Privacy-preserving COVID-19 contact tracing using blockchain

The outbreak of the COVID-19 virus has caused widespread panic and global initiatives are geared towards treatment and limiting its spread. With technological advancements, several mechanisms and mobile applications have been developed that attempt to trace the physical contact made by a person with someone who has been tested COVID-19 positive. While designing these apps, user's privacy has been an afterthought and has resulted in mass violations of privacy of the public and the patients. A total of 32 countries have designed apps and rely on them as a strategy to flatten the pandemic curve. Along with lack of privacy, these methodologies are centralized, where they are fully controlled by the government and the healthcare providers. Owing to these and many other concerns, people are hesitant in the adoption of these technologies. This paper presents a detailed analysis of user tracking apps belonging to 32 countries, thus demonstrating that they collect personal data and are a gross violation of user privacy. This paper presents a novel architecture for the efficient, effective and privacy-preserving contact tracing of COVID-19 patients using blockchain. The proposed architecture preserves the privacy of individuals and their contact history by encrypting all the data specific to an individual using a privacy-preserving Homomorphic encryption scheme and storing it on a permissioned blockchain network. The contacts made with a COVID-19 positive patient are identified by performing search queries directly over the Homomorphic encrypted data stored in the blocks. Therefore, only those contacts that are suspected to be COVID-19 positive may be decrypted by the healthcare professional or government for further contact tracing/diagnosis and COVID-19 testing; thereby leading to enhanced privacy.