dcale
commented
4 years ago Hi @kbitr we adapted your proposal and came up with another idea, can you please check what you think about it: https://github.com/AndreasGassmann/WeTrace/wiki
Open kbitr opened 4 years ago
dcale
commented
4 years ago Hi @kbitr we adapted your proposal and came up with another idea, can you please check what you think about it: https://github.com/AndreasGassmann/WeTrace/wiki
kbitr
commented
4 years ago Alright! I conclude, your idea differs in the exchange of the public key and the message in the process. Instead of sending the message each time, you send the
Has the benefit, that you don't have to decide beforehand what information (time, location) to share. But, you have to send the public key each time, not just for the infection case. No objections so far!
Hey, I will just to start this as a conversation! :)
State-of-the-Art
Recently popular solutions, like TraceTogether or the in this Hackathon developed solution WeTrace utilize near-field communication sensors to record proximity human interactions.
The first mentioned raises privacy concerns, since the mobile number of each infected is transmitted and, therefore, the sickness is connected to a human individual. The second tries solve this privacy issue in a distributed approach, but faces a problem; the communication of infection people, while randomly changing the user ID time based.
One solution can be to keep a history on the local device. However, the history has to be send over to the back-end server which then knows all infected IDs. There is a more elegant way:
Solution
Each time two devices meet, a payload of a marker and a random part gets encrypted by the senders private key. This encrypted payload is send to the other device which saves it in its database of contacts. Therefore, each contact is individual and devices cannot separate devices from one another.
Once a person wants to self-identify as infected, the device sends its public key to the back-end server which distributes it to all other devices. All devices can then try to decrypt the message with this key. If the decryption is successful, the marker is readable and the random part can be discarded. Therefore, only one key has to be distributed, not a list of all former IDs. The identity of the infected device cannot be reconstructed by the back-end server.
Additionally, after decryption it is possible to count the appearances of the marker in the local device to estimate the rate of exposure.