Introduction

About this Document

This document describes the security concepts of the luca system as well as the processes and cryptographic functions in technical detail. It also explains the guarantees luca provides to its users and how these guarantees are accomplished.

Both luca and this document are continuously improved and in active development. If you discover any issues with the concepts in this document or any mismatch between the document and luca’s behaviour, please contact us directly at security@luca-app.de for responsible disclosure.

We greatly appreciate your feedback.

Contributors

This document is owned by culture4life GmbH, which is also responsible for the development of luca. It is continuously developed and reviewed in cooperation with security experts and partners such as neXenio GmbH.

Guarantees Provided by luca

luca’s main goal is to protect guests’ personal data. The technical description of the guarantees luca aims to provide to its users can be found in the chapter Security Objectives.

In contrast to the paper-based approach to collecting contact data at restaurants and other public venues, luca is designed to prevent the venue’s staff, luca itself and other 3rd parties from accessing this data. Public health authorities (i.e. “Gesundheitsämter”) are the only entity that can access the relevant personal data of guests to conduct contact tracing of users who have been potentially exposed to SARS-CoV2. Similar to the traditional paper-based contact data collection, the health authorities need the venue owner’s consent to access this information.

luca aims to underpin all security and data protection objectives and guarantees with cryptographic protocols wherever feasible. This document describes the current implementation status of the luca system and provides security considerations where some aspects of these guarantees are not yet fully met.

Please also note the planned improvements.

Overview

The remainder of this document is divided into six sections. The first section, “System Overview”, explains the important components, assets, security objectives and cryptographic secrets in the system. Section two describes how different actors are onboarded and registered in the system. Sections three and four describe the parts of the system most visible to our users: the various ways users can check-in at luca venues. Finally, the section “Contact Tracing” describes how public health authorities can use luca to identify chains of infection with the explicit consent of luca venues. The appendix contains technical details about the cryptography used in luca and improvements scheduled for the near future.