TY - JOUR N2 - We analyze the Google-Apple exposure notification mechanism designed by the Apple-Google consortium and deployed on a large number of Corona-warn apps. At the time of designing it, the most important issue was time-to-market and strict compliance with the privacy protection rules of GDPR. This resulted in a plain but elegant scheme with a high level of privacy protection. In this paper we go into details and propose some extensions of the original design addressing practical issues. Firstly, we point to the danger of a malicious cryptographic random number generator (CRNG) and resulting possibility of unrestricted user tracing. We propose an update that enables verification of unlinkability of pseudonymous identifiers directly by the user. Secondly, we show how to solve the problem of verifying the “same household” situation justifying exempts from distancing rules. We present a solution with MIN-sketches based on rolling proximity identifiers from the Apple-Google scheme. Thirdly, we examine the strategies for revealing temporary exposure keys. We have detected some unexpected phenomena regarding the number of keys for unbalanced binary trees of a small size. These observations may be used in case that the size of the lists of diagnosis keys has to be optimized. L1 - http://www.czasopisma.pan.pl/Content/119685/PDF/06_02085_Bpast.No.69(4)_27.08.21_druk.pdf L2 - http://www.czasopisma.pan.pl/Content/119685 PY - 2021 IS - 4 EP - e137126 DO - 10.24425/bpasts.2021.137126 KW - contact tracing KW - exposure notification KW - privacy KW - verifiability KW - temporary exposure key KW - rolling proximity identifier KW - diagnosis key KW - data sketch KW - Jaccard similarity A1 - Bobowski, Adam A1 - Cichoń, Jacek A1 - Kutyłowski, Mirosław VL - 69 DA - 24.04.2021 T1 - Extensions for Apple-Google exposure notification mechanism SP - e137126 UR - http://www.czasopisma.pan.pl/dlibra/publication/edition/119685 T2 - Bulletin of the Polish Academy of Sciences Technical Sciences ER -