DP-3T admits now that the best solution is the Apple-Google one. They greatly contributed to the design of the A-G solution so kudos to them. After reviewing this critical review of DP-3T, the only attack I see that applies to the Google-Apple solution is the replay attack. It can be fixed easily by the solution proposed by Prof. Serge Vaudenay of EPFL in Section 4.4 of https://eprint.iacr.org/2020/399.pdf. In a nutshell, send a tag along the ephemeral ID. This tag would be a message authentication code (MAC) computed with the ephemeral ID and a coarse timestamp of when it was sent using the sender's key, SKt. When Apple-Google sends out the SKt keys of the infected people to everybody, recipients will go through the ephemeral IDs they saw to look for matches. When there's a match, the tag will also be checked, i.e. does the tag I compute based on the timestamp when I received the ephemeral ID match the tag I received. If yes, then it was sent by this infected person. Otherwise, it's a replay attack and should be discarded.