The Right to Be Zero-Knowledge Forgotten
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 110, Pages 1 - 9
Abstract
The main goal of the EU GDPR is to protect personal data of individuals within the EU. This is expressed in several rights and, among them, in this work we focus on the Right to Erasure, more commonly known as the Right to Be Forgotten (RtBF).
There is an intriguing debate about the affordable costs and the actual technical feasibility of satisfying the RtBF in digital platforms. We note that some digital platforms process personal data in order to derive and store correlated data raising two main issues: 1) removing personal data could create inconsistencies in the remaining correlated data; 2) correlated data could also be personal data. As such, in some cases, erasing personal data can trigger an avalanche on the remaining information stored in the platform.
Addressing the above issues can be very challenging in particular when a digital platform has been originally built without embedding in its design specific methodologies to deal with the RtBF.
This work aims at illustrating concrete scenarios where the RtBF is technically hard to guarantee with traditional techniques. On the positive side, we show how zero-knowledge (ZK) proofs can be leveraged to design affordable solutions in various use cases, especially when considered at design time. ZK proofs can be instrumental for compliance to the RtBF revolutionizing the current approaches to design compliant systems. Concretely, we show an assessment scheme allowing to check compliance with the RtBF leveraging the power of ZK proofs. We analyze the above assessment scheme considering specific hard-to-address use cases.
References
[1]
Giuseppe Ateniese, Bernardo Magri, Daniele Venturi, and Ewerton R. Andrade. 2017. Redactable Blockchain - or - Rewriting History in Bitcoin and Friends. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26-28, 2017. IEEE, 111–126.
[2]
Gennaro Avitabile, Vincenzo Botta, Daniele Friolo, and Ivan Visconti. 2024. Data Redaction in Smart-Contract-Enabled Permissioned Blockchains. In Proceedings of the Sixth Distributed Ledger Technology Workshop (DLT 2024), Turin, Italy, May 14-15, 2024(CEUR Workshop Proceedings, Vol. to appear). CEUR-WS.org.
[3]
Mihir Bellare and Phillip Rogaway. 1993. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In CCS ’93, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3-5, 1993, Dorothy E. Denning, Raymond Pyle, Ravi Ganesan, Ravi S. Sandhu, and Victoria Ashby (Eds.). ACM, 62–73.
[4]
Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. 2018. Scalable, transparent, and post-quantum secure computational integrity. IACR cryptol. eprint arch.:2018, 046
[5]
Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized Anonymous Payments from Bitcoin. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, 459–474.
[6]
Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. 2013. Recursive composition and bootstrapping for SNARKS and proof-carrying data. In Symposium on Theory of Computing Conference, STOC’13, Palo Alto, CA, USA, June 1-4, 2013, Dan Boneh, Tim Roughgarden, and Joan Feigenbaum (Eds.). ACM, 111–120.
[7]
Vincenzo Botta, Vincenzo Iovino, and Ivan Visconti. 2022. Towards Data Redaction in Bitcoin. IEEE Trans. Netw. Serv. Manag. 19, 4 (2022), 3872–3883.
[8]
Vitalik Buterin and Nathan Schneider. 2022. Proof of Stake: The Making of Ethereum and the Philosophy of Blockchains. Seven Stories Press.
[9]
Yinzhi Cao and Junfeng Yang. 2015. Towards Making Systems Forget with Machine Unlearning. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, 463–480.
[10]
Coalition for Content Provenance and Authenticity. 2023. C2PA Specifications. Retrieved April 27, 2024 from https://c2pa.org/specifications/specifications/1.3/index.html
[11]
Aloni Cohen, Adam D. Smith, Marika Swanberg, and Prashant Nalini Vasudevan. 2023. Control, Confidentiality, and the Right to be Forgotten. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023, Weizhi Meng, Christian Damsgaard Jensen, Cas Cremers, and Engin Kirda (Eds.). ACM, 3358–3372.
[12]
Court of Justice of the European Union. 2014. Google Spain v AEPD and Mario Costeja González. Retrieved April 27, 2024 from https://en.wikipedia.org/wiki/Google_Spain_v_AEPD_and_Mario_Costeja_Gonzalez
[13]
Trisha Datta and Dan Boneh. 2023. Using Zk-proofs to fight disinformation. Retrieved April 27, 2024 from https://rwc.iacr.org/2023/acceptedpapers.php https://medium.com/@boneh/using-zk-proofs-to-fight-disinformation-17e7d57fe52f.
[14]
Dmitry Khovratovich and Mikhail Vladimirov. 2019. Tornado Privacy Solution Cryptographic Review Version 1.1. Retrieved April 27, 2024 from https://tornadoeth.cash/audits/TornadoCash_cryptographic_review_ABDK.pdf
[15]
Thorsten Eisenhofer, Doreen Riepel, Varun Chandrasekaran, Esha Ghosh, Olga Ohrimenko, and Nicolas Papernot. 2022. Verifiable and Provably Secure Machine Unlearning. arxiv:2210.09126
[16]
European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Retrieved April 27, 2024 from https://eur-lex.europa.eu/eli/reg/2016/679/oj
[17]
Michèle Finck. 2019. European Parliamentary Research Service: Blockchain and the General Data Protection Regulation. Retrieved April 27, 2024 from https://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRS_STU(2019)634445_EN.pdf
[18]
Sanjam Garg, Shafi Goldwasser, and Prashant Nalini Vasudevan. 2020. Formalizing Data Deletion in the Context of the Right to Be Forgotten. In Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part II(Lecture Notes in Computer Science, Vol. 12106), Anne Canteaut and Yuval Ishai (Eds.). Springer, 373–402.
[19]
Jonathan Godin and Philippe Lamontagne. 2021. Deletion-Compliance in the Absence of Privacy. In 18th International Conference on Privacy, Security and Trust, PST 2021, Auckland, New Zealand, December 13-15, 2021. IEEE, 1–10.
[20]
Oded Goldreich, Silvio Micali, and Avi Wigderson. 1987. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, New York, New York, USA, Alfred V. Aho (Ed.). ACM, 218–229.
[21]
Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1985. The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract). In Proceedings of the 17th Annual ACM Symposium on Theory of Computing, May 6-8, 1985, Providence, Rhode Island, USA, Robert Sedgewick (Ed.). ACM, 291–304.
[22]
Google LLC and Apple Inc.2020. Exposure notification—Cryptography specification. Retrieved April 27, 2024 from https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf
[23]
Lukas Helminger and Christian Rechberger. 2022. Multi-Party Computation in the GDPR. In Privacy Symposium 2022, Stefan Schiffner, Sebastien Ziegler, and Adrian Quesada Rodriguez (Eds.). Springer International Publishing, 21–39.
[24]
Daniel Kang, Tatsunori Hashimoto, Ion Stoica, and Yi Sun. 2022. ZK-IMG: Attested Images via Zero-Knowledge Proofs to Fight Disinformation. arxiv:2211.04775
[25]
Enrique Larraia, Mehmet Sabir Kiraz, and Owen J Vaughan. 2024. How to Redact the Bitcoin Backbone Protocol. IACR cryptol. eprint arch.:2024, 813
[26]
Roman Matzutt, Jens Hiller, Martin Henze, Jan Henrik Ziegeldorf, Dirk Müllmann, Oliver Hohlfeld, and Klaus Wehrle. 2018. A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin. In Financial Cryptography and Data Security - 22nd International Conference, FC 2018, Nieuwpoort, Curaçao, February 26 - March 2, 2018, Revised Selected Papers(Lecture Notes in Computer Science, Vol. 10957), Sarah Meiklejohn and Kazue Sako (Eds.). Springer, 420–438.
[27]
Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved April 27, 2024 from https://bitcoin.org/bitcoin.pdf
[28]
Milad Nasr, Nicholas Carlini, Jonathan Hayase, Matthew Jagielski, A. Feder Cooper, Daphne Ippolito, Christopher A. Choquette-Choo, Eric Wallace, Florian Tramèr, and Katherine Lee. 2023. Scalable Extraction of Training Data from (Production) Language Models. arxiv:2311.17035
[29]
Assa Naveh and Eran Tromer. 2016. PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016. IEEE Computer Society, 255–271.
[30]
Valeria Nikolaenko, Sam Ragsdale, Joseph Bonneau, and Dan Boneh. 2024. Powers-of-Tau to the People: Decentralizing Setup Ceremonies. In Applied Cryptography and Network Security - 22nd International Conference, ACNS 2024, Abu Dhabi, United Arab Emirates, March 5-8, 2024, Proceedings, Part III(Lecture Notes in Computer Science, Vol. 14585), Christina Pöpper and Lejla Batina (Eds.). Springer, 105–134.
[31]
OPENAI. 2023. GPT-4 technical report. arxiv:2303.08774
[32]
Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership Inference Attacks Against Machine Learning Models. In 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017. IEEE Computer Society, 3–18.
[33]
Ivan Visconti. 2022. Asymmetric Cryptography: Primitives and Protocols. John Wiley & Sons, Ltd, Chapter Zero-Knowledge Proofs, 63–84.
[34]
Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica. 2018. DIZK: A Distributed Zero Knowledge Proof System. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 675–692. https://www.usenix.org/conference/usenixsecurity18/presentation/wu
Index Terms
- The Right to Be Zero-Knowledge Forgotten
Recommendations
Minimum resource zero knowledge proofs
SFCS '89: Proceedings of the 30th Annual Symposium on Foundations of Computer ScienceSeveral resources relating to zero-knowledge protocols are considered. They are the number of envelopes used in the protocol, the number of oblivious transfer protocols executed during the protocol, and the total amount of communication required by the ...
Zero-knowledge from secure multiparty computation
STOC '07: Proceedings of the thirty-ninth annual ACM symposium on Theory of computingWe present a general construction of a zero-knowledge proof for an NP relation R(x,w) which only makes a black-box use of a secure protocol for a related multi-partyfunctionality f. The latter protocol is only required to be secure against a small ...
Comments
Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- Italian Ministry of University and Research
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 15Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)15
Reflects downloads up to 11 Aug 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in