Digital Contact Tracing Apps: all known protocols From PEPPT-PT to DP-3T, from the Apple & Google decentralized APIs to the central log processing of BlueTrace & OpenTrace: all contract tracing projects

Digital Contact Tracing Apps: all known protocols

When it comes to Digital Contact Tracing app, it's very important to determine what tracing protocol has been implemented by the app itself. As you might already know if you've read the huge debate that dominated the home page of most newspapers all around the world during the recent COVID-19 emergency, one of the largest privacy concerns raised about the usage of centralised report processing by protocol such as PEPPT-PT, as opposed to the decentralised report processing protocols such as TCN and DP-3T.

Centralized vs Decentralized approach

In a centralized report processing protocol a user must upload their entire contact log to a health authority administered server, where the health authority is then responsible for matching the log entries to contact details, ascertaining potential contact, and ultimately warning users of potential contact. Conversely, decentralised report processing protocols, while still having a central reporting server, delegate the responsibility to process logs to clients on the network. Tokens exchanged by clients contain no intrinsic information or static identifiers. Protocols using this approach have the client upload a number from which encounter tokens can be derived by individual devices. Clients then check these tokens against their local contact logs to determine if they have come in contact with an infected patient.

The major benefit of decentralized protocols - which makes them great in terms of privacy compliance - is that the government does not process nor have access to contact logs, this approach has major privacy benefits. However, such approach also presents some issues, primarily the lack of human in the loop reporting, leading to a higher occurrence of false positives; and potential scale issues, as some devices might become overwhelmed with a large number of reports. Decentralised reporting protocols are also less mature than their centralised counterparts.

Here's a useful list of the available centralized and decentralized protocols nowadays.

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT)

  • Architecture:  Central log processing, Ephemeral IDs Fraunhofer Institute for Telecommunications
  • Author/Promoter: Robert Koch Institute, Technical University of Berlin, TU Dresden, University of Erfurt, Vodafone Germany, French Institute for Research in Computer Science and Automation (Inria)
  • License: multiple protocols, closed source, private specifications
  • URL: https://www.pepp-pt.org/ 

Google / Apple privacy-preserving tracing

Decentralized Privacy-Preserving Proximity Tracing (DP-3T)

  • Architecture: Client log processing, Ephemeral IDs
  • Author/Promoter: EPFL, ETHZ, KU Leuven, TU Delft, University College London, CISPA, University of Oxford, University of Torino / ISI Foundation
  • License: publicly-developed Apache 2.0 reference implementation, MPL 2.0 iOS/Android code
  • URL: https://github.com/DP-3T

BlueTrace / OpenTrace

  • Architecture: Central log processing, Ephemeral IDs
  • Author/Promoter: Singapore Government Digital Services
  • License: public specification, GPL 3 code
  • URL: bluetrace.io

TCN Coalition / TCN Protocol

  • Architecture: Client log processing, Ephemeral IDs
  • Author/Promoter: CovidWatch, CoEpi, ITO, Commons Project, Zcash Foundation, Openmined
  • License: public developed specification, MIT License code tcn-coalition.org
  • URL: https://github.com/TCNCoalition/TCN

Whisper Tracing Protocol (Coalition App)

  • Architecture: Client log processing, Ephemeral IDs
  • Author/Promoter: Nodle, Berkeley, California, TCN Coalition, French Institute for Research in Computer Science and Automation (Inria)
  • License: GPL 3
  • URL: https://www.coalitionnetwork.org/

Privacy Automated Contact Tracing (East Coast PACT)

  • Architecture: Client log processing, Ephemeral IDs
  • Author/Promoter: Massachusetts Institute of Technology, ACLU, Brown University, Weizmann Institute, Thinking Cybersecurity, Boston University
  • License: MIT
  • URL: https://pact.mit.edu

Privacy-Sensitive Protocols for Contact Tracing (West Coast PACT)

  • Architecture: Client log processing, Ephemeral IDs
  • Author/Promoter: University of Washington, University of Pennsylvania, Microsoft
  • License: MIT
  • URL: https://arxiv.org/abs/2004.03544

NHS contact tracing protocol

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.