Desire: Leveraging the Best of Centralized and Decentralized Contact Tracing Systems

Contact tracing in case of pandemic is becoming an essential mitigation tool for national health services to break infection chains and prevent the virus from spreading further. To support manual tracing, several countries have been developing contact tracing apps that detect nearby mobile phones using Bluetooth. Such data collection raised privacy concerns and several privacy-preserving protocols have been proposed to prevent the leakage of personal and sensitive information. These solutions are mainly divided into two categories using a centralized or a decentralized exposure score computation. However, both approaches depict limitations. This article presents Desire, a novel exposure notification system that leverages the best of centralized and decentralized systems. As opposed to existing contact tracing schemes, Desire leverages Private Encounter Tokens (Pets) generated locally on the device that uniquely identify an encounter between two nodes while being private and unlinkable by the server. The role of the server is merely to match PETs generated by diagnosed users with the pets provided by requesting users. Our privacy risk analysis shows that Desire drastically improves privacy against malicious users (i.e., limitation of decentralized systems) and authority (i.e., limitation of centralised systems). We implemented Desire, evaluated it in real condition, and show it feasibility.