Paper 2018/638

BurnBox: Self-Revocable Encryption in a World of Compelled Access

Nirvan Tyagi, Muhammad Haris Mughees, Thomas Ristenpart, and Ian Miers


Dissidents, journalists, and others require technical means to protect their privacy in the face of compelled access to their digital devices (smartphones, laptops, tablets, etc.). For example, authorities increasingly force disclosure of all secrets, including passwords, to search devices upon national border crossings. We therefore present the design, implementation, and evaluation of a new system to help victims of compelled searches. Our system, called BurnBox, provides self-revocable encryption: the user can temporarily disable their access to specific files stored remotely, without revealing which files were revoked during compelled searches, even if the adversary also compromises the cloud storage service. They can later restore access. We formalize the threat model and provide a construction that uses an erasable index, secure erasure of keys, and standard cryptographic tools in order to provide security supported by our formal analysis. We report on a prototype implementation, which showcases the practicality of BurnBox.

Note: Fix small typo in appendix.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.USENIX Security '18
cloud storagesecure deletioncompelled access
Contact author(s)
nirvan tyagi @ gmail com
2019-01-16: revised
2018-07-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nirvan Tyagi and Muhammad Haris Mughees and Thomas Ristenpart and Ian Miers},
      title = {BurnBox: Self-Revocable Encryption in a World of Compelled Access},
      howpublished = {Cryptology ePrint Archive, Paper 2018/638},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.