Blockchain-based Vaccine Passports
As the world begins to get vaccinated from COVID-19, there is increasing pressure to re-allow freedom of movement, particularly for those of us who have been vaccinated. Here I outline a simple approach using a combination of a public, globally-accessible blockchain, such as Bitcoin or Ethereum, and privacy-preserving records of personal information, where any individual can prove the vaccination status of another with only an identification document such as a driving licence, or passport.
This addresses the gap in current approaches to solve the ongoing restriction of movement. Some interesting solutions have been discussed, from Estonia considering a similar idea to the one discussed here, to Vaccine Guard. Vaccine Guard is a promising solution, but proposals require a separate physical vaccine passport, and the active participation of many independent databases. This leads to increased single points-of-failure for on-demand verification than is the case in the blockchain-based alternative outlined here.
A key issue with vaccine passports is the lack of compatibility among independent approaches, exhibited in the hurried, and flawed implementation of COVID-19 close-contact alert systems. Other important issues are privacy, and ethical considerations. The approach I describe is minimalistic, cost-effective and ready to implement, with the only information revealed about oneself being the information contained on a basic physical identification document.
Proposal
When any individual is administered a vaccine through a health authority, that record is stored along with unique identifying information of that person, such as name, date-of-birth, social security number, and in some cases, passport number. On receipt of a vaccine, this record, along with name and passport number for example, gets sent to a governmental authority. This authority must create a publicly-known address on any of the world’s largest public blockchains, a once-off operation taking a few minutes. From this address, the authority publishes a record on the blockchain with a hash of the person’s private information, and a note saying “Vaccinated”. Hash functions are public, one-way, and deterministic, meaning only someone knowing the input, the name and passport number in this instance, can produce the output, which by the deterministic property, will produce the same output every time.
Once the record is considered added to the blockchain, it becomes infeasible to remove it, meaning it will be permanently and publicly visible to any individual with internet connection. As the record was added by an address linked to a known governmental authority, any individual trusting the government will then trust that the person linked to the vaccination record was indeed vaccinated.
Why has this not been done yet?
No idea. One obstacle in this approach is governments agreeing on what constitutes a unique identifier. A simple round-table discussion over some lunch should settle this, but that might be naively optimistic, with some governments insisting on middle name, with others refusing to use date-of-birth. There are costs involved. Such a vaccine passport record would cost anywhere from $0.00232 to a whopping $9 (at time of writing), but if a government batched these vaccination records (added many records to the blockchain in one transaction), this cost would greatly reduce. Once added, verification of someones vaccination status using this blockchain record is free.
There are some subtle interpretations of revoking our right to privacy to the person requesting our vaccination status. However, the not-so-subtle right to deny entry to countries, areas or premises experienced by not producing those documents, even before COVID-19, can be considered a more than acceptable trade-off in an accelerated return to normality.
