be done. Note however, our protocol uses a different method, see Sect. 3.2. For this example, let \(\mathsf {H}\) be a hash function, such that \(\mathsf {H}(k \Vert x)\) is a pseudorandom function (PRF) with key \(k \in \{0,1\}^n\) evaluated on input x. For every time period t, the device generates a random key
, and computes \(\mathsf {sid}_t := \mathsf {H}(k_t \Vert 0)\) and \(\mathsf {pid}_t := \mathsf {H}(k_t \Vert 1)\), stores them, and anonymously uploads \(k_t\) to the central server, who recomputes \(\mathsf {sid}_t, \mathsf {pid}_t\) in the same way. Both parties store \((\mathsf {sid}_t, \mathsf {pid}_t)\). - 5.
To make sure servers do not collude, they should be run by different organizations whose independence is guaranteed by law, e.g. supervisory agencies on privacy (ideally multiple different ones per nation-state) and non-governmental organisations that are widely trusted by the general public.
- 6.
One might use remotely verifiable electronic ID cards instead.
- 7.
If a user A has been in contact with an infected user B, and if B takes up to three weeks to show symptoms and have a positive test result, the data retention on the matching server is sufficient to deliver a warning to A.
- 8.
In practice, parties can make their uploads a few days ahead of time without incurring additional risk.
- 9.
While it would be perfectly possible for an environment to use as a contact graph a fresh, and independently sampled random graph on \(\mathcal {P}\) for each short-term epoch, the costs of implementing this in real time for 15 min epochs would be quite challenging.
, and computes References
Avitabile, G., Botta, V., Iovino, V., Visconti, I.: Towards defeating mass surveillance and SARS-CoV-2: the Pronto-C2 fully decentralized automatic contact tracing system. Cryptology ePrint Archive, Report 2020/493 (2020)
Apple and Google: Privacy-Preserving Contact Tracing (2020). http://www.apple.com/covid19/contacttracing
Achenbach, D., et al.: Your money or your life—modeling and analyzing the security of electronic payment in the UC framework. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 243–261. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_16
Altuwaiyan, T., Hadian, M., Liang, X.: EPIC: efficient privacy- preserving contact tracing for infection detection. In: ICC 2018, pp. 1–6 IEEE (2018). https://doi.org/10.1109/ICC.2018.8422886
Beaver, D.: How to break a “Secure’’ oblivious transfer protocol. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 285–296. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_24
Bell, J., Butler, D., Hicks, C., Crowcroft, J.: TraceSecure: towards privacy preserving contact tracing. In: ArXiv e-prints (2020). id: 2004.04059 [cs.CR]
Berke, A., Bakker, M., Vepakomma, P., Raskar, R., Larson, K., Pentland, A.: Assessing disease exposure risk with location data: a proposal for cryptographic preservation of privacy. In: ArXiv e-prints (2020). id: 2003.14412 [cs.CR]
Beskorovajnov, W., Dörre, F., Hartung, G., Koch, A., Müller-Quade, J., Strufe, T.: ConTra corona: contact tracing against the coronavirus by bridging the centralized-decentralized divide for stronger privacy (2020). Cryptology ePrint Archive, Report 2020/505
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2021). https://bench.cr.yp.to/results-sign.html
Brack, S., Reichert, L., Scheuermann, B.: CAUDHT: decentralized contact tracing using a DHT and blind signatures. In: Tan, H., Khoukhi, L., Oteafy, S. (eds.) 2020. https://doi.org/10.1109/LCN48667.2020.9314850
Chan, J., et al.: PACT: privacy sensitive protocols and mechanisms for mobile contact tracing. ArXiv e-prints (2020). id: 2004.03544 [cs.CR]
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145. IEEE Computer Society (2001). https://doi.org/10.1109/SFCS.2001.959888
Castelluccia, C., et al.: DESIRE: a third way for a european exposure notification system (2020). https://github.com/3rd-ways- for-EU-exposure-notification/project-DESIRE
Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clone wars: efficient periodic n-times anonymous authentication. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) CCS 2006, pp. 201–210. ACM (2006). https://doi.org/10.1145/1180405.1180431
Cho, H., Ippolito, D., Yu, Y.W.: Contact tracing mobile apps for COVID-19: privacy considerations and related trade-offs. ArXiv e-prints (2020). id: 2003.11511 [cs.CR]
Canetti, R., et al.: Privacy-preserving automated exposure notification. Cryptology ePrint Archive, Report 2020/863 (2020)
Canetti, R., Trachtenberg, A., Varia, M.: Anonymous collocation discovery: harnessing privacy to tame the coronavirus. ArXiv e-prints (2020). id: 2003.13670 [cs.CY]
DP-3T Project: Privacy and Security Risk Evaluation of Digital Proximity Tracing Systems (2020). https://github.com/DP-3T/documents/blob/master/Security%20analysis/Privacy%20and%20Security%20Attacks%20on%20Digital%20Proximity%20Tracing%20Systems.pdf
DP-3T Project: Security and privacy analysis of the document ‘PEPP- PT: Data Protection and Information Security Architecture’ (2020). https://github.com/DP-3T/documents/blob/master/Security%20analysis/PEPP-PT_%20Data%20Protection%20Architecture%20- %20Security%20and%20privacy%20analysis.pdf
DP-3T Project: Security and privacy analysis of the document ‘ROBERT: ROBust and privacy-presERving proximity Tracing’ (2020). https://github.com/DP-3T/documents/blob/master/Security%20analysis/ROBERT%20-%20Security%20and%20privacy%20analysis.pdf
DP3T Project: FAQ: Decentralized Proximity Tracing (2020). https://github.com/DP-3T/documents/blob/master/FAQ.md
Danz, N., Derwisch, O., Lehmann, A., Pünter, W., Stolle, M., Ziemann, J.: Provable security and privacy of decentralized cryptographic contact tracing. Cryptology ePrint Archive, Report 2020/1309 (2020)
Duong, T., Phan, D.H., Trieu, N.: Catalic: delegated PSI cardinality with applications to contact tracing. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 870–899. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_29
Fraunhofer AISEC: Pandemic Contact Tracing Apps: DP-3T, PEPP-PT NTK, and ROBERT from a Privacy Perspective. Cryptology ePrint Archive, Report 2020/489 (2020)
Feehan, D.M., Mahmud, A.S.: Quantifying population contact patterns in the United States during the COVID-19 pandemic. Nat. Commun. 12(1), 1–9 (2021). https://doi.org/10.1038/s41467-021-20990-2
Fitzsimons, J.K., Mantri, A., Pisarczyk, R., Rainforth, T., Zhao, Z.: A note on blind contact tracing at scale with applications to the COVID-19 pandemic. In: Volkamer, M., Wressnegger, C. (eds.) ARES 2020, pp. 92:1–92:6. ACM (2020). https://doi.org/10.1145/3407023.3409204
Garofalo, G., Hamme, T.V., Preuveneers, D., Joosen, W., Abidin, A., Mustafa, M.A.: PIVOT: PrIVate and effective cOntact Tracing. Cryptology ePrint Archive, Report 2020/559 (2021)
Kuhn, C., Beck, M., Strufe, T.: Covid notions: towards formal definitions - and documented understanding - of privacy goals and claimed protection in proximity-tracing services. In: Online Social Networks Media, vol. 22 (2021). https://doi.org/10.1016/j.osnem.2021.100125
Lindell, Y.: How to simulate it – a tutorial on the simulation proof technique. In: Tutorials on the Foundations of Cryptography. ISC, pp. 277–346. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57048-8_6
Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_32
PePP-PT e.V.: Pan-European Privacy-Preserving Proximity Tracing (2020). https://www.pepp-pt.org/content
PePP-PT e.V.: PEPP-PT NTK High-Level Overview (2020). https://github.com/pepp-pt/pepp-pt-documentation/blob/master/PEPP-PT-high-level-overview.pdf
PePP-PT e.V.: ROBust and privacy-presERving proximity Tracing protocol (2020). https://github.com/ROBERT-proximity-tracing/documents
Rivest, R.L., et al.: A Global Coalition for Privacy-First Digital Contact Tracing Protocols to Fight COVID-19. https://tcn-coalition.org/
Rivest, R.L., et al.: The PACT protocol specification (2020). https://pact.mit.edu/wp-content/uploads/2020/04/The-PACT-protocol-specification-ver-0.1.pdf
Troncoso, C., et al.: Decentralized privacy-preserving proximity tracing. IEEE Data Eng. Bull. 43(2), 36–66 (2020). First published 3 April 2020 on https://github.com/DP-3T/documents. http://sites.computer.org/debull/A20june/p36.pdf
The Tor Project, Inc.: TOR Project. https://www.torproject.org/
Trieu, N., Shehata, K., Saxena, P., Shokri, R., Song, D.: Epione: lightweight contact tracing with strong privacy. IEEE Data Eng. Bull. 43(2), 95–107 (2020). http://sites.computer.org/debull/A20june/p95.pdf
Vaudenay, S.: Analysis of DP3T. Cryptology ePrint Archive, Report 2020/399 (2020)
Vaudenay, S.: Centralized or Decentralized? The Contact Tracing Dilemma. Cryptology ePrint Archive, Report 2020/531 (2020)
Acknowledgements
We would like to express our gratitude to Michael Klooß and Jeremias Mechler for helpful comments. This work was supported by funding from the topic Engineering Secure Systems of the Helmholtz Association (HGF) and by KASTEL Security Research Labs. We thank Serge Vaudenay for his comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Beskorovajnov, W., Dörre, F., Hartung, G., Koch, A., Müller-Quade, J., Strufe, T. (2021). ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized–Decentralized Divide for Stronger Privacy. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13091. Springer, Cham. https://doi.org/10.1007/978-3-030-92075-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-92075-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92074-6
Online ISBN: 978-3-030-92075-3
eBook Packages: Computer ScienceComputer Science (R0)
