Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols

Junade Ali, Vladimir Dyo

TL;DR

The paper tackles privacy vulnerabilities in Apple/Google DP3T-like contact tracing protocols, notably the risk of 24-hour de-anonymisation and the lack of cryptographic guarantees for minimum encounter duration. It introduces cross hashing to enforce a minimum-duration exposure via Consistent Contact Identifiers computed as $CCI = HKDF(i_n, i_{n-k})$ and employs $k$-Anonymous buckets with Private Set Intersection to limit data exposure and reduce overhead. Empirical evaluation on real BLE beacon traces demonstrates like-for-like efficacy, achieving 100\% exposure capture when using $k = {1,2}$, while preserving privacy protections. The work also discusses trade-offs in cryptographic computation and data leakage bounds, outlining future directions including real-device data collection and energy efficiency considerations.

Abstract

During the COVID-19 (SARS-CoV-2) epidemic, Contact Tracing emerged as an essential tool for managing the epidemic. App-based solutions have emerged for Contact Tracing, including a protocol designed by Apple and Google (influenced by an open-source protocol known as DP3T). This protocol contains two well-documented de-anonymisation attacks. Firstly that when someone is marked as having tested positive and their keys are made public, they can be tracked over a large geographic area for 24 hours at a time. Secondly, whilst the app requires a minimum exposure duration to register a contact, there is no cryptographic guarantee for this property. This means an adversary can scan Bluetooth networks and retrospectively find who is infected. We propose a novel "cross hashing" approach to cryptographically guarantee minimum exposure durations. We further mitigate the 24-hour data exposure of infected individuals and reduce computational time for identifying if a user has been exposed using $k$-Anonymous buckets of hashes and Private Set Intersection. We empirically demonstrate that this modified protocol can offer like-for-like efficacy to the existing protocol.

Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols

TL;DR

The paper tackles privacy vulnerabilities in Apple/Google DP3T-like contact tracing protocols, notably the risk of 24-hour de-anonymisation and the lack of cryptographic guarantees for minimum encounter duration. It introduces cross hashing to enforce a minimum-duration exposure via Consistent Contact Identifiers computed as and employs -Anonymous buckets with Private Set Intersection to limit data exposure and reduce overhead. Empirical evaluation on real BLE beacon traces demonstrates like-for-like efficacy, achieving 100\% exposure capture when using , while preserving privacy protections. The work also discusses trade-offs in cryptographic computation and data leakage bounds, outlining future directions including real-device data collection and energy efficiency considerations.

Abstract

During the COVID-19 (SARS-CoV-2) epidemic, Contact Tracing emerged as an essential tool for managing the epidemic. App-based solutions have emerged for Contact Tracing, including a protocol designed by Apple and Google (influenced by an open-source protocol known as DP3T). This protocol contains two well-documented de-anonymisation attacks. Firstly that when someone is marked as having tested positive and their keys are made public, they can be tracked over a large geographic area for 24 hours at a time. Secondly, whilst the app requires a minimum exposure duration to register a contact, there is no cryptographic guarantee for this property. This means an adversary can scan Bluetooth networks and retrospectively find who is infected. We propose a novel "cross hashing" approach to cryptographically guarantee minimum exposure durations. We further mitigate the 24-hour data exposure of infected individuals and reduce computational time for identifying if a user has been exposed using -Anonymous buckets of hashes and Private Set Intersection. We empirically demonstrate that this modified protocol can offer like-for-like efficacy to the existing protocol.

Paper Structure

This paper contains 10 sections, 1 figure, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Threat Model
  4. Anonymity Model
  5. Cryptographic Contact Duration Threshold
  6. Efficient Rolling Proximity Identifier Search
  7. Evaluation
  8. Down Sampling Simulation
  9. Security Discussion
  10. Conclusion

Figures (1)

  • Figure 1: BLE broadcast of $16$ bytes, consisting of the devices RPI associated with that timestamp (of 12 bytes) and up to $2 \times 2$ byte CCI prefixes.