Hello, over at DP3T I presented an idea that could reduce the amount of transfered data needed daily without 1) leaking any knowledge of observed keys to the server and 2) leaking data like location data. The basic idea is to use at least two cuckoo/bloom filters, where one is responsible to provide reliable checks of contact (low rate of false positives, high amount of data) and the other(s) is/are smaller and responsible to give cheap checks for the people that did not have contact with infected ids (high rate of false positives, low amount of data). The idea is to load the small filter first, check, and download the reliable filter only in case of a positive matching.
Two issues were raised already: 1) By download the big, last, reliable filter, the server knows that the id that makes the request is more likely to having encountered an infected person. 2) More grave: By generating 2-4 filters from the same data set, it might become easier to infer the original data set. (mitigation might include adding fake entries to mess whatever method is used.)
Hello, over at DP3T I presented an idea that could reduce the amount of transfered data needed daily without 1) leaking any knowledge of observed keys to the server and 2) leaking data like location data. The basic idea is to use at least two cuckoo/bloom filters, where one is responsible to provide reliable checks of contact (low rate of false positives, high amount of data) and the other(s) is/are smaller and responsible to give cheap checks for the people that did not have contact with infected ids (high rate of false positives, low amount of data). The idea is to load the small filter first, check, and download the reliable filter only in case of a positive matching.
Two issues were raised already: 1) By download the big, last, reliable filter, the server knows that the id that makes the request is more likely to having encountered an infected person. 2) More grave: By generating 2-4 filters from the same data set, it might become easier to infer the original data set. (mitigation might include adding fake entries to mess whatever method is used.)
The full discussion so far is found in this issue: https://github.com/DP-3T/documents/issues/164