# Privacy-preserving Humanitarian Aid Distribution One of the tasks humanitarian organizations realize is the distribution of aid to those in needs, e.g., after natural disasters or in war zones. To effectively distribute goods, humanitarian organizations many times need to check that recipients are entitled to receive the aid. Traditionally, they use paperbased systems to support aid-distribution, e.g., a list with recipients’ information and allocation of goods, or paper vouchers valid for particular aid items. These approaches, while practical, are slow to scale and hard to protect from double dipping. Therefore, there is a push to digitalize these processes. But digitalization comes at the cost of data collection and creation of digital traces that can endanger those that require the most protection. Together with the ICRC, we have designed a system that enables humanitarian organizations to harness the potential of digitalization and at the same time minimize risk for recipients. These are the main features of our solution: * It can operate on scenarios with no communication capability between registration and communication desk * It can support one-time and periodic aid distribution * It can support individual and per-household aid distribution * It requires no database of recipients at distribution * It enables the use of biometrics without creating a database * Aid rights can be revoked in case of misuse * Aid entitlement can be changed if recipients situation changes * It supports auditing -- checking the number of goods distributed to legitimate recipients, without revealing information about individual households We designed two variants of the solution suitable for different scenarios. Both provide the above feature set, but they run on different devices. The first, uses smart cards provided by the aid organization. Smart cards work in most scenarios, but requires distribution infrastructure and dealing with cards. The second, can be integrated into smart phones when those are available to aid recipients reducing distribution and operating costs. ## How privacy-friendly aid distribution works *Registration.* To be able to receive aid in our system, a person (maybe representing a household) must first register with the aid organization. This process starts in the same way as humanitarian organizations usually operate. At the registration station, the organization verifies that this household is entitled to receive aid, determines the amount of aid that this household is entitled to receive (the entitlement), and checks that this household did not register before. Then, to enable use of the system, the household representative receives one or more smart cards (e.g., for the head of household, and for other members). Encoded digitally on these cards is the entitlement for this household, for example, a certain number of food items and hygiene kits. We then ensure that every household can at most request aid once per distribution period. Technically this means that in each distribution round at most one card per household can be used. We achieve this by having cards internally generate a per-household cryptographic key shared by all the household cards. *Aid distribution.* To receive aid, a household member presents their smart card to the distribution station. The smart card reveals to the station: * *The entitlement* of the household as established during registration * *A double spending tag* that is used to avoid giving aid again to the same household. Technically, this tag is computed using a cryptographic hash function based on the household secret key and the current distribution round. ![](https://hackmd.io/_uploads/S169pThU3.png) Smart cards are trusted (and cannot be tampered with), so the distribution station knows the entitlement and tag are correct. To detect whether more than one card of a household is used (this should not happen!), the station stores a list of all the double spending tags that it has seen for this distribution round. If another card for the same household is also used, this card will produce the same tag, so the station would see that it has already been used. In this process, the station learns very little about a house holds. It only learns the entitlement -- which it must know to deliver aid, and the tag. But the tag itself gives no information about the household or the identity of the aid recipient due to the use of the hash function. Besides, to perform all these operations no database of information about recipients is needed. All relevant data is contained within recipient-held smart cards. There is also no need on any network connectivity, only a smartcard reader at the distribution station. ## How privacy-friendly audits work At this point, you might wonder: what about auditability? Traditional solutions use lists and signatures or paper-based vouchers to support internal audit processes. The idea is that it is not easy to fake such records, thereby providing some ensurance that good were actually handed out. The privacy-friendly solution described so far, does not provide any type of audit records. Our full design supports privacy-friendly audits: * Distribution stations can prove how much aid they handed out to legitimate recipients * These audit proofs contain no information about individual recipients The first idea is to let smart cards digital sign the entitlement and tag. In this way, we can obtain records that cannot be forged, and are thus useful for auditing purposes. However, they also reveal information about individual transactions. ![](https://hackmd.io/_uploads/HkP2NRnU2.png) Therefore, we use another trick. Smart cards do not sign the entitlement directly, but instead sign a commitment to the entitlement. The commitment captures the amount, without revealing it. The card also informs the distribution station how to open the commitment. Signatures now hide individual amounts from the auditor. Obviously, the registration station can submit tags, commitments, and signatures for auditing. But how do we now still make statements about the total amount? This seems impossible, because commitments hide the individual amounts. ![](https://hackmd.io/_uploads/ryjKJkaLn.png) We use a special form of commitments that can be "summed" up, letting an auditor verify the total amount of distributed aid, without learning about individual entitlements. ### But what about smart phones? Smart phones do not provide the same tamper resistance properties as smart cards. Instead, we rely on more cryptography, including anonymous credentials and zero-knowledge proofs, to achieve the same properties. ## Frequently Asked Questions ### I want to know more! We'd be happy to talk to you (see below)! But in the mean time, you could have a look at [the full version of our academic paper](https://arxiv.org/abs/2303.17343). It goes into much more detail about the properties that we wanted to achieve. It also has all the nitty-gritty (cryptographic) details about the solutions. ### Do you have code available that we can use? We have an [academic prototype available on GitHub](https://github.com/spring-epfl/not-yet-another-id-code). This prototype includes a smart card implementation as well as a smart phone implementation. Our experiments show that the solutions perform well enough to be used in practice. However, these implementations are **not production ready**. Please contact us if you are interested in integrating our designs into your systems. We would be happy to work with you to make them suitable for deployment! ### How can I contact you * Boya Wang, Phd Student at EPFL, `boya.wang@epfl.ch` * Wouter Lueks, Faculty at CISPA Helmholtz Center for Information Security, `lueks@cispa.de` * Carmela Troncoso, Associate Professor at EPFl, `carmela.troncoso@epfl.ch` ### How should I cite your paper? You can cite our paper as: > Boya Wang, Wouter Lueks, Justinas Sukaitis, Vincent Graf Narbel and Carmela Troncoso, "Not Yet Another Digital ID: Privacy-preserving Humanitarian Aid Distribution," in 44th IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, 2023 pp. 645-663.