This year, the Peter G. Peterson Foundation Pandemic Response Policy Research Fund is providing $226,536 to support four Brown University research projects that will help policymakers, health officials, educators, and community leaders understand and address critical lessons learned from COVID-19. One of them (“Privacy-Preserving Digital Health Certificates”), led by Brown CS faculty member Anna Lysyanskaya, will explore using privacy-preserving authentication algorithms in digital vaccine credentials.
“One important aftermath of the COVID-19 pandemic,” says Anna, “is the widespread introduction of digital vaccine passports. Despite these applications’ great ease and convenience, they represent a significant threat to the personal privacy of the individuals using them, since every transaction reveals personally identifying information. By using privacy-preserving authentication algorithms in vaccine credentials, we can ensure that, during a transaction, no information about you is revealed, other than the fact that you have satisfied a set of vaccination/testing requirements.”
It may seem counter-intuitive, Anna tells us, that someone can prove that they’re an authorized individual without revealing anything about themself. How can they show their certificate and yet not reveal it at the same time? But anonymous credentials are made possible by the fundamental idea of zero-knowledge proof systems.
In a regular – not zero-knowledge – proof system, Anna explains, there are two parties, a Prover and a Verifier, and the Prover wants to convince the Verifier that some statement is true. A proof system is also a zero-knowledge proof system if, informally, the Verifier doesn’t learn anything that they couldn’t already compute without interacting with the Prover at all.
Much of Anna’s career has been spent in the creation of efficient, practical algorithms for zero-knowledge proofs of knowledge of a document D and a valid (under a verification key PK) digital signature σ on that document. In this kind of proof, no information about D or σ is revealed to the Verifier. Additionally, even though D is not revealed, the Prover can convince the Verifier (again, in zero-knowledge) that the document D contains the information that the Verifier needs to accept it. For example, for vaccination certificates, D contains a list of vaccination doses received, and is acceptable if the last booster shot was given less than six months earlier.
How does this work? Let’s use acceptance condition A as the name for a procedure that determines whether or not D is acceptable, whether in the anonymous setting or not. If A(D) = True, the Verifier accepts; if not, they reject. Thus, anonymous credentials allow a Verifier to know that a Prover is in possession of a vaccination certificate signed by an authority such that A(D) = True without revealing any other information about D.
“The policy implications of this work,” Anna says, “are that it will create a roadmap for the development of vaccine passports that are not as intrusive from the privacy point of view as the solutions that are currently available. In turn, this will lead to greater public acceptance of vaccine passports, and eliminate the possibility of discrimination due to loss of privacy as a result of their use.”
The three other projects receiving the award aim to create a national diagnostic testing playbook, analyze learning loss recovery in U.S. school districts and the impact of schooling modes on student health, and compile solutions to mitigate healthcare misinformation.
“These innovative research projects will help improve our understanding about future pandemics and their aftermath,” says Jill Pipher, Vice President for Research at Brown University. “They address hard lessons learned from the COVID-19 pandemic in critical areas including testing diagnostics, data privacy, misinformation and learning loss – and will help guide policymakers going forward.”
The full list of awardees is available here.
For more information, click the link that follows to contact Brown CS Communications Manager Jesse C. Polhemus.