Next Generation Contact Tracing
PoC For Contact Tracing Built on Conflux Network and How It Can Address Privacy Concerns
Privacy is a massive concern for today’s technology, and it holds the spotlight within contact tracing methods especially as the world grapples with the implications of COVID-19. However, recent studies in the US showed that approximately 70% of Americans would not participate in contact tracing applications because of a general mistrust of large institutions from governments to corporate giants like Apple and Google.
This is where blockchain technology can step in. Public blockchain networks operate independently of previously mentioned institutions, and additionally, all the code can easily be open-sourced for verification and collaborative development. In that, there is the opportunity to increase blockchain technology adoption across the world, introduce a more privacy-conscientious contact tracing system, and work to better manage the next viral outbreak.
Simple Contact Tracing DApp
The basic framework for a contact tracing decentralized application (DApp) can be found on Github and as a deployed web app. This project was described in a previous article about next-generation contact tracing, and this article seeks to explain more details about the code and some proposed improvements for privacy.
Overall, the core mechanism is tokenized contact that is facilitated by transactions on the Conflux Network to leverage incentive benefits as well as transaction sponsorship to help expand adoption. Contact is initiated through the exchange of Bluetooth Low Energy (BLE) payloads which are then hashed as addresses, and tokens are sent to the corresponding addresses.
The main functionality revolves around the registration smart contract where any stored data is only accessible by the smart contract or by the original owner. As shown below, the majority of functions facilitate the registration processes, rewarding the user, and checking the health of a contact without revealing the contact’s address (identifier).
The newRegistration() function is used to deploy an individual token contract that facilitates unique token transfers, and can only be called once for each address; however, the address of the individual contract can be retrieved using the getIndividual() function. The registerPayload() function takes BLE payload that is passed in as a bytes array and hashes it to a unique address. This address is used to map individual token contracts to each payload in order to facilitate the checkHealth() function. Additionally, the registerPayload() function calls reward() which transfers a reward to the user once a day. In the checkHealth() function, an address pair is passed in; these are used to verify that the user is allowed to check the health status of a contact. The contactPayload is used to connect with the proper individual token contract, and the personalPayload is used to verify the user and the contact token exchange in the checkStatus() function of the individual contract. If the pair of addresses is valid, then the health status of the contact is returned.
The individual token contract is not precisely a token contract as the token cannot be exchanged. Additionally, there is never a direct query from a user to a different individual contract which removes the need for checking balances as well. However, if needed, it can easily be converted to an ERC-20 token standard with similar functionality to facilitate the contact tracing portions.
When the individual contract is first created, the constructor() is called to set up the proper access controls for the registration contract and the user. The main function is contact() which takes the contact BLE payload, hashes it to an address, and keeps track of it similar to a token amount. The toggleHealthy() and getStatus() are used to check and manage the health status of the individual, and others can check the health status through the registration contract that calls the checkStatus() function. The checkStatus() function will check if the requested payload address has been sent a token, and return the health parameter accordingly to ensure that only actual contacts have access to the parameter.
Overall, it is a very simple implementation and the demo web app files provide a sample of how to track the payload address pairs using the browser local storage, and connecting to the Conflux Network blockchain using Conflux Portal. There are still many more possibilities for improved performance through transaction batching, Conflux Network’s transaction sponsorship, Layer-2 technology, mobile development, and cross-compatibility with other BLE-based contact tracing methods.
Privacy Concerns and Solutions
Privacy concerns are a very valid consideration especially for centralized contact tracing apps. Additionally, using a public blockchain may also raise concerns as all transactions are public. However, there is a level of privacy guaranteed by the anonymity of addresses. If a user’s address has not been directly linked with them, then it is very difficult to form that connection and virtually impossible to find a specific person’s address. So even though transactions are public, the person behind the transaction can remain anonymous. Another method to leverage the anonymity is for a user to switch wallet addresses periodically to add another layer of randomness to any tracking.
The next level of privacy would be to mask the transaction sender — similar to shielded transactions occurring on Zcash that can hide any parameter. This is done through zero-knowledge proofs implemented using zk-SNARKS or zk-STARKS. Both methods are a combination of off-chain and on-chain code that allows for users to hide portions of their transactions — and in this case, sender address. Additionally, this is a constantly developing area with projects like ZoKrates looking to bring zk-SNARK technology to public blockchains, and continued advancement in the cryptography+blockchain fields.
At Conflux Network, we believe that blockchain technology can be the solution to the various questions surrounding contact tracing. And the simple open-source DApp are the beginnings of a contact tracing application that has incentive mechanisms for longevity and privacy through simple anonymity. However, there are many avenues of improvement — from mobile development to privacy — that can become an introduction of blockchain technology to the general public and bring about mainstream participation.
Written by Conflux Network’s Research Engineer Aaron Lu