I am developing an application for alert people if they meet a positive person covid-19.
I am very concerned about user privacy. So I need to make a user completely anonymous.
What you want is the following.
Suppose there are devices A, B, C,
A, B and C must broadcast their own UUID via Bluetooth
When A, B, and C are close to each other, A will have B, C UUID, and B will get A, C UUID, and vice versa.
Suppose A discovers that A is positive for Covid-19.
A will upload its UUID to a central server B and C also verifies the UUIDs with the server.
When B, C retrieves the UUID list of the infected person B's applications, C will check to see if they match any of the UUIDs downloaded from the server with the locally saved UUID.
But in my case I don't want the server to find the UUID of A. But somehow I need to send the UUID of A to other devices too. What will be the best approach?
All devices will generate their own public and private key pairs.
Each application will encrypt its UUID with the public key it has generated and transmit to the other devices encrypted with the public key UUID +.
Once a particular user finds it positive for covid-19, it will upload their private key to the server.
All applications will download all private keys from all Covid positive devices. and check if the applications themselves can decrypt your messages with the private keys they have.
Is this possible? or what will be the best approach.
It is stupid to reveal the private key. And it will also be chaos to find the appropriate public key matching the private key as well … But nevertheless this was the only thing I could think of.