Secrets and Identifiers

System-wide List of Secrets

badge attestation keypair

This keypair signs static Badges during their generation. Its private key is kept in the Luca Server and is used via an authenticated API endpoint by the Badge Generator. The Operator App and the Scanner Frontend use the public key to verify that a presented Badge is valid and registered with the Luca Server.

data secret

A secret cryptographic seed which is used to derive both the data encryption key and the data authentication key. This seed is encrypted twice before being sent to the Luca Server during Check-In and ultimately protects the Guest’s Contact Data. It is stored locally in the Guest App.

data encryption key

A symmetric key derived from the data secret, used to encrypt the Contact Data.

data authentication key

A symmetric key derived from the data secret during Guest Registration. It is used to authenticate the Guest’s Contact Data and Check-Ins. The data authentication key is stored encrypted on the Luca Server as a part of the encrypted guest data.

guest keypair

An asymmetric keypair created during the Guest Registration.

The keypair’s private key is used to sign the encrypted guest data and guest data transfer object. The public key is uploaded to the Luca Server.

tracing secret

A randomly generated seed used to derive trace IDs when checking in using the Guest App. It is stored locally on the Guest App until it is shared with the Health Department during contact tracing. Moreover, the tracing secret is rotated on a regular basis in order to limit the number of trace IDs that can be reconstruced when the secret is shared.

tracing TAN

The tracing TAN (Transaction Authentication Number) is a human readable code that is used during the process of Contact Tracing. By requesting a TAN from the Luca Server and communicating it to the Health Department an Infected Guest grants the Health Department access to their Contact Data.


This TAN is not to be confused with the verification TAN, which is involved in the Guest Registration process to verify the Guest’s phone number.

venue keypair

An asymmetric keypair generated locally in the Venue Owner Frontend upon Venue Registration. The keypair’s public key is used by the Operator App and Scanner Frontend to add the outer layer of encryption to the contact data reference (which is already encrypted for the daily keypair) during Guest Check-In. Its private key is stored locally and encrypted both on the device that runs the Venue Owner Frontend and the Operator App (in some roles). Please refer to Venue Registration for further details.

verification TAN

The verification TAN (Transaction Authentication Number) is a human readable code that is used to verify the Guest’s phone number during Guest Registration.

badge serial number

The 12-digit serial number that is printed on the flip-side of each Badge. A 56-bit random number that acts as a seed to derive all secrets associated with the Badge and encoded into the Badge’s QR code.


user ID

A unique identifier for the Guest in the Luca system. It indexes the encrypted guest data and is also used to derive trace IDs during Guest Check-In.

trace ID

An opaque identifier derived from a Guest’s user ID and tracing secret during Guest Check-In. It is used to identify Check-Ins by an Infected Guest after that Guest shared their tracing secret with the Health Department.

venue ID

An unique identifier for a venue registered in the Luca system. The venue ID is linked to the Venue Information stored by the Luca Server.

scanner ID

An unique identifier for an instance of a Scanner Information associated with a specific venue. Given the scanner ID the Scanner Frontend can start performing Check-Ins for the associated venue. In the context of the Operator App the scanner ID refers to the ID assinged to a specific installation of the App.

daily keypair ID

An identifier for the daily keypair.

verification tag

A tag used to verify the authenticity of the contact data reference.

encrypted guest data

This object contains the Contact Data and data authentication key. It is encrypted with the data encryption key, signed with the guest keypair and uploaded to the Luca Server during Guest Registration.

guest data transfer object

This object contains an Infected Guest’s tracing secrets, user ID and data secret. During Tracing the Check-In History of an Infected Guest the Guest App encrypts the guest data transfer object for the daily keypair and shares it (via the Luca Server) with the Health Department.

contact data reference

The contact data reference combines the user ID, the data secret and a verification tag. Encrypted with both the daily keypair and the venue keypair it is included in each Check-In during Guest Check-In.