Extensions for Apple-Google exposure notification mechanism

We analyze the Google-Apple exposure notification mechanism designed by the Apple-Google consortium and deployed on a large number of Corona-warn apps. At the time of designing it, the most important issue was time-to-market and strict compliance with the privacy protection rules of GDPR. This resulted in a plain but elegant scheme with a high level of privacy protection. In this paper we go into details and propose some extensions of the original design addressing practical issues. Firstly, we point to the danger of a malicious cryptographic random number generator (CRNG) and resulting possibility of unrestricted user tracing. We propose an update that enables verification of unlinkability of pseudonymous identifiers directly by the user. Secondly, we show how to solve the problem of verifying the "same household" situation justifying exempts from distancing rules. We present a solution with MIN-sketches based on rolling proximity identifiers from the Apple-Google scheme. Thirdly, we examine the strategies for revealing temporary exposure keys. We have detected some unexpected phenomena regarding the number of keys for unbalanced binary trees of a small size. These observations may be used in case that the size of the lists of diagnosis keys has to be optimized.