Glass-Vault: A Generic Transparent Privacy-preserving Exposure Notification Analytics Platform

TL;DR

Glass-Vault is a privacy-preserving platform enabling secure analysis of exposure notification data using a novel functional encryption variant, DD-Steel, ensuring transparency, security, and flexibility for COVID-19 contact tracing.

Contribution

It introduces Glass-Vault, a UC-secure protocol utilizing DD-Steel functional encryption for privacy-preserving data analysis in exposure notifications, addressing generality and transparency limitations.

Findings

First UC-secure protocol for privacy-preserving exposure data analysis.

Proposes DD-Steel, a dynamic, decentralized functional encryption variant.

Enables applications like infection heatmap generation.

Abstract

The highly transmissible COVID-19 disease is a serious threat to people's health and life. To automate tracing those who have been in close physical contact with newly infected people and/or to analyse tracing-related data, researchers have proposed various ad-hoc programs that require being executed on users' smartphones. Nevertheless, the existing solutions have two primary limitations: (1) lack of generality: for each type of analytic task, a certain kind of data needs to be sent to an analyst; (2) lack of transparency: parties who provide data to an analyst are not necessarily infected individuals; therefore, infected individuals' data can be shared with others (e.g., the analyst) without their fine-grained and direct consent. In this work, we present Glass-Vault, a protocol that addresses both limitations simultaneously. It allows an analyst to run authorised programs over the collected data of infectious users, without learning the input data. Glass-Vault relies on a new variant of generic Functional Encryption that we propose in this work. This new variant, called DD-Steel, offers these two additional properties: dynamic and decentralised. We illustrate the security of both Glass-Vault and DD-Steel in the Universal Composability setting. Glass-Vault is the first UC-secure protocol that allows analysing the data of Exposure Notification users in a privacy-preserving manner. As a sample application, we indicate how it can be used to generate "infection heatmaps".