PIVOT: PrIVate and effective cOntact Tracing

Giuseppe Garofalo, Tim Van hamme, Davy Preuveneers, Wouter Joosen, Aysajan Abidin, and Mustafa A. Mustafa

Abstract

We propose, design, and evaluate PIVOT, a privacy-enhancing and effective contact tracing solution that aims to strike a balance between utility and privacy: one that does not collect sensitive information yet allowing effective tracing and notifying the close contacts of diagnosed users. PIVOT requires a considerably lower degree of trust in the entities involved compared to centralised alternatives while retaining the necessary utility. To protect users' privacy, it uses local proximity tracing based on broadcasting and recording constantly changing anonymous public keys via short-range communication. These public keys are used to establish a shared secret key between two people in close contact. The three keys (i.e., the two public keys and the established shared key) are then used to generate two unique per-user-per-contact hashes: one for infection registration and one for exposure score query. These hashes are never revealed to the public. To improve utility, user exposure score computation is performed centrally, which provides health authorities with minimal, yet insightful and actionable data. Data minimisation is achieved by the use of per-user-per-contact hashes and by enforcing role separation: the health authority act as a mixing node, while the matching between reported and queried hashes is outsourced to a third entity, an independent matching service. This separation ensures that out-of-scope information, such as users' social interactions, is hidden from the health authorities, whereas the matching service does not learn users' sensitive information. To sustain our claims, we conduct a practical evaluation that encompasses anonymity guarantees and energy requirements.

Available format(s)
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
contact tracinganonymitysecret sharing
Contact author(s)
giuseppe garofalo @ kuleuven be
tim vanhamme @ kuleuven be
aysajan @ kuleuven be
mustafa mustafa @ manchester ac uk
History
2021-01-22: last of 2 revisions
See all versions
Short URL
https://ia.cr/2020/559

CC BY

BibTeX

@misc{cryptoeprint:2020/559,
author = {Giuseppe Garofalo and Tim Van hamme and Davy Preuveneers and Wouter Joosen and Aysajan Abidin and Mustafa A.  Mustafa},
title = {PIVOT: PrIVate and effective cOntact Tracing},
howpublished = {Cryptology ePrint Archive, Paper 2020/559},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/559}},
url = {https://eprint.iacr.org/2020/559}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.