Privacy-Preserving Infection Exposure Notification without Trust in Third Parties
This addresses privacy concerns in contact tracing for citizens during pandemics, offering an incremental improvement over existing systems.
The paper tackles the problem of trust in third parties in Bluetooth-based contact tracing by proposing a design that generates random numbers on the application side and uses a public ledger with blind signatures for reporting positive tests, enhancing verifiability for privacy protection.
In response to the COVID-19 pandemic, Bluetooth-based contact tracing has been deployed in many countries with the help of the developers of smartphone operating systems that provide APIs for privacy-preserving exposure notification. However, it has been assumed by the design that the OS developers, smartphone vendors, or governments will not violate people's privacy. We propose a privacy-preserving exposure notification under situations where none of the middle entities can be trusted. We believe that it can be achieved with small changes to the existing mechanism: random numbers are generated on the application side instead of the OS, and the positive test results are reported to a public ledger (e.g. blockchain) rather than to a government server, with endorsements from the medical institutes with blind signatures. We also discuss how to incentivize the peer-to-peer maintenance of the public ledger if it should be newly built. We show that the level of verifiability is much higher with our proposed design if a consumer group were to verify the privacy protections of the deployed systems. We believe that this will allow for safer contact tracing, and contribute to healthier lifestyles for citizens who may want to or have to go out under pandemic situations.