How to protect yourself without perfect shredding

Ran Canetti*, Dror Eiger, Shafi Goldwasser, Dah Yoh Lim

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Erasing old data and keys is an important tool in cryptographic protocol design. It is useful in many settings, including proactive security, adaptive security, forward security, and intrusion resilience. Protocols for all these settings typically assume the ability to perfectly erase information. Unfortunately, as amply demonstrated in the systems literature, perfect erasures are hard to implement in practice. We propose a model of partial erasures where erasure instructions leave almost all the data erased intact, thus giving the honest players only a limited capability for disposing of old data. Nonetheless, we provide a general compiler that transforms any secure protocol using perfect erasures into one that maintains the same security properties when only partial erasures are available. The key idea is a new redundant representation of secret data which can still be computed on, and yet is rendered useless when partially erased. We prove that any such a compiler must incur a cost in additional storage, and that our compiler is near optimal in terms of its storage overhead.

Original languageEnglish
Title of host publicationAutomata, Languages and Programming - 35th International Colloquium, ICALP 2008, Proceedings
Number of pages13
EditionPART 2
StatePublished - 2008
Externally publishedYes
Event35th International Colloquium on Automata, Languages and Programming, ICALP 2008 - Reykjavik, Iceland
Duration: 7 Jul 200811 Jul 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume5126 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference35th International Colloquium on Automata, Languages and Programming, ICALP 2008


  • Adaptive security
  • Forward security
  • Intrusion resilience
  • Mobile adversary
  • Partial erasures
  • Proactive security
  • Randomness extractors
  • Secure multiparty computation
  • Universal hashing


Dive into the research topics of 'How to protect yourself without perfect shredding'. Together they form a unique fingerprint.

Cite this