Privacy-Preserving Infection Exposure Notification without Trust in Third Parties

In response to the COVID-19 pandemic, Bluetooth-based contact tracing has been deployed in many countries with the help of the developers of smartphone operating systems that provide APIs for privacy-preserving exposure notification. However, it has been assumed by the design that the OS developers, smartphone vendors, or governments will not violate people's privacy. We propose a privacy-preserving exposure notification under situations where none of the middle entities can be trusted. We believe that it can be achieved with small changes to the existing mechanism: random numbers are generated on the application side instead of the OS, and the positive test results are reported to a public ledger (e.g. blockchain) rather than to a government server, with endorsements from the medical institutes with blind signatures. We also discuss how to incentivize the peer-to-peer maintenance of the public ledger if it should be newly built. We show that the level of verifiability is much higher with our proposed design if a consumer group were to verify the privacy protections of the deployed systems. We believe that this will allow for safer contact tracing, and contribute to healthier lifestyles for citizens who may want to or have to go out under pandemic situations.