Cryptology ePrint Archive: Report 2020/863

Privacy-Preserving Automated Exposure Notification

Ran Canetti and Yael Tauman Kalai and Anna Lysyanskaya and Ronald L. Rivest and Adi Shamir and Emily Shen and Ari Trachtenberg and Mayank Varia and Daniel J. Weitzner

Abstract: Contact tracing is an essential component of public health efforts to slow the spread of COVID-19 and other infectious diseases. Automating parts of the contact tracing process has the potential to significantly increase its scalability and efficacy, but also raises an array of privacy concerns, including the risk of unwanted identification of infected individuals and clandestine collection of privacy-invasive data about the population at large.

In this paper, we focus on automating the exposure notification part of contact tracing, which notifies people who have been in close proximity to infected people of their potential exposure to the virus. This work is among the first to focus on the privacy aspects of automated exposure notification. We introduce two privacy-preserving exposure notification schemes based on proximity detection. Both systems are decentralized -- no central entity has access to sensitive data. The first scheme is simple and highly efficient, and provides strong privacy for non-diagnosed individuals and some privacy for diagnosed individuals. The second scheme provides enhanced privacy guarantees for diagnosed individuals, at some cost to efficiency. We provide formal definitions for automated exposure notification and its security, and we prove the security of our constructions with respect to these definitions.

Category / Keywords: applications / automated exposure notification, contact tracing, COVID-19, privacy

Date: received 9 Jul 2020, last revised 9 Jul 2020

Contact author: canetti at bu edu,yaelism@gmail com,anna_lysyanskaya@brown edu,rivest@mit edu,adi shamir@weizmann ac il,emily shen@ll mit edu,trachten@bu edu,varia@bu edu,weitzner@mit edu

Available format(s): PDF | BibTeX Citation

Version: 20200712:125239 (All versions of this report)

Short URL: ia.cr/2020/863


[ Cryptology ePrint archive ]