ArticlePDF Available

Secure erase of disk drive data

Authors:

Abstract and Figures

Introduction A cardinal rule of computer data storage devices is to protect user data at all costs. This includes protection against accidental erasure, using "recycle" folders and unerase commands. Drives use elaborate error detection and correction techniques to never return incorrect user data. All this implies that true file erasure is an abnormal situation. Consequently, user data often remains stored on disk drives when they are discarded, transferred to another user, or returned off lease. Even if users delete their files, they can be recovered from "recycling" folders or by special programs such as Norton Unerase. Other special programs are available to more definitely erase user data, such as Norton WipeInfo, which offers a "Government Wipe." Because these are special programs, they are not widely known or used. Additionally, some user data can be unreachable by erasure programs, such as drive data blocks removed from use due to excessive errors. (These blocks are reassigned to other disk locations, and the defective record area is marked unusable in the drive's "g-list"-but the original data can remain in g-list sectors.) Norton WipeInfo only runs on older Windows OS, and wipes an individual folder. A "secure erase" (SE) command is being added to computer disk drives. Secure Erase ("SE") is a positive, easy-use data destroy command, amounting to "Electronic data shredding," It will be easy to use, not require any special software, and completely erase all possible user data areas. SE is a simple addition to the existing "format drive" command currently present in computer operating systems and storage systems. SE commands have been added to the standard interface specifications for disk drives, ATA for desktop or personal computers, and SCSI for enterprise drives. These commands define a drive internal SE operation that erases all possible user accessible record areas by overwriting. Although SE add can be implemented easily by modifying the drive Format Unit firmware, while providing a feature of potential value to many drive customers, it is not yet widely implemented in disk drives. Secure erasure capability will soon be required by the U.S. government for their disk drive purchases. Considering the additional security and features this capability provides to many users we expect there will be considerable commercial interest in this capability as well. However, some engineering is necessary to incorporate SE into drives. Magnetic recording SE development is required, before drive firmware can be modified to carry out SE. These techniques have been studied at the Center for Magnetic Recording Research at the University of California San Diego. This article discusses SE recording technology. It will be shown that a simple format drive command is effective, if low frequency (LF) overwriting frequencies are used, the g-list is also overwritten, and all possible user record areas are erased. Pseudo-random LF overwriting patterns are recommended for maximum security. Drive and spinstand experiments are shown, and a protocol of SE validation tests. To illustrate the effectiveness of SE, exotic data recovery experiments will also be shown. These use digital scope signal averaging and computer correlation techniques to recover overwritten user data (erased beyond recovery by normal drive read channels.) The ATA drive spec defines two SE levels, normal and enhanced. A two-pass SE will be discussed for the latter, involving a combination of low frequency and random data writing, and positioning the heads ± 5-10% off-track. This defeats exotic recovery techniques, and also erases the track edge signals (which will be shown to be primarily transition noise in the tests here, not signal).
Content may be subject to copyright.
Secure Erase of Disk Drive Data
Gordon Hughes and Tom Coughlin
Introduction
A cardinal rule of computer data storage devices is to protect user data at all costs. This includes protection
against accidental erasure, using “recycle” folders and unerase commands. Drives use elaborate error detection
and correction techniques to never return incorrect user data. All this implies that true file erasure is an
abnormal situation.
Consequently, user data often remains stored on disk drives when they are discarded, transferred to another
user, or returned off lease. Even if users delete their files, they can be recovered from “recycling” folders or by
special programs such as Norton Unerase. Other special programs are available to more definitely erase user
data, such as Norton WipeInfo, which offers a “Government Wipe.” Because these are special programs, they
are not widely known or used. Additionally, some user data can be unreachable by erasure programs, such as
drive data blocks removed from use due to excessive errors. (These blocks are reassigned to other disk
locations, and the defective record area is marked unusable in the drive’s “g-list”- but the original data can
remain in g-list sectors.) Norton WipeInfo only runs on older Windows OS, and wipes an individual folder.
A “secure erase” (SE) command is being added to computer disk drives. Secure Erase (“SE”) is a positive, easy-
use data destroy command, amounting to “Electronic data shredding,” It will be easy to use, not require any
special software, and completely erase all possible user data areas. SE is a simple addition to the existing
“format drive” command currently present in computer operating systems and storage systems. SE commands
have been added to the standard interface specifications for disk drives, ATA for desktop or personal
computers, and SCSI for enterprise drives. These commands define a drive internal SE operation that erases all
possible user accessible record areas by overwriting. Although SE add can be implemented easily by modifying
the drive Format Unit firmware, while providing a feature of potential value to many drive customers, it is not
yet widely implemented in disk drives.
Secure erasure capability will soon be required by the U.S. government for their disk drive purchases.
Considering the additional security and features this capability provides to many users we expect there will be
considerable commercial interest in this capability as well.
However, some engineering is necessary to incorporate SE into drives. Magnetic recording SE development is
required, before drive firmware can be modified to carry out SE. These techniques have been studied at the
Center for Magnetic Recording Research at the University of California San Diego.
This article discusses SE recording technology. It will be shown that a simple format drive command is
effective, if low frequency (LF) overwriting frequencies are used, the g-list is also overwritten, and all possible
user record areas are erased. Pseudo-random LF overwriting patterns are recommended for maximum security.
Drive and spinstand experiments are shown, and a protocol of SE validation tests.
To illustrate the effectiveness of SE, exotic data recovery experiments will also be shown. These use digital
scope signal averaging and computer correlation techniques to recover overwritten user data (erased beyond
recovery by normal drive read channels.) The ATA drive spec defines two SE levels, normal and enhanced. A
two-pass SE will be discussed for the latter, involving a combination of low frequency and random data writing,
and positioning the heads ± 5-10% off-track. This defeats exotic recovery techniques, and also erases the track
edge signals (which will be shown to be primarily transition noise in the tests here, not signal).
Background
Experience gained from supporting customers with computer security and information storage media issues
have shown a tremendous need for the capability to reliably eradicate data from computer hard drives for
security and privacy reasons. The need arises when:
Mainframes and storage networks:
When a user releases storage, a drive moves to a new storage server, is removed for maintenance, or
returned from lease.
Storage devices are re-configured for other uses or users, for instance in expiring leased data storage
facilities at an SSP or data center
A RAID drive backs up data to a hot spare
Individual user PCs and workstations:
A computer (and hard drive) is replaced by a newer machine and the older machine is discarded, or sold
A project is completed and the data must be purged to protect “need to know” or to prepare the drives for
new users or applications.
When a user departs an organization and either leaves sensitive/personal data on the computer or may take
the computer (and the organization’s data) with them.
When a drive is to be returned to a drive manufacturer or a drive repair facility after a drive failure or near
failure (for instance upon a SMART drive replacement after imminent failure is determined.
A virus has been detected and all possible traces of the offending code must be eliminated.
An extreme virus or hacker attack where it is desirable to completely erase the data on some disks and
reinstall back-up data
The elimination of unwanted data from a computer hard drive is not a simple task. Deleting a file merely
removes its name from the directory structure; the data itself remains in the drive’s data storage sectors where it
can be retrieved until the sectors are overwritten. Reformatting a hard drive clears the file directory and severs
the links between storage sectors, but the data can be recovered until the sectors are overwritten. Software
utilities that overwrite individual data files (or an entire hard drive) are susceptible to error and require constant
modifications to accommodate new hardware and evolving computer operating systems. As a consequence,
computer users, system administrators, security personnel and service providers have spent considerable time in
an endless game of technology catch-up while trying to develop solutions for the above problems.
Disk Drive Secure Erasure
In 1996 researchers at the University of California, Center for Magnetic Recording Research (CMRR) in San
Diego and the federal government began an investigation into incorporating a secure overwrite feature into new
hard disk drives. This secure overwrite feature when enabled would allow hard disk drives to automatically
overwrite all stored data via a simple external command. In discussions with U.S. hard drive manufacturers,
they expressed their support for the secure overwrite or erasure feature. Fundamental issues needing to be
addressed included:
Determining how to overwrite data for security purposes
Confirming secure erasure was implemented correctly
Confirming the effectiveness of secure erasure through the entire drive environmental specification
Making a simple and safe user interface for secure interface
Creating sufficient end-user demand to make secure erasure economically feasible.
Modern hard drives store information in sectors that contain addressing fields, timing signals, the user’s data
and appropriate error correction coding, and other features essential for the drive’s proper operation. In order to
accomplish secure erasure and continued operation of the disk drive, secure erasure must overwrite only the
data portion of the sector without disturbing the addressing information or timing codes that would make the
drive unusable.
Implementation of Secure Erase
Erasure can be at various fixed frequencies (including DC) and either on or off-track. The erasure can be
performed once or several times. Spin-stand experiments were performed at CMRR at UCSD to determine the
effectiveness of various erasure techniques.
For a constant frequency 20 MHz “signal” written on a data track it was found that an erasure resulting in the
signal reduction of over -50 dB could be accomplished with a single on-track overwrite. This single on-track
overwrite is more effective as the overwritten frequency is reduced (Figure 1)
Figure 1. Test showing that LF gives best overwrite. Noise level is the overwrite limit at higher frequencies,
because transition noise from overwriting signal dominates.
A further reduction of the original signal of a few dB is possible for a second on-track overwrite. Lower
overwriting frequencies are more effective in overwriting old signals because they write a wider track than the
original higher frequency signal. Thus the lower frequency overwritten track will more effectively erase the
edges of the original signal, even with a single overwrite. For a single low frequency overwrite the SNR of the
remaining 20 MHz signal is <10 dBm, this is only marginally worse with a second overwrite. Modern channels
require the head playback SNR to be greater than 19 dB. Erased signal SNR of this level will be impossible to
recover using a disk drive channel. Thus a single on-track overwrite will usually be sufficient to erase the prior
information to a level that would be impossible to recover within a disk drive, using its own channel.
It is possible that under extreme environmental differences between when the data was written and when the
overwritten track is recorded the two written tracks will be significantly offset from each other. Under these
conditions it is possible that some of the original track could remain. If the overwritten track is at a much lower
frequency (usually as low as possible) the amount of original data remaining at the track edge will be
significantly reduced.
Track edges can contain highly distorted original data as well as transition noise and are therefore difficult to
recover data from. Figure 2 shows a crosstrack scan of the residual signal, when a swath of tracks is DC-erased
(blue curve) and when a 20 MHz square wave is overwritten by 10.5 MHz (red curve), chosen so the
overwriting signal doesn’t have harmonics at 20 MHz. The scan does not change if the 20 MHz signal is not
written at all (black curve), so it must be entirely due to the overwriting 10.5 MHz. This means that although the
amplitude peaks 4-6 dB at the track edges, this cannot be unerased 20 MHz signal. A full spectral analysis
(Figure 3) shows that these track edge peaks are primarily ac-erased transition noise (the noise floor at 20 MHz
rises 4 dB above the DC erase level, when 10.5 MHz is recorded). The poor write field gradients off the head
sides ac erases a higher level of transition noise than the well-written 10.5 MHz transitions in the main track.
One erasure pass appears to be sufficient to make old data unrecoverable. A two-pass erasure can provide an
additional level of security. Writing LF helps erase the track edges, and then overwriting with random data
defeats exotic techniques (see later section of this article). The two passes can be slightly off-track in the
positive and negative direction in order to ensure elimination of the track edges.
Secure erasure can take some time and is likely to be an off-line operation. For example, a Seagate Barracuda
180 GB disk drive spinning at 7200 RPM with 24 heads and 24,247 tracks per disk surface a complete single-
pass overwrite of all user blocks in about 40 minutes. A double-pass overwrite of all user blocks takes about 80
minutes.
4-6 dB of
unerased
side-track
data?
Figure 2: 20 MHz data overwritten by 10.5 MHz. Are the track edge peaks old 20 MHz data?
Noise floor
4 dB
transition noise
The 20 MHz track edge
"signal" is just
transition noise!
Figure 3. NO! The track edge peaks are primarily ac-erased transition noise
Secure Erasure Standards
A “secure erase” (SE) feature has been added to the standard specifications for disk drives, ATA for desktop or
personal computers, and SCSI for enterprise drives. These require that an SE operation erase all possible user
accessible record areas, by overwriting. This feature will be as easy to use as a “format drive” command, when
SE support appears in drives and in computer operating systems
The SE feature “piggybacks” on the Format Unit command already in these specs, thus adding little or no cost
to a drive, while providing a feature of potential value to many drive customers.
There will be engineering details for disk drive companies to implement the secure erasure protocols and
computer operating system companies need to add the already-defined SE command to their format drive
software. CMRR researchers are available to work with drive companies and their customers on
implementation of single-pass (regular) as well as double-pass (enhanced) secure erasure.
Exotic Data Recovery
Drive information can sometimes be recovered that has been erased using a single erasure pass on-track. It
should be first pointed out that single-frequency squarewave overwrite tests are not meaningful indicators of
information recovery. A spectrum analyzer can see -60 dB overwritten signals but it can’t recover data. The
CMRR technique requires reading a data block many times, computer averaging the playback waveforms, then
erasing the block and re-recording the overwrite data to obtain its averaged playback waveform data, which is
subtracted from the first waveform. The demonstration shown below merely means that it is possible, not that it
is practical or will work on any drive. It requires knowing the data pattern being looked for, and also knowing
the overwriting data pattern. So it “begs the question.” It can be defeated by using a random data overwrite
pattern.
Data recovery techniques showed that SE overwritten user data is beyond recovery by normal drive read
channels. But CMRR could recover overwritten user data by digital scope signal waveform averaging, software
correlation techniques. These recording experiments were done on a spinstand using a dual stripe MR head
2.5 µm write width, 1.8 µm read width, 2500 Oe/0.65 Mrt disk. These had 38 dB overwrite and a playback
noise floor -69 dB.
First a swath of tracks was DC erased, then arbitrary user bits “HELPHELP” were written, the playback
waveform was averaged 100 times to improve SNR, and saved as waveform 1. Then a random bits overwrite,
the same signal averaging, and saved as waveform 2. Another DC erase followed by overwriting with the same
random bits and signal averaging, is saved as waveform 3.
Figure 4 shows the averaged initial playback waveform 1, and the residual wave 3 minus wave 2. Not much
residual signal left!
"HELPHELP"
(WAVE 1)
RESIDUAL
"HELPHELP"
(WAVE 3 - WAVE 2)
Figure 4The original “helphelp” waveform and the residual waveform 3 minus waveform 2
Figure 5 shows results from a correlation detector. The residual correlation has a correct peak at zero offset,
which is about twice the second highest peak. This indicates that “helphelphelphelp” is correctly detected (but a
2:1 signal-to-“noise” ratio means high error rate). (When this was repeated with TWO random overwrites,
correlation detection did not work.)
Beyond these data recovery techniques which use drive hardware, other exotic techniques can be proposed such
as putting recorded discs into scanning magnetic force microscopes. It is easy to obtain pictures that appear to
show unerased track edge data. But no one has shown complete recovery of a data sector, including the data
synchronization preamble, bit de-randomizer, partial response and modulation codes, and error correction code.
Correlation of residual with"HELPHELP"
Self correlation of "HELPHELP"
Figure 5. Correlation detector worked! Matches Highest peak
About the Authors
Gordon Hughes is the Associate Director of the Center for Magnetic Recording Research at the University of California, San Diego.
He is the principal investigator of the UCSD SMART project on disk drive failure prediction. He received his BS in Physics and Ph.D.
in Electrical Engineering from Cal Tech. He worked at Xerox PARC on magnetic recording research for disk drives, then joined
Seagate Technology as Senior Director of Recording Technology. At Seagate he designed recording heads, disks, and systems, and
was part of the development team that established sputtered thin film disk media as today’s standard. He is a Fellow of the IEEE.
Contact: 858-534-5317, gfhughes@ucsd.edu, UCSD, La Jolla CA 90293-0401
Tom Coughlin is President of Coughlin Associates, a data storage consulting firm. His current work encompasses technology and
market analysis and project consulting in data storage from components to data storage systems. He held engineering and engineering
management positions at several disk drive and drive component companies in the past such as Seagate, Maxtor, Micropolis, Nashua
Computer Products,Syquest, and Ampex. He has a BS in Physics and a Masters in Electrical Engineering with a minor in Materials
Science from the University of Minnesota. He is a senior member of the IEEE and Adjunct Professor at Santa Clara University. For
more information see his web site www.tomcoughlin.com. Contact: 408-978-8184, tom@tomcoughlin.com.
... Data Overwriting in Flash Storage-Secure deletion usually involves overwriting the original data to make it unrecoverable (102)(103)(104)(105), and data overwriting can be performed through software running on the OS (106) or firmware-based such as ATA's Secure Erase (105). ...
... Data Overwriting in Flash Storage-Secure deletion usually involves overwriting the original data to make it unrecoverable (102)(103)(104)(105), and data overwriting can be performed through software running on the OS (106) or firmware-based such as ATA's Secure Erase (105). ...
Article
Mobile devices have become ubiquitous in almost every sector of both private and commercial endeavors. As a result of such widespread use in everyday life, many users knowingly and unknowingly save significant amounts of personal and/or commercial data on these mobile devices. Thus, loss of mobile devices through accident or theft can expose users—and their businesses—to significant personal and corporate cost. To mitigate this data leakage issue, remote wiping features have been introduced to modern mobile devices. Given the destructive nature of such a feature, however, it may be subject to criminal exploitation (e.g., a criminal exploiting one or more vulnerabilities to issue a remote wiping command to the victim's device). To obtain a better understanding of remote wiping, we survey the literature, focusing on existing approaches to secure flash storage deletion and provide a critical analysis and comparison of a variety of published research in this area. In support of our analysis, we further provide prototype experimental results for three Android devices, thus providing both a theoretical and applied focus to this article as well as providing directions for further research.
... Secure deletion of data in magnetic disks involves overwriting disk blocks with a sequence of writes with certain specific patterns to cancel out remnant magnetic effects due to past layers of data in the block. While early work indicated that as many as 32 overwrites per block are required for secure erase [14], recent work shows that two to three such overwrites suffice for modern disks [16]. Neither a file system nor a DBMS can ensure secure deletion when it functions on top of modern storage systems , which transparently perform various optimizations. ...
... As expected , secure deletion comes at a performance cost due to the extra disk I/O for the multiple passes of overwrites. Given that modern disks can effectively shred data with only two overwrites [16], we focus on F ADED 2 ; in this case, performance is 50% to 95% slower. However, since such overhead is incurred only on deletes, and only sensitive data needs to be deleted in this manner, we believe the costs are reasonable in situations where the additional security is required. ...
Conference Paper
Recent research has demonstrated the potential benets of building storage arrays that understand the le systems above them. Such ìsemantically-smartî disk systems use knowledge of le system structures and operations to im- prove performance, availability, and even security in ways that are precluded in a traditional storage system archi- tecture. In this paper, we study the applicability of semantically smart disk technology underneath database management systems. For three case studies, we analyze the differ- ences when building database-aware storage. We nd that semantically-smart disk systems can be successfully applied underneath a database, but that new techniques, such as log snooping and explicit access statistics, are needed.
... For example, a storage level intrusion detection system (IDS) provides another perimeter of security by monitoring traffic, looking for suspicious access patterns such as deletes or truncates of log files [18]; detecting these patterns requires liveness information. Secure delete: The ability to delete data in a manner that makes recovery impossible is an important component of data security [3, 12, 14]. Government regulations require strong guarantees on sensitive data being " forgotten " , and such requirements are expected to become more widespread in both government and industry in the near future [1]. ...
... This behavior corresponds to the notion of generation liveness defined in Section 3. A shred involves multiple overwrites to the block with specific patterns so as to erase remnant magnetic effects of past layers (that could otherwise be recovered through techniques such as magnetic scanning tunneling microscopy [12]). Recent work suggests that two such overwrites are sufficient to ensure non-recoverability in modern disks [14]. Traditionally, secure deletion is implemented within the file system [3, 25, 26]; however, such implementations are unreliable given modern storage systems. ...
Conference Paper
A fundamental piece of information required in intelligent stor- age systems is the liveness of data. We formalize the notion of liveness within storage, and present two classes of techniques for making storage systems liveness-aware. In the explicit notifica- tion approach, we present robust techniques by which a file sys- tem can impart liveness information to storage through a "free block" command. In the implicit detection approach, we show that such information can be inferred by the storage system ef- ficiently underneath a range of file systems, without changes to the storage interface. We demonstrate our techniques through a prototype implementation of a secure deleting disk. We find that while the explicit interface approach is desirable due to its simplicity, the implicit approach is easy to deploy and enables quick demonstration of new functionality, thus facilitati ng rapid migration to an explicit interface.
... This is despite average areal density growth that is on the order of at least 60% annually since 1997 (with some years higher and some years lower-see earlier comments on the irregular pace of HDD technology development. Disk drives have also become more intelligent and capable of new capabilities such as enhanced error correction and self-sanitization of user data [61]. ...
... 10 Additionally, with whole-drive encryption, erasing a disk can go from taking several hours to taking a few microseconds. 11 TPMs provide much more limited help here www.computer.org/security/ ■ IEEE SECURITY & PRIVACY against software threats because they don't do bulk data encryption. ...
Article
Disk drives and other intelligent peripherals are critical to security, privacy, and trust in the computing infrastructure. This article proposes a framework to describe why and how these peripheral devices can be secured as independent roots of trust
Conference Paper
Flash memory, favored by its high speed, low power dissipation and excellent kinetic shock resistance, is a type of memory widely used in USB mass storage devices. Compared with the data stored in Hard Disk Drive (HDD), which can be easily recovered, data stored in Flash memory is hard to be recovered once erased, and this feature is more beneficial to data security. Under such circumstances, it might be a solution to mix Flash with HDD. Taking into consideration the characteristic that data stored in Flash memory is hard to be recovered once erased, this paper designs a system mixing Flash memory with HDD. It avoids the cracker get the whole plaintext by storing key data, which can be erased when necessary, in Flash.
Article
Full-text available
User data is often unprotected on disk and tape drives or not erased when no longer needed, creating data security vulnerabilities that many computer users are unaware of. Federal and state laws require data sanitization, which comprises a variety of data eradication methods. Secure sanitization refers to methods meeting those federal and state laws. Companies that fail to meet these laws can be subject to fines of $5 million, and individuals can be imprisoned for up to 10 years. Physical destruction of storage devices offers the highest security. But executing the disk drive internal secure-erase command also offers a higher security level than external-block-overwrite software, according to federal guideline NIST 800-88. Recent disk drives with internal full disk encryption now implement an enhanced secure-erase command that takes only milliseconds to complete.
Conference Paper
Full-text available
Erasing old data and keys is an important tool in cryptographic protocol design. It is useful in many settings, including proactive security, adaptive security, forward security, and intrusion resilience. Protocols for all these settings typically assume the ability to perfectly erase information. Unfortunately, as amply demonstrated in the systems literature, perfect erasures are hard to implement in practice. We propose a model of partial erasures where erasure instructions leave almost all the data erased intact, thus giving the honest players only a limited capability for disposing of old data. Nonetheless, we provide a general compiler that transforms any secure protocol using perfect erasures into one that maintains the same security properties when only partial erasures are available. The key idea is a new redundant representation of secret data which can still be computed on, and yet is rendered useless when partially erased. We prove that any such a compiler must incur a cost in additional storage, and that our compiler is near optimal in terms of its storage overhead.
Article
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008. Includes bibliographical references (p. 137-145). This thesis is a study of erasures in cryptographic protocols. Erasing old data and keys is an important capability of honest parties in cryptographic protocols. It is useful in many settings, including proactive security in the presence of a mobile adversary, adaptive security in the presence of an adaptive adversary, forward security, and intrusion resilience. Some of these settings, such as achieving proactive security, is provably impossible without some form of erasures. Other settings, such as designing protocols that are secure against adaptive adversaries, are much simpler to achieve when erasures are allowed. Protocols for all these contexts typically assume the ability to perfectly erase information. Unfortunately, as amply demonstrated in the systems literature, perfect erasures are hard to implement in practice. We propose a model of imperfect or partial erasures where erasure instructions are only partially effective and leave almost all the data intact, thus giving the honest parties only a limited capability to dispose old data. Nonetheless, we show how to design protocols for all of the above settings (including proactive security, adaptive security, forward security, and intrusion resilience) for which this weak form of erasures suffices. We do not have to invent entirely new protocols, but rather show how to automatically modify protocols relying on perfect erasures into ones for which partial erasures suffices. Stated most generally, we provide a compiler that transforms any protocol relying on perfect erasures for security into one with the same functionality that remains secure even if the erasures are only partial. The key idea is a new redundant representation of secret data which can still be computed on, and yet is rendered useless when partially erased. We prove that any such compiler must incur a cost in additional storage, and that our compiler is near optimal in terms of its storage overhead. We also give computationally more efficient compilers for a number of special cases: (1) when all the computations on secrets can be done in constant parallel time (NC⁰); (2) for a class of proactive secret sharing protocols where we leave the protocol intact except for changing the representation of the shares of the secret and the instructions that modify the shares (to correspondingly modify the new representation instead). by Dah-Yoh Lim. Ph.D.
ResearchGate has not been able to resolve any references for this publication.