You are looking at a specific version 20201204:134509 of this paper. See the latest version.

Paper 2020/1309

Security and Privacy of Decentralized Cryptographic Contact Tracing

Noel Danz and Oliver Derwisch and Anja Lehmann and Wenzel Puenter and Marvin Stolle and Joshua Ziemann

Abstract

Automated contact tracing leverages the ubiquity of smartphones to warn users about an increased exposure risk to COVID-19. In the course of only a few weeks, several cryptographic protocols have been proposed that aim to achieve such contract tracing in a decentralized and privacy-preserving way. Roughly, they let users' phones exchange random looking pseudonyms that are derived from locally stored keys. If a user is diagnosed, her phone uploads the keys which allows other users to check for any contact matches. Ultimately this line of work led to Google and Apple including a variant of these protocols into their phones which is currently used by millions of users. Due to the obvious urgency, these schemes were pushed to deployment without a formal analysis of the achieved security and privacy features. In this work we address this gap and provide the first formal treatment of such decentralized cryptographic contact tracing. We formally define three main properties in a game-based manner: pseudonym and trace unlinkability to guarantee the privacy of users during healthy and infectious periods, and integrity ensuring that triggering false positive alarms is infeasible. A particular focus of our work is on the timed aspects of these schemes, as both keys and pseudonyms are rotated regularly, and we specify different variants of the aforementioned properties depending on the time granularity for which they hold. We analyze a selection of practical protocols (DP-3T, TCN, GAEN) and prove their security under well-defined assumptions.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Contact author(s)
anja lehmann @ hpi de
History
2021-03-30: last of 2 revisions
2020-10-20: received
See all versions
Short URL
https://ia.cr/2020/1309
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.