Balancing Auditability and Privacy with Crypto-Shredding

agree that this is a valid concern. the concern is usually around post-quantum safe cryptography. Currently NIST recommands AES 256 with GCM for this. See SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC | CSRC

Based on my research crypto shredding is the only way to have immutable audit event logs & gdpr compliance at the same time.

For EDA (Event Driven Architectures) you don’t have to guarantee event log immutability. If you trust that your code is bug free then you can always filter your primary event log stream and create a new one (with the user data removed).

My use case is not EDA but an auditable event log that has to be stored on an append only storage. In this case you literally cannot modify the event log (it’s on an append only storage system). Then the only option is crypto shredding.

1 Like