Epione: Lightweight Contact Tracing with Strong Privacy

Contact tracing is an essential tool in containing infectious diseases such as COVID-19. Many countries and research groups have launched or announced mobile apps to facilitate contact tracing by recording contacts between users with some privacy considerations. Most of the focus has been on using random tokens, which are exchanged during encounters and stored locally on users' phones. Prior systems allow users to search over released tokens in order to learn if they have recently been in the proximity of a user that has since been diagnosed with the disease. However, prior approaches do not provide end-to-end privacy in the collection and querying of tokens. In particular, these approaches are vulnerable to either linkage attacks by users using token metadata, linkage attacks by the server, or false reporting by users. In this work, we introduce Epione, a lightweight system for contact tracing with strong privacy protections. Epione alerts users directly if any of their contacts have been diagnosed with the disease, while protecting the privacy of users' contacts from both central services and other users, and provides protection against false reporting. As a key building block, we present a new cryptographic tool for secure two-party private set intersection cardinality (PSI-CA), which allows two parties, each holding a set of items, to learn the intersection size of two private sets without revealing intersection items. We specifically tailor it to the case of large-scale contact tracing where clients have small input sets and the server's database of tokens is much larger.

[1]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[2]  Asra Ali,et al.  Communication-Computation Trade-offs in PIR , 2019, IACR Cryptol. ePrint Arch..

[3]  Ben Riva,et al.  Salus: a system for server-aided secure function evaluation , 2012, CCS.

[4]  Jean-Pierre Hubaux,et al.  Quantifying Interdependent Privacy Risks with Location Data , 2017, IEEE Transactions on Mobile Computing.

[5]  Hao Chen,et al.  Labeled PSI from Fully Homomorphic Encryption with Malicious Security , 2018, IACR Cryptol. ePrint Arch..

[6]  Lucie Abeler-Dörner,et al.  Quantifying SARS-CoV-2 transmission suggests epidemic control with digital contact tracing , 2020, Science.

[7]  Christoph Böhm,et al.  The Basic Applications , 2013 .

[8]  Benny Pinkas,et al.  Efficient Circuit-based PSI with Linear Communication , 2019, IACR Cryptol. ePrint Arch..

[9]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[10]  François Koeune Pseudorandom Number Generator , 2011, Encyclopedia of Cryptography and Security.

[11]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[12]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[13]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[14]  Changyu Dong,et al.  A Fast Single Server Private Information Retrieval Protocol with Low Communication Cost , 2014, ESORICS.

[15]  Ramesh Raskar,et al.  Apps Gone Rogue: Maintaining Personal Privacy in an Epidemic , 2020, ArXiv.

[16]  Hyunghoon Cho,et al.  Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs , 2020, ArXiv.

[17]  Xiaomin Liu,et al.  Fast Secure Computation of Set Intersection , 2010, SCN.

[18]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[19]  David Starobinski,et al.  Tracking Anonymized Bluetooth Devices , 2019, Proc. Priv. Enhancing Technol..

[20]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[21]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[22]  Emiliano De Cristofaro,et al.  Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model , 2010, ASIACRYPT.

[23]  Benny Pinkas,et al.  SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension , 2019, IACR Cryptol. ePrint Arch..

[24]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[25]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[26]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[27]  Peter Rindal,et al.  PIR-PSI: Scaling Private Contact Discovery , 2018, IACR Cryptol. ePrint Arch..

[28]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[29]  Moti Yung,et al.  On Deploying Secure Computing Commercially: Private Intersection-Sum Protocols and their Business Applications , 2019, IACR Cryptol. ePrint Arch..

[30]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[31]  Benny Pinkas,et al.  Practical Multi-party Private Set Intersection from Symmetric-Key Techniques , 2017, CCS.

[32]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[33]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[34]  Hao Chen,et al.  Fast Private Set Intersection from Homomorphic Encryption , 2017, CCS.

[35]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[36]  Jason Bay,et al.  BlueTrace: A privacy-preserving protocol for community-driven contact tracing across borders , 2020 .

[37]  Daniel Kales,et al.  Mobile Private Contact Discovery at Scale , 2019, IACR Cryptol. ePrint Arch..

[38]  Eric Horvitz,et al.  PACT: Privacy-Sensitive Protocols And Mechanisms for Mobile Contact Tracing , 2020, IEEE Data Eng. Bull..

[39]  Tad Hogg,et al.  Enhancing privacy and trust in electronic communities , 1999, EC '99.

[40]  Yuval Ishai,et al.  Function Secret Sharing: Improvements and Extensions , 2016, CCS.

[41]  Vladimir Kolesnikov,et al.  Efficient Batched Oblivious PRF with Applications to Private Set Intersection , 2016, CCS.

[42]  Benny Pinkas,et al.  Efficient Circuit-based PSI via Cuckoo Hashing , 2018, IACR Cryptol. ePrint Arch..

[43]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[44]  Alex J. Malozemoff,et al.  Faster Secure Two-Party Computation in the Single-Execution Setting , 2017, EUROCRYPT.