International Association
for Cryptologic Research

The problem of secure data erasure has been extensively studied in the past with a rich body of literature available. All existing software-based solutions can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a one-bit-return protocol turns the data deletion system into a black box -- the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside.

In this paper, we initiate a study on how to delete secret data with public verifiability. This is a subject that has not been investigated before, partly because it seems intuitively impossible. In this paper, we show a solution is possible by applying appropriate cryptographic primitives. Based on combining DHIES, Chaum-Pedersen Zero Knowledge Proof and ECDSA, we present a Secure Storage and Erasure (SSE) protocol. The key idea in our solution is based on a ``trust-but-verify\'\' paradigm, which is generally applicable to many security problems but has been largely neglected in the field of secure data deletion. Finally, we present a concrete implementation of the SSE system to demonstrate its practical feasibility.