Paper 2026/1427
SPiRiT: Verifiable Contact Tracing for Balanced Security, Privacy, and Safety
Abstract
Digital contact tracing systems play a pivotal role in mitigating the spread of infectious diseases during pandemics by identifying individuals exposed to confirmed cases. In decentralized privacy-preserving contact tracing protocols, users broadcast pseudo-random IDs and, upon infection, upload the relevant IDs to a cloud server. Other users can then download these IDs to determine if they have been in proximity to infected individuals. However, existing protocols often lack verifiability, implicitly assuming honest user behavior when uploading data to the server. This gap creates vulnerabilities, including false positives and false negatives, which hinder the widespread adoption crucial for the effectiveness of contact tracing apps. This paper introduces SPiRiT, a secure and privacy-preserving verifiable contact tracing protocol, designed to address these shortcomings by introducing verifiability, ensuring the legitimacy of uploaded IDs, while still maintaining user privacy. Verifiability ensures whether an upload contains a valid set of pseudo-random IDs with respect to the contagious period of the infected individual, and that the individual claiming those IDs is the legitimate owner, in a privacy-preserving manner. The goal of our design is to maintain a balance between the competing objectives of privacy, security, and decentralization while fostering greater public trust and adoption by addressing the aforementioned vulnerabilities. Through rigorous evaluation using a face-to-face individual interaction dataset, we demonstrate that SPiRiT not only reduces false alarms but also can be on par with or even outperform existing protocols in detecting high-risk contacts.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. ARES 2026
- Keywords
- Digital Contact TracingFalse AlarmPandemic Risk MitigationPrivacySecurityVerifiability
- Contact author(s)
-
rabaninejad @ gmail com
azra abtahi-fahliani @ mau se
antonios michalas @ tuni fi
amir aminifar @ eit lth se - History
- 2026-07-16: approved
- 2026-07-13: received
- See all versions
- Short URL
- https://ia.cr/2026/1427
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2026/1427,
author = {Reyhaneh Rabaninejad and Azra Abtahi and Antonis Michalas and Amir Aminifar},
title = {{SPiRiT}: Verifiable Contact Tracing for Balanced Security, Privacy, and Safety},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/1427},
year = {2026},
url = {https://eprint.iacr.org/2026/1427}
}