Abstract
A method for provably secure erasure of data, performed in a memory available to one or more computing devices, includes generating prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint, and a pregiven spaceconstraint, the generating PSI, VSI, and CRI being performed interactively between a prover computing device (PCD), and a verifier computing device, (VCD); computing, by the VCD based on the VSI, a challenge; computing a proofoferasure (POE) by the PCD based on the PSI and the computed challenge, the POE having a size corresponding to the pregiven spaceconstraint; and verifying by the VCD based on the VSI and the POE.
Claims

A method for provably secure erasure of data, performed in a memory available to one or more computing devices, the method comprising:
a) generating prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint, and a pregiven spaceconstraint, the generating PSI, VSI, and CRI being performed interactively between a prover computing device (PCD), and a verifier computing device, (VCD),
b) computing, by the VCD based on the VSI, a challenge,
c) computing a proofoferasure (POE) by the PCD based on the PSI and the computed challenge, the POE having a size corresponding to the pregiven spaceconstraint, and
d) verifying by the VCD based on the VSI and the POE,
wherein in a) the CRI is computed by a succinct noninteractive argument of knowledge procedure,
wherein a space puzzle is computed based on a puzzle parameter (PRM) providing puzzlespecific trapdoor information (TI) and puzzlespecific verification information, (VI),
wherein the PSI is computed based on the CRI and the TI,
wherein the VSI is computed based on the CRI and the VI,
wherein in b) the challenge is computed based on a tag computed by an evaluation of a pseudorandom tribe function with the PRM and the PRM,
wherein in c) the challenge is checked if being a valid challenge from the VCD by evaluating the pseudorandom tribe function with the PRM,
wherein if the challenge is valid a solution for the space puzzle is computed, and the pseudorandom tribe function is evaluated with the solution resulting in a second tag,
wherein the POE is generated as a zeroknowledge POE computed with the CRI, the PRM, the tags, the TI, the solution, and coins of the space puzzle, and
wherein in d) the pseudorandom tribe function is evaluated with the VI and the result is compared with the second tag, and the timeconstraint is checked by comparing a time needed to compute the POE with the time constraint.
 The method according to claim 1, wherein in d) a bit is outputted indicating a successful verification or not.
 The method according to claim 1, wherein the space puzzle is generated based on a onetoone pseudorandom function tribe (PFT).

The method according to claim 3, wherein the computing the space puzzle comprises:
sampling at random at least two function keys out of a first PFT, the first PFT having a first size being exponential in k with basis 2, wherein k is polynomial to a security information parameter,
computing a second size k′ such that a basis 2 being exponential in k′+r+1, wherein r being polynomial to the security information parameter, equals the space constraint,
truncating the function keys based on the difference between the first size and the second size and including the truncated function keys in the TI
computing a sum of two functions having the same tribe key but different functions keys out of the at least two function keys with two different arguments sampled at random, and
setting said space puzzle as tuple including the computed sum, the two arguments and the tribe key.
 The method according to claim 4, wherein the time constraint and the at least two functions keys are included into the VI.

The method according to claim 1, wherein the computing the solution for the space puzzle comprises:
generating two tables, a first table representing function values with a first argument for each index of an upper bound for a function key size and a second table representing function values with a second argument for each index of the upper bound, wherein the first argument and the second argument are different from each other,
sorting values in the first table in increasing order starting with a smallest value for some index of the upper bound,
sorting values in the second table in decreasing order starting with a highest value for some index, and
checking if a sum of a value of the first table and a value of the second table is a solution to the space puzzle and if yes setting the sum as a solution.

The method according to claim 6, wherein if the sum is not a solution, the computing the solution for the space puzzle comprises:
if the sum is smaller than the solution, increasing the index of the value in the second table and performing checking the sum with the value with increased index,
if the sum is greater than the solution, decreasing the index of the value in the first table and performing checking of the sum with the value with decreased index.
 The method according to claim 3, wherein secret information is generated by computing parameters of the pseudorandom tribe function including a key space and then sampling the secret information from the key space.

A system for provably secure erasure of data, the system comprising:
a prover computing device (PCD) and a verifier computing device (VCD), the PCD and the VCD being adapted to generate by interaction with each other prover state information (PSI), verifier state information (VSI), and common reference information, (CRI), based on security information, a pregiven timeconstraint and a pregiven spaceconstraint,
wherein the VCD is adapted to compute a challenge based on the VSI and to verify erasure based on the VSI and a proofoferasure (POE)
wherein said PCD is adapted to compute a proofoferasure (POE) based on the PSI and the computed challenge,
wherein the POE has a size corresponding to the spaceconstraint,
wherein the CRI is computed by a succinct noninteractive argument of knowledge procedure,
wherein the space puzzle is computed based on a puzzle parameter (PRM), providing puzzlespecific trapdoor information (TI), and puzzlespecific verification information (VI),
wherein the PSI is computed based on the CRI and the TI,
wherein the VSI is computed based on the CRI and the VI,
wherein the challenge is computed based on a tag computed by an evaluation of a pseudorandom tribe function with the PRM and the PRM,
wherein the challenge is checked if being a valid challenge from the VCD by evaluating the pseudorandom tribe function with the PRM,
wherein if the challenge is valid a solution for the space puzzle is computed and the pseudorandom tribe function is evaluated with the solution resulting in a second tag,
wherein the POE is generated as a zeroknowledge POE computed with the CRI, the PRM, the tags, the TI, the solution, and coins of the space puzzle, and
wherein the pseudorandom tribe function is evaluated with the VI and the result is compared with the second tag, the timeconstraint is checked by comparing the time needed to compute the POE with the time constraint.

A verifier computing device (VCD) for verifying secure erasure of data, the VCD being adapted to:
generate by interaction with a prover computing device (PCD) prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint, and a pregiven spaceconstraint,
to compute a challenge based on the VSI, and
to verify erasure based on the VSI and a proofoferasure (POE),
wherein the CRI is computed by a succinct noninteractive argument of knowledge procedure,
wherein a space puzzle is computed based on a puzzle parameter (PRM), providing puzzlespecific trapdoor information (TI) and puzzlespecific verification information (VI), and
wherein the PSI is computed based on the CRI and the TI,
wherein the VSI is computed based on the CRI and the VI,
wherein the challenge is computed based on a tag computed by an evaluation of a pseudorandom tribe function with the PRM and the PRM, and
wherein the pseudorandom tribe function is evaluated with the VI and the result is compared with a second tag provided by the PCD, the timeconstraint is checked by comparing the time needed to compute the POE with the time constraint.

A method for verifying secure erasure of data, performed on a verifier computing device (VCD), the method comprising:
a) generating, by interaction with a prover computing device (PCD), prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint and a pregiven spaceconstraint,
b) computing a challenge based on the VSI, and
c) verifying erasure of the data based on the VSI and a proofoferasure (POE), wherein the CRI is computed by a succinct noninteractive argument of knowledge procedure,
wherein a space puzzle is computed based on a puzzle parameter (PRM), providing puzzlespecific trapdoor information (TI) and puzzlespecific verification information (VI), and
wherein the PSI is computed based on the CRI and the TI,
wherein the VSI is computed based on the CRI and the VI,
wherein the challenge is computed based on a tag computed by an evaluation of a pseudorandom tribe function with the PRM and the PRM, and
wherein the pseudorandom tribe function is evaluated with the VI and the result is compared with a second tag provided by the PCD, the timeconstraint is checked by comparing the time needed to compute the POE with the time constraint.

A prover computing device (PCD), for providing a proof of secure erasure of data, the PCD being adapted to:
generate by interaction with verifier computing device (VCD), prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint, and a pregiven spaceconstraint, and
compute a proofoferasure (POE) based on the PSI and a challenge provided by the VCD, the POE having a size corresponding to the spaceconstraint,
wherein the challenge is checked if being a valid challenge from the VCD by evaluating a pseudorandom tribe function with a puzzle parameter (PRM),
wherein if the challenge is valid a solution for a space puzzle is computed, the pseudorandom tribe function is evaluated with the solution resulting in a second tag, and
wherein the POE is generated as a zeroknowledge POE computed with the CRI, the PRM, the tags, the TI, the solution and coins of the space puzzle.

A method for providing a proof of secure erasure of data, performed on a prover computing device (PCD), the method comprising:
a) generating by interaction with a verifier computing device (VCD), prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint, and a pregiven spaceconstraint, and
b) computing a proofoferasure (POE) based on the PSI and a challenge provided by the VCD, the POE having a size corresponding to the spaceconstraint,
wherein the challenge is checked if being a valid challenge from the VCD by evaluating a pseudorandom tribe function with a puzzle parameter (PRM), and
wherein if the challenge is valid a solution for a space puzzle is computed and the pseudorandom tribe function is evaluated with the solution resulting in a second tag, and
wherein the POE is generated as a zeroknowledge POE computed with the CRI, the PRM, the tags, the TI, the solution, and coins of the space puzzle.

A nontransitory computer readable medium storing a program causing a computer to execute a method for provably secure erasure of data, the method comprising:
a) generating prover state information (PSI), verifier state information (VSI), and common reference information (CRI) based on security information, a pregiven timeconstraint, and a pregiven spaceconstraint, the generating PSI, VSI, and CRI is being performed interactively between a prover computing device (PCD), and a verifier computing device, (VCD),
b) computing, by the VCD based on the VSI, a challenge,
c) computing a proofoferasure (POE) by the PCD based on the PSI and the computed challenge, the POE having a size corresponding to the pregiven spaceconstraint, and
d) verifying by the VCD based on the VSI and the POE,
wherein in a) the CRI is computed by a succinct noninteractive argument of knowledge procedure,
wherein a space puzzle is computed based on a puzzle parameter (PRM) providing puzzlespecific trapdoor information (TI) and puzzlespecific verification information, (VI),
wherein the PSI is computed based on the CRI and the TI,
wherein the VSI is computed based on the CRI and the VI,
wherein in b) the challenge is computed based on a tag computed by an evaluation of a pseudorandom tribe function with the PRM and the PRM,
wherein in c) the challenge is checked if being a valid challenge from the VCD by evaluating the pseudorandom tribe function with the PRM,
wherein if the challenge is valid a solution for the space puzzle is computed and the pseudorandom tribe function is evaluated with the solution resulting in a second tag,
wherein the POE is generated as a zeroknowledge POE computed with the CRI, the PRM, the tags, the TI, the solution, and coins of the space puzzle, and
wherein in d) the pseudorandom tribe function is evaluated with the VI and the result is compared with the second tag, and the timeconstraint is checked by comparing a time needed to compute the POE with the time constraint.
 (canceled)
Owners (US)

Nec Corporation
(Nov 13 2017)
Explore more patents:

Nec Europe Ltd
(Feb 01 2017)
Explore more patents:
Applicants

Nec Europe Ltd
Explore more patents:
Inventors

Gajek Sebastian
Explore more patents:
CPC Classifications

G06F21/6218
Explore more patents:

G06F3/0604
Explore more patents:

G06F3/0623
Explore more patents:

G06F3/0652
Explore more patents:

G06F3/0683
Explore more patents:

G06F21/602
Explore more patents:

G06F2221/2103
Explore more patents:

G06F2221/2143
Explore more patents:

H04L9/3221
Explore more patents:
Document Preview
 Publication: Aug 10, 2017

Application:
Oct 21, 2015
US 201515502506 A

Priority:
Oct 21, 2015
EP 2015074410 W

Priority:
Oct 21, 2014
EP 14189655 A