How to Delete a Secret

This paper discusses the secure data erasure problem and introduces a new Proof of Deletion protocol, which assures secure data deletion in a way that any independent third party can verify cryptographically. The use of cryptography in data deletion is not new, but previous solutions are unsatisfactory as they merely return a single bit: whether the deletion is successful. However, this single bit is not easily verifiable. The implementation of the underlying deletion mechanism is entirely opaque to a user. This is particularly the case when the encryption program is encapsulated within a tamper resistant chip. Furthermore, all existing solutions claim only to make "best efforts" to delete data, but without any commitment to the outcome. Our protocol systematically addresses all these issues. First, we provide an auditing function to facilitate a user verifying that the encryption was done correctly. Second, instead of returning just one bit like all previous data deletion schemes, our solution returns a proof of deletion that is universally verifiable. This returned proof formalizes the commitment of the storage system in erasing data and cryptographically binds this commitment to the outcome of the operation. © 2012 Newcastle University. Printed and published by Newcastle University, Computing Science, Claremont Tower, Claremont Road, Newcastle upon Tyne, NE1 7RU, England. Bibliographical details