Open TeoGoddet opened 4 years ago
I'm not a security expert I see two main problems with ROBERT that focus on greater responsibility for a central server.
Laurent
Yeah, i did read it, but I wanted a the analysis of ROBERT about D^3PT
If you read the INRIA boss paper, you will see that ROBERT team is the best of the world ;-) Why would they study a tiny Switzerland projet ? There are looking for programmers at Thales to do the coding ;-)
No doubt for me that dp-3t is the best approach for a pandemic contact tracing.
I mean: read D^3PT, they are the best read ROBERT (and inria paper), they are the best
then D³PT made a great assement of ROBERT, academic quality the inverse is quiet false, only a few lines assesing D³PT without real justifications,
that's why i'm asking for a real assessment of D³PT by the ROBERT team.
ROBERT has not assessed or compared their system to DP3T (yet). They reference Serge Vaudenay's paper to discard DP3T (ref [6] in their paper) which shows attacks on DP3T and proposes countermeasures, although I do not know which ones have been integrated into later developments of DP3T : "Analysis of DP3TBetween Scylla and Charybdis". It is available as a preprint on IACR.
IMHO it seems that ROBERT claims are not founded, I explain why here: #46
It would be nice to provide an evaluation about DP-3T Their threat model is not based on HbC entities operating it but it's sending the ephids of all the infected to all the users instead wich may or may not be better.
At first ROBERT seems a bad for privacy, because the contact graph can be discovered by the server operator entity, but it may be better than sharing the infected anonymous cryptographic ids ?
Is there any serious evaluation about D3PT desanonymisation or infected one risk ?