Skip to main content

ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized–Decentralized Divide for Stronger Privacy

Part of the Lecture Notes in Computer Science book series (LNSC,volume 13091)


Contact tracing is among the most important interventions to mitigate the spread of any pandemic, usually in the form of manual contact tracing. Smartphone-facilitated digital contact tracing may help to increase tracing capabilities and extend the coverage to those contacts one does not know in person. Most implemented protocols use local Bluetooth Low Energy (BLE) communication to detect contagion-relevant proximity, together with cryptographic protections, as necessary to improve the privacy of the users of such a system. However, current decentralized protocols, including DP3T [T+20], do not sufficiently protect infected users from having their status revealed to their contacts, which raises fear of stigmatization.

We alleviate this by proposing a new and practical solution with stronger privacy guarantees against active adversaries. It is based on the upload-what-you-observed paradigm, includes a separation of duties on the server side, and a mechanism to ensure that users cannot deduce which encounter caused a warning with high time resolution. Finally, we present a simulation-based security notion of digital contact tracing in the real–ideal setting, and prove the security of our protocol in this framework.


  • Digital contact tracing
  • Privacy
  • Transmissible diseases
  • Active security
  • Anonymity
  • Security modeling
  • Ideal functionality

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

    See for a service that detects the contacts that caused a warning for DP3T-based approaches.

  2. 2.

    This captures a relaxed notion of “proximity”, as high-gain antennas could be used to register a contact, although not physically being in proximity.

  3. 3.

    Internally, the author(s) humorously prefer to read the name of \(\mathcal {F}_{\text {mat}}\) as “the matrix”.

  4. 4.

    We give a simple example of how this might be done. Note however, our protocol uses a different method, see Sect. 3.2. For this example, let \(\mathsf {H}\) be a hash function, such that \(\mathsf {H}(k \Vert x)\) is a pseudorandom function (PRF) with key \(k \in \{0,1\}^n\) evaluated on input x. For every time period t, the device generates a random key , and computes \(\mathsf {sid}_t := \mathsf {H}(k_t \Vert 0)\) and \(\mathsf {pid}_t := \mathsf {H}(k_t \Vert 1)\), stores them, and anonymously uploads \(k_t\) to the central server, who recomputes \(\mathsf {sid}_t, \mathsf {pid}_t\) in the same way. Both parties store \((\mathsf {sid}_t, \mathsf {pid}_t)\).

  5. 5.

    To make sure servers do not collude, they should be run by different organizations whose independence is guaranteed by law, e.g. supervisory agencies on privacy (ideally multiple different ones per nation-state) and non-governmental organisations that are widely trusted by the general public.

  6. 6.

    One might use remotely verifiable electronic ID cards instead.

  7. 7.

    If a user A has been in contact with an infected user B, and if B takes up to three weeks to show symptoms and have a positive test result, the data retention on the matching server is sufficient to deliver a warning to A.

  8. 8.

    In practice, parties can make their uploads a few days ahead of time without incurring additional risk.

  9. 9.

    While it would be perfectly possible for an environment to use as a contact graph a fresh, and independently sampled random graph on \(\mathcal {P}\) for each short-term epoch, the costs of implementing this in real time for 15 min epochs would be quite challenging.


  1. Avitabile, G., Botta, V., Iovino, V., Visconti, I.: Towards defeating mass surveillance and SARS-CoV-2: the Pronto-C2 fully decentralized automatic contact tracing system. Cryptology ePrint Archive, Report 2020/493 (2020)

    Google Scholar 

  2. Apple and Google: Privacy-Preserving Contact Tracing (2020).

  3. Achenbach, D., et al.: Your money or your life—modeling and analyzing the security of electronic payment in the UC framework. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 243–261. Springer, Cham (2019).

    CrossRef  Google Scholar 

  4. Altuwaiyan, T., Hadian, M., Liang, X.: EPIC: efficient privacy- preserving contact tracing for infection detection. In: ICC 2018, pp. 1–6 IEEE (2018).

  5. Beaver, D.: How to break a “Secure’’ oblivious transfer protocol. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 285–296. Springer, Heidelberg (1993).

    CrossRef  Google Scholar 

  6. Bell, J., Butler, D., Hicks, C., Crowcroft, J.: TraceSecure: towards privacy preserving contact tracing. In: ArXiv e-prints (2020). id: 2004.04059 [cs.CR]

    Google Scholar 

  7. Berke, A., Bakker, M., Vepakomma, P., Raskar, R., Larson, K., Pentland, A.: Assessing disease exposure risk with location data: a proposal for cryptographic preservation of privacy. In: ArXiv e-prints (2020). id: 2003.14412 [cs.CR]

    Google Scholar 

  8. Beskorovajnov, W., Dörre, F., Hartung, G., Koch, A., Müller-Quade, J., Strufe, T.: ConTra corona: contact tracing against the coronavirus by bridging the centralized-decentralized divide for stronger privacy (2020). Cryptology ePrint Archive, Report 2020/505

    Google Scholar 

  9. Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems (2021).

  10. Brack, S., Reichert, L., Scheuermann, B.: CAUDHT: decentralized contact tracing using a DHT and blind signatures. In: Tan, H., Khoukhi, L., Oteafy, S. (eds.) 2020.

  11. Chan, J., et al.: PACT: privacy sensitive protocols and mechanisms for mobile contact tracing. ArXiv e-prints (2020). id: 2004.03544 [cs.CR]

    Google Scholar 

  12. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145. IEEE Computer Society (2001).

  13. Castelluccia, C., et al.: DESIRE: a third way for a european exposure notification system (2020). for-EU-exposure-notification/project-DESIRE

  14. Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clone wars: efficient periodic n-times anonymous authentication. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) CCS 2006, pp. 201–210. ACM (2006).

  15. Cho, H., Ippolito, D., Yu, Y.W.: Contact tracing mobile apps for COVID-19: privacy considerations and related trade-offs. ArXiv e-prints (2020). id: 2003.11511 [cs.CR]

    Google Scholar 

  16. Canetti, R., et al.: Privacy-preserving automated exposure notification. Cryptology ePrint Archive, Report 2020/863 (2020)

    Google Scholar 

  17. Canetti, R., Trachtenberg, A., Varia, M.: Anonymous collocation discovery: harnessing privacy to tame the coronavirus. ArXiv e-prints (2020). id: 2003.13670 [cs.CY]

    Google Scholar 

  18. DP-3T Project: Privacy and Security Risk Evaluation of Digital Proximity Tracing Systems (2020).

  19. DP-3T Project: Security and privacy analysis of the document ‘PEPP- PT: Data Protection and Information Security Architecture’ (2020). %20Security%20and%20privacy%20analysis.pdf

  20. DP-3T Project: Security and privacy analysis of the document ‘ROBERT: ROBust and privacy-presERving proximity Tracing’ (2020).

  21. DP3T Project: FAQ: Decentralized Proximity Tracing (2020).

  22. Danz, N., Derwisch, O., Lehmann, A., Pünter, W., Stolle, M., Ziemann, J.: Provable security and privacy of decentralized cryptographic contact tracing. Cryptology ePrint Archive, Report 2020/1309 (2020)

    Google Scholar 

  23. Duong, T., Phan, D.H., Trieu, N.: Catalic: delegated PSI cardinality with applications to contact tracing. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 870–899. Springer, Cham (2020).

    CrossRef  Google Scholar 

  24. Fraunhofer AISEC: Pandemic Contact Tracing Apps: DP-3T, PEPP-PT NTK, and ROBERT from a Privacy Perspective. Cryptology ePrint Archive, Report 2020/489 (2020)

    Google Scholar 

  25. Feehan, D.M., Mahmud, A.S.: Quantifying population contact patterns in the United States during the COVID-19 pandemic. Nat. Commun. 12(1), 1–9 (2021).

  26. Fitzsimons, J.K., Mantri, A., Pisarczyk, R., Rainforth, T., Zhao, Z.: A note on blind contact tracing at scale with applications to the COVID-19 pandemic. In: Volkamer, M., Wressnegger, C. (eds.) ARES 2020, pp. 92:1–92:6. ACM (2020).

  27. Garofalo, G., Hamme, T.V., Preuveneers, D., Joosen, W., Abidin, A., Mustafa, M.A.: PIVOT: PrIVate and effective cOntact Tracing. Cryptology ePrint Archive, Report 2020/559 (2021)

    Google Scholar 

  28. Kuhn, C., Beck, M., Strufe, T.: Covid notions: towards formal definitions - and documented understanding - of privacy goals and claimed protection in proximity-tracing services. In: Online Social Networks Media, vol. 22 (2021).

  29. Lindell, Y.: How to simulate it – a tutorial on the simulation proof technique. In: Tutorials on the Foundations of Cryptography. ISC, pp. 277–346. Springer, Cham (2017).

    CrossRef  MATH  Google Scholar 

  30. Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992).

    CrossRef  Google Scholar 

  31. PePP-PT e.V.: Pan-European Privacy-Preserving Proximity Tracing (2020).

  32. PePP-PT e.V.: PEPP-PT NTK High-Level Overview (2020).

  33. PePP-PT e.V.: ROBust and privacy-presERving proximity Tracing protocol (2020).

  34. Rivest, R.L., et al.: A Global Coalition for Privacy-First Digital Contact Tracing Protocols to Fight COVID-19.

  35. Rivest, R.L., et al.: The PACT protocol specification (2020).

  36. Troncoso, C., et al.: Decentralized privacy-preserving proximity tracing. IEEE Data Eng. Bull. 43(2), 36–66 (2020). First published 3 April 2020 on

  37. The Tor Project, Inc.: TOR Project.

  38. Trieu, N., Shehata, K., Saxena, P., Shokri, R., Song, D.: Epione: lightweight contact tracing with strong privacy. IEEE Data Eng. Bull. 43(2), 95–107 (2020).

  39. Vaudenay, S.: Analysis of DP3T. Cryptology ePrint Archive, Report 2020/399 (2020)

    Google Scholar 

  40. Vaudenay, S.: Centralized or Decentralized? The Contact Tracing Dilemma. Cryptology ePrint Archive, Report 2020/531 (2020)

    Google Scholar 

Download references


We would like to express our gratitude to Michael Klooß and Jeremias Mechler for helpful comments. This work was supported by funding from the topic Engineering Secure Systems of the Helmholtz Association (HGF) and by KASTEL Security Research Labs. We thank Serge Vaudenay for his comments.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Alexander Koch .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Beskorovajnov, W., Dörre, F., Hartung, G., Koch, A., Müller-Quade, J., Strufe, T. (2021). ConTra Corona: Contact Tracing against the Coronavirus by Bridging the Centralized–Decentralized Divide for Stronger Privacy. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13091. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92074-6

  • Online ISBN: 978-3-030-92075-3

  • eBook Packages: Computer ScienceComputer Science (R0)