Paper 2020/1309
Provable Security Analysis of Decentralized Cryptographic Contact Tracing
Noel Danz, Oliver Derwisch, Anja Lehmann, Wenzel Puenter, Marvin Stolle, and Joshua Ziemann
Abstract
Automated contact tracing leverages the ubiquity of smartphones to warn users about an increased exposure risk to COVID-19. In the course of only a few weeks, several cryptographic protocols have been proposed that aim to achieve such contract tracing in a decentralized and privacy-preserving way. Roughly, they let users' phones exchange random looking pseudonyms that are derived from locally stored keys. If a user is diagnosed, her phone uploads the keys which allows other users to check for any contact matches. Ultimately this line of work led to Google and Apple including a variant of these protocols into their phones which is currently used by millions of users. Due to the obvious urgency, these schemes were pushed to deployment without a formal analysis of the achieved security and privacy features. In this work we address this gap and provide the first formal treatment of such decentralized cryptographic contact tracing. We formally define three main properties in a game-based manner: pseudonym and trace unlinkability to guarantee the privacy of users during healthy and infectious periods, and integrity ensuring that triggering false positive alarms is infeasible. A particular focus of our work is on the timed aspects of these schemes, as both keys and pseudonyms are rotated regularly, and we specify different variants of the aforementioned properties depending on the time granularity for which they hold. We analyze a selection of practical protocols (DP-3T, TCN, GAEN) and prove their security under well-defined assumptions.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- anja lehmann @ hpi de
- History
- 2021-03-30: last of 2 revisions
- 2020-10-20: received
- See all versions
- Short URL
- https://ia.cr/2020/1309
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1309, author = {Noel Danz and Oliver Derwisch and Anja Lehmann and Wenzel Puenter and Marvin Stolle and Joshua Ziemann}, title = {Provable Security Analysis of Decentralized Cryptographic Contact Tracing}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1309}, year = {2020}, url = {https://eprint.iacr.org/2020/1309} }