Privacy-Preserving COVID-19 Contact Tracing App: A Zero-Knowledge Proof Approach

In this paper, we propose a privacy-preserving contact tracing app for COVID-19. The app allows users to be notified, if they have been a close contact with a confirmed patient. Our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to date. Our protocol strikes a balance between security, privacy and scalability. In terms of privacy, it allows all users to hide his past location and contact history with respect to the Government. Yet, all users can check whether he had a close contact with a confirmed patient without learning the identity of the patient. We use a zero-knowledge protocol to ensure that user privacy is protected. In terms of security, no user can send fake message to the system to launch a false positive attack. We give a formal security model and give a security proof for our protocol. In terms of scalability, we have implemented our protocol into Android smartphone and our evaluation result shows its practicality.

[1]  Qiang Tang,et al.  Privacy-Preserving Contact Tracing: current solutions and open questions , 2020, IACR Cryptol. ePrint Arch..

[2]  Xiaohui Liang,et al.  EPIC: Efficient Privacy-Preserving Contact Tracing for Infection Detection , 2018, 2018 IEEE International Conference on Communications (ICC).

[3]  Yaron Gvili,et al.  Security Analysis of the COVID-19 Contact Tracing Specifications by Apple Inc. and Google Inc , 2020, IACR Cryptol. ePrint Arch..

[4]  Jin Li,et al.  N-Mobishare: new privacy-preserving location-sharing system for mobile online social networks , 2016, Int. J. Comput. Math..

[5]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[6]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7]  Krzysztof Pietrzak,et al.  Delayed Authentication: Preventing Replay and Relay Attacks in Private Contact Tracing , 2020, IACR Cryptol. ePrint Arch..

[8]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[9]  Taeho Jung,et al.  Search me if you can: Privacy-preserving location query service , 2012, 2013 Proceedings IEEE INFOCOM.

[10]  Ran Canetti,et al.  Anonymous Collocation Discovery: Harnessing Privacy to Tame the Coronavirus , 2020, 2003.13670.

[11]  Björn Scheuermann,et al.  Privacy-Preserving Contact Tracing of COVID-19 Patients , 2020, IACR Cryptol. ePrint Arch..

[12]  Guanhua Yan,et al.  Privacy-Preserving Profile Matching for Proximity-Based Mobile Social Networking , 2013, IEEE Journal on Selected Areas in Communications.

[13]  Fengyuan Xu,et al.  MobiShare: Flexible privacy-preserving location sharing in mobile online social networks , 2012, 2012 Proceedings IEEE INFOCOM.

[14]  Qiong Huang,et al.  Privacy-Preserving Location Sharing Services for Social Networks , 2017, IEEE Transactions on Services Computing.

[15]  Xinwen Fu,et al.  Protection of query privacy for continuous location based services , 2011, 2011 Proceedings IEEE INFOCOM.

[16]  Carmela Troncoso,et al.  Decentralized Privacy-Preserving Proximity Tracing , 2020, IEEE Data Eng. Bull..

[17]  Eric Horvitz,et al.  PACT: Privacy-Sensitive Protocols And Mechanisms for Mobile Contact Tracing , 2020, IEEE Data Eng. Bull..

[18]  Susan J. Henders Hong Kong as a Special Administrative Region , 2010 .

[19]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[20]  K. Santhi,et al.  Privacy-Preserving Distributed Profile Matching in Proximity-based Mobile Social Networks , 2015 .

[21]  Serge Vaudenay,et al.  Analysis of DP3T , 2020, IACR Cryptol. ePrint Arch..

[22]  Hui Li,et al.  Protecting User Trajectory in Location-Based Services , 2014, 2015 IEEE Global Communications Conference (GLOBECOM).

[23]  Björn Scheuermann,et al.  CAUDHT: Decentralized Contact Tracing Using a DHT and Blind Signatures , 2020, 2020 IEEE 45th Conference on Local Computer Networks (LCN).

[24]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.