Real World Crypto 2021 - Session 8: Contact Tracing


Prev | Up | Next

Session video

Rosario Gennaro (City College NYC/Prep4All) / Exposure Notification System May Allow for Large-Scale Voter Suppression video

In the USA contact-tracing apps left to individual states due to fed govt lack of interest. All who launched use the GAEN (Google & Apple) framework but only 17 states have apps! Adoption very low (<10%) compared with Europe (>20-30%)

Comparisons made with Prep4All (advocates for PrEP therapy for HIV avoidance).

Integrity attacks against GAEN:

Because of timing of US Election in the thick of COVID-19 there was concern that voter suppression could be effected by faking notification of exposure using attacks above. (It’s known that rainy days affect election outcomes as republicans are more likely to turn out)

The authors requested Google & Apple should suspend exposure notifications in the week prior to election day… this was refused. G & A thought the attacks were not rational, requiring too many resouces & investments compared to say a faked SMS campaign.

If an attacker is willing to get infected they could sell their auth codes to a black market…

He reckons that voter suppression didn’t occur not because of the difficulty of the attacks described but just because take-up of the tracing apps is so low.

An aside, and OMG! On the Effectiveness of Time Travel to Inject COVID-19 Alerts - actually a serious paper about things you can do if your phone clock is set wrong.

Eyal Ronen (Bar Ilan Uni) / Privacy-Preserving Bluetooth Based Contact Tracing - One Size Does Not Fit All video

Israel’s manual contact tracing - all reports of being in public places end up with locations and times being published in newspapers and websites!

Israeli security service did automatic tracing using data from cell networks

Privacy / explainability tradeoff:

Location tracking / coverage tradeoff:

Approach using GPS and location logging that never left phone was used for some local-only alerts (ie. no server integration)

Hashomer used BLE but without GAEN. It worked well in general but was scuppered by public perception of contact-trace apps as surveillance tools, especially after earlier involvement of security services.

Lukas Helminger (TU Graz, Know-Center) / Privately Connecting Mobility to Infectious Diseases via Applied Cryptography / paper video slides

COVID Heatmap

The speaker presents an approach that doesn’t require smart-phones or contact-tracing. It is good for dumb phones as well as smart. That’s because it’s based on studies of human mobility patterns from mobile phone data. This has been previously used to study spread of malaria /dengue / cholera.

Starts with aggregate data from all of a network operator’s subscribers. Historically this approach has worked only if there are lots of cases or mass-gatherings.

Improvements made by joining information about individuals who are infected. That info needs to be protected, so they use homomorphic encryption and zero-knowledge proofs and differential Privacy.


  1. encrypt subscribers phone numbers with homomorphic encryption;
  2. these are sent to mobile operators;
  3. it forms one dimension of a large matrix.
  4. The other dimension is the set of mobile subscribers who are moving;
  5. The matrix cell is set to 1 if subscriber is infected, 0 otherwise.
  6. something something … end up with a heat map.

Seems computationally expensive but isn’t: for a large city like NYC, the computation took <2hr and cost only $10 on AWS.