ブロックチェーンを用いたプライバシー確保型コロナウイルス接触確認技術

Chen-Mou CHENG

Outline

  • Contact tracing practices in Japan vs. Taiwan
  • Privacy-preserving contact tracing
    • Blockchains & smart contracts
    • Zero-knowledge proofs
    • Putting it all together
  • Examples & concluding remarks

Japan

vs.

COVID-19

COCOA

  • Developed by Microsoft based on GAEN
    • Constantly broadcasts & remembers random numbers
    • Infectees' numbers published later when confirmed

  • Emphasis on privacy preservation

    • Default: No collecting personally identifiable information such as location history

    • Personal information only allowed on a voluntary basis

  •  NHK (2021年2月12日):『新型コロナウイルス対策のスマートフォン向けの接触確認アプリ「COCOA」。感染症対策の切り札として導入されながら、利用者の一部に4か月余りもの間、感染者との接触が通知がされていなかった。なぜ不具合が見過ごされたのか。』

GAEN

  • Google Apple Exposure Notifications
    • Adopted by US & many countries in Europe
    • Need user consent to publicize positive results
  • Criticized by researchers for potential attacks
    • E.g.: L. Baumgärtner et al. "Mind the GAP: Security & Privacy Risks of Contact Tracing Apps."
  • Not so effective, e.g., 3/12942 vs. 3M/469M in Spain
    • N. Oliver et al. "Assessing the Impact of the COVID-19 Pandemic in Spain: Large-Scale, Online, Self-Reported Population Survey." J Med Internet Res 2020;22(9):e21319
    • Low installation may be culprit (privacy concerns?)

COVID-19

$$\times$$

Taiwan

Contact tracing in Taiwan

  • Linking immigration and health-care DBs
  • Involuntary contact tracing via Cell Broadcast Center
  • Electronic surveillance based on digital footprints for at-home isolation & quarantine
    • Future: Digital National ID Card
      (マイナンバーカード++?)
  • Very good results: <1000 cases & <10 deaths (!)

What can we learn?

  • Hire hackers as Digital Ministers
  • It's all about trade-offs between privacy preservation & effectiveness of contact tracing

Blockchains & smart contracts

  • Blockchains
    • Distributed & decentralized ledgers for recording transaction history in tamper-evident logs
    • Ownership established by digital signatures
    • Main application: cryptocurrency like Bitcoin
  • Smart contracts
    • Programs living on a (Turing-complete) blockchain
    • DAO: Decentralized Autonomous Organization
      • Represented by rules encoded as smart contracts on, e.g., Ethereum

Blockchains

Lack of privacy on blockchains

  • \(H(x)\) is like a proof of \(x\)
    • Assuming \(H\) is collision resistant
  • To verify, however, need to reveal \(x\)
  • Zero-knowledge proofs:
    • Can prove without revealing \(x\)

ZKP例:アリババの開けゴマ

Putting it all together

  1. Data owner \(O\) publishes \(h=H(\color{red}d\color{black})\)
  2. Consumer \(C\) sends a function \(f\) and a public input \(x\)
  3. \(O\) responds with \(y=f(\color{red}d\color{black},x)\), along with a proof \(\pi\) that proves \(y=f(\color{red}d\color{black},x)\) and \(h=H(\color{red}d\color{black})\)
  4. \(C\) verifies \(\pi\), clearing the transaction

Example:

  • \(\color{red}d\color{black},x\): random numbers & location histories of \(O\) & 3rd party
    • \(h=H(\color{red}d\color{black})\) published on Ethereum as a commitment
  • \(y=1\) if there is a time window \(\geq 15\) mins during which they are in the same place & have heard each other's numbers
  • \(O\) will not only learn whether he is infected by 3rd party but also be able to convince \(C\) about this fact

Proof-of-concept implementation using KML

<?xml version='1.0' encoding='UTF-8'?>
<kml xmlns='http://www.opengis.net/kml/2.2' xmlns:gx='http://www.google.com/kml/ext/2.2'>
 <Document>
  <Placemark>
   <open>1</open>
   <gx:Track>
    <altitudeMode>clampToGround</altitudeMode>
    <when>2019-06-09T02:42:09Z</when>
    <gx:coord>135.50566039999998 34.5781402 19</gx:coord>
    <when>2019-06-09T02:50:20Z</when>
    <gx:coord>135.5055151 34.5804681 12</gx:coord>
    .
    .
    .
   </gx:Track>
  </Placemark>
 </Document>
</kml>

Concluding examples

  • Preserving COVID-19 patients' privacy
    • \(\color{red}d\color{black}\): location histories of infectees with \(H(\color{red}d\color{black})\) published by authority \(O\)
    • \(x\): location of a restaurant you want to go
    • \(\pi\): proof that the restaurant is safe to visit (for now)
  • Automobile insurance
    • \(\color{red}d\color{black}\): location history of your car
    • \(f(\cdot,x)\) determines your insurance rate by deriving driving behavior from GPS readings

ご清聴ありがとうございました

  • No need to sacrifice privacy for effectiveness
  • Can have your cake and eat it too!

Contact tracing without invading privacy using blockchains: How to fight COVID-19 with smart contracts and zero-knowledge proofs

By Chen-Mou Cheng

Made with Slides.com

Contact tracing without invading privacy using blockchains: How to fight COVID-19 with smart contracts and zero-knowledge proofs

  • 98

More from Chen-Mou Cheng