A place to cache linked articles (think custom and personal wayback machine)
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

index.html 16KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300
  1. <!doctype html><!-- This is a valid HTML5 document. -->
  2. <!-- Screen readers, SEO, extensions and so on. -->
  3. <html lang="fr">
  4. <!-- Has to be within the first 1024 bytes, hence before the <title>
  5. See: https://www.w3.org/TR/2012/CR-html5-20121217/document-metadata.html#charset -->
  6. <meta charset="utf-8">
  7. <!-- Why no `X-UA-Compatible` meta: https://stackoverflow.com/a/6771584 -->
  8. <!-- The viewport meta is quite crowded and we are responsible for that.
  9. See: https://codepen.io/tigt/post/meta-viewport-for-2015 -->
  10. <meta name="viewport" content="width=device-width,initial-scale=1">
  11. <!-- Required to make a valid HTML5 document. -->
  12. <title>Temporary Contact Number based Contact Tracing (archive) — David Larlet</title>
  13. <meta name="description" content="Publication mise en cache pour en conserver une trace.">
  14. <!-- That good ol' feed, subscribe :). -->
  15. <link rel="alternate" type="application/atom+xml" title="Feed" href="/david/log/">
  16. <!-- Generated from https://realfavicongenerator.net/ such a mess. -->
  17. <link rel="apple-touch-icon" sizes="180x180" href="/static/david/icons2/apple-touch-icon.png">
  18. <link rel="icon" type="image/png" sizes="32x32" href="/static/david/icons2/favicon-32x32.png">
  19. <link rel="icon" type="image/png" sizes="16x16" href="/static/david/icons2/favicon-16x16.png">
  20. <link rel="manifest" href="/static/david/icons2/site.webmanifest">
  21. <link rel="mask-icon" href="/static/david/icons2/safari-pinned-tab.svg" color="#07486c">
  22. <link rel="shortcut icon" href="/static/david/icons2/favicon.ico">
  23. <meta name="msapplication-TileColor" content="#f0f0ea">
  24. <meta name="msapplication-config" content="/static/david/icons2/browserconfig.xml">
  25. <meta name="theme-color" content="#f0f0ea">
  26. <!-- Documented, feel free to shoot an email. -->
  27. <link rel="stylesheet" href="/static/david/css/style_2020-06-19.css">
  28. <!-- See https://www.zachleat.com/web/comprehensive-webfonts/ for the trade-off. -->
  29. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  30. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  31. <link rel="preload" href="/static/david/css/fonts/triplicate_t4_poly_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)" crossorigin>
  32. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_regular.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  33. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_bold.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  34. <link rel="preload" href="/static/david/css/fonts/triplicate_t3_italic.woff2" as="font" type="font/woff2" media="(prefers-color-scheme: dark)" crossorigin>
  35. <script type="text/javascript">
  36. function toggleTheme(themeName) {
  37. document.documentElement.classList.toggle(
  38. 'forced-dark',
  39. themeName === 'dark'
  40. )
  41. document.documentElement.classList.toggle(
  42. 'forced-light',
  43. themeName === 'light'
  44. )
  45. }
  46. const selectedTheme = localStorage.getItem('theme')
  47. if (selectedTheme !== 'undefined') {
  48. toggleTheme(selectedTheme)
  49. }
  50. </script>
  51. <meta name="robots" content="noindex, nofollow">
  52. <meta content="origin-when-cross-origin" name="referrer">
  53. <!-- Canonical URL for SEO purposes -->
  54. <link rel="canonical" href="https://lucumr.pocoo.org/2020/4/9/tcn-contact-tracing/">
  55. <body class="remarkdown h1-underline h2-underline h3-underline hr-center ul-star pre-tick">
  56. <article>
  57. <header>
  58. <h1>Temporary Contact Number based Contact Tracing</h1>
  59. </header>
  60. <nav>
  61. <p class="center">
  62. <a href="/david/" title="Aller à l’accueil">🏠</a> •
  63. <a href="https://lucumr.pocoo.org/2020/4/9/tcn-contact-tracing/" title="Lien vers le contenu original">Source originale</a>
  64. </p>
  65. </nav>
  66. <hr>
  67. <main>
  68. <p class="date">written on Thursday, April 9, 2020
  69. </p>
  70. <p>I have already talked here before about <a class="reference external" href="https://lucumr.pocoo.org/2020/4/3/contact-tracing/">privacy preserving contact
  71. tracing</a> to fight Covid-19 but I figured I
  72. give an update to this. I have spent the last week now investigating
  73. different approaches to this and my view has changed quite a bit.</p>
  74. <p>I strongly believe that contact tracing through phone apps is one of our
  75. best chances to return to normal and without losing our civil liberties.
  76. If you want to understand why, have a look at <a class="reference external" href="https://lucumr.pocoo.org/2020/4/3/contact-tracing/">previous post about this
  77. topic</a>.</p>
  78. <div class="section" id="two-fundamental-approaches">
  79. <h2>Two Fundamental Approaches</h2>
  80. <p>In the previous post I talked in favour of a partially centralized
  81. approach. This was largely because I felt that one of the inherent
  82. problems of any privacy preserving contact tracing system could be
  83. somewhat mitigated. That downside is that a person could always use any
  84. such contact tracing system in a way where they could determine that
  85. another person they met tested positive for covid-19 later. With a
  86. system that has support from a central authority this still cannot be
  87. prevented, but such behavior could be detected as abusive. However I am
  88. not quite convinced that this would just be security by obscurity and that
  89. the more correct way to deal with this is to just fundamentally
  90. communicate to users that this is an inherent property of the system.</p>
  91. <p>So the disclaimer to any app has to be: if you do not want that other
  92. people discover when you will test positive for covid-19 you should not
  93. use any contact tracing apps. Which is also why I strongly believe that
  94. any such system absolutely needs to be voluntary.</p>
  95. <p>So if I no longer believe in favour of the centralized approach, what do I
  96. prefer then? Quite simply put an approach based on temporary contact
  97. numbers, short <a class="reference external" href="https://tcn-coalition.org/">TCNs</a>. These protocols are
  98. fundamentally decentralized and give us some other benefits.</p>
  99. </div>
  100. <div class="section" id="reality-on-the-ground">
  101. <h2>Reality on the Ground</h2>
  102. <p>What makes application based contact tracing very interesting is that they
  103. take advantage of working on top of a widely deployed piece of hardware:
  104. smart phones. Specifically smartphones which support Bluetooth low
  105. energy (BLE). If you hold an AirPods case close to your iPhone you will
  106. notice that something happens on your screen. BLE is what enables that.</p>
  107. <p>The downside of this is that BLE comes with some restrictions. The two
  108. most relevant ones are the payload size. BLE comes with different modes
  109. and different platforms call this in different ways but the most
  110. compatible and energy preserving modes restrict us to under 30 bytes of
  111. payload. That's not enough to make fancy public key cryptography work
  112. which would be necessary for centralized approaches to play to their
  113. advantages. This is also why systems that currently follow the
  114. centralized approach will typically exchange a short ID and the extra
  115. payload is then actually exchanged through the cloud or <a class="reference external" href="https://en.wikipedia.org/wiki/Bluetooth_Low_Energy#GATT_operations">GATT</a>.
  116. The former makes a system that could be somewhat decentralized much more
  117. centralized.</p>
  118. <p>TCN based protocols instead will exchange just random identifiers instead.
  119. Most TCN based protocols currently suggest between 16 and 26 bytes of
  120. effectively random data which is easier to work with.</p>
  121. <p>Another complexity is that at present iOS devices in background cannot
  122. discover each other. This limitation might be solvable by Apple and it
  123. appears various groups are currently in contact with Apple to see what can
  124. be done. Interestingly an iOS device with the app in background can be
  125. discovered by an Android device so there might be a way to fix this.</p>
  126. </div>
  127. <div class="section" id="tcn-strawman-protocol">
  128. <h2>TCN Strawman Protocol</h2>
  129. <p>The TCN strawman protocol is the most basic of all these protocols. It
  130. was first written down by the <a class="reference external" href="https://www.coepi.org/">Co-Epi project</a>
  131. and is very easy to explain.</p>
  132. <ol class="arabic simple">
  133. <li>all mobile phones randomly generate TCNs and remember and broadcast
  134. these.</li>
  135. <li>all mobile phones check against a server which publishes TCNs that are
  136. known to be covid-19 positive.</li>
  137. <li>all mobile phones check their local contact list against the downloaded
  138. list locally for an intersection.</li>
  139. </ol>
  140. <p>Step 2 is the only one where a central system is necessary. For instance
  141. this could be the server of the Austrian Red Cross which publishes TCNs.
  142. Since the TCNs of encounters are only stored on the devices they have to
  143. get on contact with covid-19 tested positive individuals first.</p>
  144. <p>The strawman protocol wouldn't work in practice at the peak of the
  145. infection because of the sheer data requirements. However there are
  146. various cryptographic tricks which are floating around to reduce the size
  147. of the data set.</p>
  148. </div>
  149. <div class="section" id="dp-3t">
  150. <h2>DP-3T</h2>
  151. <p><a class="reference external" href="https://github.com/DP-3T/documents/">DP-3T</a> is currently one of the
  152. most promising protocols here. It has a low cost variant which satisfies
  153. most of the qualities of the strawman protocol while reducing the amount
  154. of data greatly (to around 1.5MB of data per day for a peak infection rate
  155. of 40.000 infections a day). Additionally it comes with a protocol
  156. extension (“Unlinkable decentralized proximity tracing”) which improves on
  157. the simple protocol in a few important aspects. Specifically it makes it
  158. significantly harder for an adversary to track or identify infected users
  159. at the cost of higher bandwidth requirements.</p>
  160. <p>A simple version of the protocol is easily explained:</p>
  161. <ol class="arabic simple">
  162. <li>A device generates a secret key. Each day the user derives a new
  163. version of the secret key by feeding it into a ratchet like a SHA256
  164. hash function.</li>
  165. <li>Each day the device generates TCNs out of the day's secret key for
  166. instance by using a AES in counter mode. If for instance we want to
  167. switch TCNs every 15 minutes we would need to generate 4 * 24 * 16 bytes
  168. worth of TCNs to have enough for a day.</li>
  169. <li>Devices now broadcast a random TCN for the day for 15 minutes each.</li>
  170. <li>When a device encounters another person and they consider the contact
  171. long enough, they record the approximate time of day and the TCN
  172. encountered.</li>
  173. <li>When a user tests covid-19 positive they upload the secret key of the
  174. first day of infection and generate a new secret key.</li>
  175. <li>Other devices now download the secret key for that user and generate
  176. all possible TCNs locally and check for infection. They only need to
  177. generate 14 derivations of the secret key and the 96 TCNs for each day.</li>
  178. </ol>
  179. <p>In the more complex version the device uploads seeds of the secret keys
  180. for all time windows in the infection window. On the backend server a
  181. <a class="reference external" href="https://en.wikipedia.org/wiki/Cuckoo_filter">cuckoo filter</a> is created
  182. every 4 hours and the seeds are inserted. Because Cuckoo filters have a
  183. small probability of producing false positives parameters need to be
  184. selected appropriately to reduce this risk. The upside is that the sets
  185. of identifiers used by the same user are hidden.</p>
  186. </div>
  187. <div class="section" id="pepp-pt-and-local-governments">
  188. <h2>PEPP-PT and Local Governments</h2>
  189. <p>So this leads us to <a class="reference external" href="https://www.pepp-pt.org/">PEPP-PT</a>. It would
  190. appear that PEPP-PT is evaluating DP-3T as the reference protocol and
  191. they are going to open source the code with the idea to support local
  192. authorities in implementing their own version. Officially they have not
  193. decided between centralized or TCN approaches yet, but there seems to be a
  194. high chance it will be the latter. The concept is also very simple.
  195. Simple enough that if you want to explain this system to others, there is
  196. also a nice little <a class="reference external" href="https://ncase.me/contact-tracing/">comic strip available</a> that explains it.</p>
  197. <p>If your local government is planning on implementing a covid tracing app
  198. it might be worth directing them towards <a class="reference external" href="https://github.com/Co-Epi">Co-Epi</a>. It already has an implementation
  199. of many of the same ideas in their GitHub repository. If they do want a
  200. centralized approach the Singaporean government Open Sourced their
  201. application under GPL3 under the name <a class="reference external" href="https://bluetrace.io/">BlueTrace</a>. It avoids largely unnecessary cloud
  202. infrastructure from what I can tell.</p>
  203. </div>
  204. </main>
  205. </article>
  206. <hr>
  207. <footer>
  208. <p>
  209. <a href="/david/" title="Aller à l’accueil">🏠</a> •
  210. <a href="/david/log/" title="Accès au flux RSS">🤖</a> •
  211. <a href="http://larlet.com" title="Go to my English profile" data-instant>🇨🇦</a> •
  212. <a href="mailto:david%40larlet.fr" title="Envoyer un courriel">📮</a> •
  213. <abbr title="Hébergeur : Alwaysdata, 62 rue Tiquetonne 75002 Paris, +33184162340">🧚</abbr>
  214. </p>
  215. <template id="theme-selector">
  216. <form>
  217. <fieldset>
  218. <legend>Thème</legend>
  219. <label>
  220. <input type="radio" value="auto" name="chosen-color-scheme" checked> Auto
  221. </label>
  222. <label>
  223. <input type="radio" value="dark" name="chosen-color-scheme"> Foncé
  224. </label>
  225. <label>
  226. <input type="radio" value="light" name="chosen-color-scheme"> Clair
  227. </label>
  228. </fieldset>
  229. </form>
  230. </template>
  231. </footer>
  232. <script type="text/javascript">
  233. function loadThemeForm(templateName) {
  234. const themeSelectorTemplate = document.querySelector(templateName)
  235. const form = themeSelectorTemplate.content.firstElementChild
  236. themeSelectorTemplate.replaceWith(form)
  237. form.addEventListener('change', (e) => {
  238. const chosenColorScheme = e.target.value
  239. localStorage.setItem('theme', chosenColorScheme)
  240. toggleTheme(chosenColorScheme)
  241. })
  242. const selectedTheme = localStorage.getItem('theme')
  243. if (selectedTheme && selectedTheme !== 'undefined') {
  244. form.querySelector(`[value="${selectedTheme}"]`).checked = true
  245. }
  246. }
  247. const prefersColorSchemeDark = '(prefers-color-scheme: dark)'
  248. window.addEventListener('load', () => {
  249. let hasDarkRules = false
  250. for (const styleSheet of Array.from(document.styleSheets)) {
  251. let mediaRules = []
  252. for (const cssRule of styleSheet.cssRules) {
  253. if (cssRule.type !== CSSRule.MEDIA_RULE) {
  254. continue
  255. }
  256. // WARNING: Safari does not have/supports `conditionText`.
  257. if (cssRule.conditionText) {
  258. if (cssRule.conditionText !== prefersColorSchemeDark) {
  259. continue
  260. }
  261. } else {
  262. if (cssRule.cssText.startsWith(prefersColorSchemeDark)) {
  263. continue
  264. }
  265. }
  266. mediaRules = mediaRules.concat(Array.from(cssRule.cssRules))
  267. }
  268. // WARNING: do not try to insert a Rule to a styleSheet you are
  269. // currently iterating on, otherwise the browser will be stuck
  270. // in a infinite loop…
  271. for (const mediaRule of mediaRules) {
  272. styleSheet.insertRule(mediaRule.cssText)
  273. hasDarkRules = true
  274. }
  275. }
  276. if (hasDarkRules) {
  277. loadThemeForm('#theme-selector')
  278. }
  279. })
  280. </script>
  281. </body>
  282. </html>