A Data Structure for Integrity Protection with Erasure Capability (Draft)

Kuhn, Richard

White Paper (Draft)

A Data Structure for Integrity Protection with Erasure Capability

Date Published: May 2018
Comments Due: August 3, 2018 (public comment period is CLOSED)
Email Questions to: block-matrix@nist.gov

Author(s)

Richard Kuhn (NIST)

Announcement

The European General Data Protection Regulation (GDPR) requires that organizations make it possible to delete all information related to a particular individual, at that person's request. This requirement may be incompatible with current blockchain data structures, including private (permissioned) blockchains, because blockchains are designed to ensure that block contents are immutable. Any change in a block will invalidate subsequent hashes in following blocks, losing integrity protection. This note describes a data structure that provides the capability of deleting specified blocks while retaining hash-based assurance that other blocks are unchanged. It is primarily designed to be implemented in a permissioned infrastructure, providing certain features of existing permissioned blockchains.

Abstract

This note describes a data structure, which can be referred to as a block matrix, that supports the ongoing addition of hash-linked records while also allowing the deletion of arbitrary records, preserving hash-based integrity assurance that other blocks are unchanged. The block matrix data structure may have utility for incorporation into applications requiring integrity protection that currently use permissioned blockchains. This capability could for example be useful in meeting privacy requirements such as the European Union General Data Protection Regulation (GDPR), which requires that organizations make it possible to delete all information related to a particular individual, at that person's request.

Keywords

cryptographic hash; data structure; distributed ledger; integrity protection

Control Families

None selected

Documentation

Publication:
Block Matrix Draft

Supplemental Material:
None available

Document History:
05/31/18: White Paper (Draft)

Topics

Security and Privacy
personally identifiable information; privacy engineering; risk management; secure hashing; systems security engineering

Technologies
blockchain

Sectors
financial services; healthcare; retail

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

Computer Security Resource Center