See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/342523804

Delegated content erasure in IPFS

Article  in  Future Generation Computer Systems · June 2020

DOI: 10.1016/j.future.2020.06.037

CITATIONS READS

2 231

5 authors, including:

Eugenia Politou Efthymios Alepis

University of Piraeus University of Piraeus
30 PUBLICATIONS   443 CITATIONS    130 PUBLICATIONS   1,090 CITATIONS   

SEE PROFILE SEE PROFILE

Constantinos Patsakis Fran Casino

University of Piraeus University of Piraeus
142 PUBLICATIONS   1,806 CITATIONS    63 PUBLICATIONS   704 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Detecting malicious domain names View project

Zero-day malware detection based on supervised learning algorithms of API call signatures View project

All content following this page was uploaded by Fran Casino on 11 September 2020.

The user has requested enhancement of the downloaded file.

 Future Generation Computer Systems 112 (2020) 956–964

Contents lists available at ScienceDirect

Future Generation Computer Systems

journal homepage: www.elsevier.com/locate/fgcs

Delegated content erasure in IPFS✩

∗
Eugenia Politou a , Efthimios Alepis a , Constantinos Patsakis a,b , , Fran Casino a ,
Mamoun Alazab c
a
Department of Informatics, University of Piraeus, 80 Karaoli & Dimitriou str., 18534 Piraeus, Greece
b
Information Management Systems Institute of Athena Research Center, Artemidos 6, Marousi 151 25, Greece
c
College of Engineering, IT & Environment, Charles Darwin University, Casuarina NT 0810, Australia

article info a b s t r a c t

Article history: The InterPlanetary File System (IPFS) is employed extensively nowadays by many blockchain projects
Received 19 September 2019 to store personal data off-chain to comply with the Right to be Forgotten (RtbF) requirement of the
Received in revised form 7 May 2020 General Data Protection Regulation (GDPR), the new regulatory regime for personal data protection in
Accepted 23 June 2020
the EU. In such a way, when a request for content erasure is to be carried out under the RtbF, the
Available online 29 June 2020
onus of removing the actual personal information moves to the IPFS protocol. Nevertheless, enforcing
Keywords: data erasure across the entire IPFS network is not actually feasible, mainly due to its decentralized
IPFS nature. Consequently, the implementation of a delegation mechanism for handling content erasure
Content erasure requests within the IPFS would be the most conducive way towards aligning the IPFS with the GDPR.
Decentralized storage To that end, in this work, we propose an anonymous protocol for delegated content erasure requests
Privacy in the IPFS. The proposed protocol could be smoothly integrated into the IPFS to distribute an erasure
Right to be Forgotten request among all the IPFS nodes and, ultimately, to fulfil the erasure requirements foreseen in the
GDPR
RtbF. Furthermore, the protocol complies with the primary principle of the IPFS to prevent censoring;
therefore, erasure is only allowed to the original content provider or her delegates. A formal definition
and the security proofs are provided, along with a set of experiments that prove the efficacy of the
proposed protocol. We demonstrate that the overhead introduced by the proposed protocol does not
affect the system’s efficiency. Our experimental results exhibit a robust performance as the average
times for generating the content-dependent keys and for spreading the erasure requests do not affect
the overall performance of the IPFS.
© 2020 Elsevier B.V. All rights reserved.

1. Introduction and technology [1,2]. In computing, it is generally understood as

Decentralized computing is more relevant today than any
other time in the history of information technology. As mobile
computing and the Internet of Things (IoT) extend the ways that
data collection and computation are applied, we are entering
a period of rapid decentralization, characterized by increasingly
powerful decentralized devices, distributed computing, ubiqui-
tous network access, and decentralized storage resources.1 Nev-
ertheless, the core concept of decentralization for distributing or
delegating power away from a central authority has long been ap-
plied to political science, law, public administration, economics,
✩ All authors have contributed equally.
∗ Corresponding author at: Department of Informatics, University of Piraeus,
80 Karaoli & Dimitriou str., 18534 Piraeus, Greece.
E-mail addresses:
the transfer of authority and control from a single central entity
and a single point of failure, to numerous localized peers that
provide a robust infrastructure.
Nowadays, decentralization in computing is almost synony-
mous with blockchain technology and other peer-to-peer (p2p)
networks like BitTorrent2 which allow the secure and reliable
sharing of information across peers without a single entity con-
trolling the network. One such prominent p2p network emerged
to augment, or even replace the HTTP web, is the InterPlanetary
File System (IPFS). The IPFS is an open-source project designed to
create a permanent, decentralized method of data storage and
sharing. It defines a protocol and a network, and it is currently
used by numerous projects and users who seek to share their
files effortlessly and efficiently. As opposed to traditional location
addressing used by the HTTP where a single server hosts many
files and information has to be fetched by accessing this server,

[email protected] (E. Politou), [email protected] the IPFS distributes files across the network, and each file is
(E. Alepis), [email protected] (C. Patsakis), [email protected] (F. Casino),
addressed by its cryptographic hash based on its content.
[email protected] (M. Alazab).
1 https://samsungnext.com/whats-next/a-brief-history-of-decentralized-
computing/ 2 https://www.bittorrent.com

https://doi.org/10.1016/j.future.2020.06.037
0167-739X/© 2020 Elsevier B.V. All rights reserved.
 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964
In numerous cases, the IPFS is used in combination with
blockchains to store off-chain the actual files while maintaining
in the blockchain only the hash pointers to those files. This is a
preferable workaround when personal data are at stake: personal
information is generally avoided to be included in blockchain
transactions as blockchains are in some respects incompatible
with privacy and data protection requirements [3]. For instance,
blockchain’s inherent immutability is found to be in conflict with
the new regime for data protection across Europe, the General
Data Protection Regulation (GDPR), and in particular with its
enshrined ‘‘Right to be Forgotten’’ (RtbF). According to this right,
data controllers are obliged to erase any personal information
upon request and when certain conditions apply [3–5]. However,
storing the actual personal files in the IPFS network does not
remove the burden of having to remove them should the RtbF
be raised. Instead, similar to all technological developments, it is
of utter importance users to be able to control the dissemination
of their data within the IPFS network, especially considering the
emergence of novel threats [6,7]. Nevertheless, such a mechanism
has not been foreseen by the protocol layer of the IPFS, mainly
due to the unfeasibility of enforcing data erasure across all peers
in a decentralized public network. Yet, given the adverse implica-
tions of non-complying with privacy and data protection rights,
the alignment of the IPFS with the RtbF is considered critical. In
this regard, we introduce in this work an efficient protocol for
anonymous delegated erasure that can handle securely any con-
tent erasure requests and can be easily integrated into the IPFS.
To the best of our knowledge, this is the first proposal to align the
IPFS with the RtbF and to endorse its GDPR compliance. Therefore,
we believe that our work adds real value to the IPFS in terms of its
privacy enhancement and, consequently, contributes significantly
to its future adoption by applications that are processing personal
data.
The rest of this work is structured as follows. In Section 2,
we provide some background information on decentralized com-
puting, including a brief history of its evolution up to the IPFS
network. Next, in Section 3, we present the IPFS protocol and its
characteristics, while in Section 4, we describe how data erasure
is currently handled by the IPFS. In Section 5, we discuss the
need for aligning the IPFS with the RtbF and how this could be
achieved, whereas in Section 6 we introduce and formally specify
a protocol (based on the current IPFS architecture) for integrating
a delegated erasure mechanism for erasure requests into the IPFS
protocol. The paper concludes in Section 7 by discussing our
contributions in terms of enhancing decentralized technologies
such as the IPFS towards privacy and GDPR compliance.
2. Background
As decentralized computing signs a transition away from cloud
computing, decentralized storage and file sharing, which works
by sharing a file across a p2p network, is commonly discussed
as an alternative to cloud storage solutions like Dropbox3 and
Google Drive4 which rely on large, centralized silos of data. De-
centralized storage and file sharing applications offer increased
benefits compared to their centralized counterparts which are
vulnerable to a single point of failure or to outside attacks from
malicious actors who can compromise the data or leak confi-
dential information. These events could result in adverse privacy
implications, especially when the data under consideration per-
tain to sensitive personal details about individuals. Decentralized
networks, however, do not suffer from the security limitations
of centralized storage systems. For instance, due to their in-
herent design that relies on too many peers for securing their
state, denial of service attacks to decentralized systems are less
possible.
3 http://www.dropbox.com
4 http://www.google.com/drive
957
2.1. From Usenet to blockchains
While p2p systems such as Usenet5 seemed to be the most
natural approach to the early days of computer revolution, the
prevalence of less expensive and less functional desktop PCs in
the late ’80s resulted in the predominance of client–server archi-
tecture [8]. Yet, the widespread adoption over the past 20 years
of content sharing applications and protocols such as Napster.6
and BitTorrent returned decentralized p2p networks to spot-
light [9] Meanwhile, the prevalence of grid and distributed com-
puting in the last few decades relied also heavily on p2p founda-
tions to allow the use of spare computing resources to complete
high-performance tasks [8].
As of 2009, the boom of blockchain technology with the advent
of bitcoin caused the emergence of a new wave of decentralized
p2p systems. Blockchain is literally a distributed ledger stored
on a network of machines and is formed by a chain of blocks
connected to each other using hash codes. Bitcoin, the first appli-
cation of blockchain technology to decentralize financial trans-
actions by creating a ‘‘peer-to-peer electronic cash system’’ [10],
leveraged and improved upon various notions of p2p computing,
and introduced, in effect, decentralization as a means to assure
the reliability of non-trusted environments such as those of elec-
tronic currencies. These days, although blockchain is commonly
discussed in the context of cryptocurrencies, blockchain applica-
tions go beyond finance to healthcare, supply chain management,
and identity management, among others, to distribute informa-
tion securely, transparently, and immutably [11]. Yet, uploading
data to a public blockchain suffers from scalability and privacy
issues [3,12]. In fact, putting large amounts of data in a blockchain
transaction is not advisable due to the high cost involved as
well as the latency problems introduced when full nodes need to
download the entire ledger. Furthermore, the immutability and
transparency of blockchains, according to which they keep data
indefinitely and in plain sight, forbid their use in applications
where personal data are at stake. Although current research ef-
forts towards introducing restricted mutability on blockchains are
indeed astonishing, modifying or completely removing informa-
tion held in public blockchains is thus far impossible [3].
2.2. Towards off-chain solutions
To overcome blockchain scalability and privacy issues while
maintaining the benefits of decentralization, blockchains are com-
monly combined with off-chain storage solutions. These involve
storing the actual files outside the blockchain and keeping only
the timestamps and the pointers to these files in the blockchain.
Still, for these workarounds to be fully decentralized they need to
be based on decentralized p2p systems such as Storj [13], SIA [14],
Filecoin,7 IPFS [15], Dat [16] or Swarm,8 among others. Storj, SIA
and Filecoin are open source platforms for decentralized storage
that leverage blockchain technology and cryptocurrencies to in-
centivize file storage and sharing. IPFS, Dat and Swarm implement
their own protocols for efficient decentralized storage and con-
tent distribution. Yet, Swarm, which at the time of writing is still
under development, is being tightly coupled with the ethereum9
blockchain ecosystem to provide a sufficiently decentralized store
for Ethereum’s DApp code and data. Dat is an application protocol
that focuses on sharing large files. IPFS, on the other hand,
5 http://www.usenet.com/what-is-usenet
6 http://www.britannica.com/topic/Napster
7 http://filecoin.io/filecoin.pdf
8 https://swarm-guide.readthedocs.io/en/latest/introduction.html#
introduction
9 http://ethereum.org
958 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964
implements a lower level more generic p2p network protocol,
not tied to just one blockchain platform like ethereum. However,
lacking an incentivization mechanism, as it does not support
any cryptocurrency, it provides no storage guarantee. Although
Filecoin is going to fill this gap by implementing an open-sourced,
public cryptocurrency on top of the IPFS to incentivize users
to contribute their unused storage,10 IPFS’ ambitious goal is to
offer the infrastructure for reinventing the Internet and replacing
the traditional HTTP protocol.11 by connecting all computing
devices with the same file system. The IPFS’ substantial impact
on linking and searching content online, along with its smooth
integration with current blockchain platforms for storing data
off-chain, contributed to its wide adoption by many blockchain
projects. On top, big corporations, like Cloudflare, leveraged IPFS
to provide their cloud services.12 In the following section, we
delve into the basic characteristics of the IPFS protocol.
3. The IPFS protocol
IPFS is a p2p protocol and a network designed to create a
permanent, decentralized method of efficient and robust data
storage and distribution. IPFS seeks to connect all computing
devices with the same file system and to create a new way to
serve information on the web [15]. Although there have been
many attempts in the past to introduce decentralized file systems,
IPFS is the first general file system that achieves low latency
and decentralized distribution on a global scale and in the in-
frastructure layer. This is because IPFS provides not only the
application to distribute files but also the base protocol to accom-
plish this. While IPFS synthesizes successful ideas from previous
p2p systems, its main contribution lies in simplifying, evolving,
and connecting proven techniques into a single cohesive system,
greater than the sum of its parts [15]. It combines technologies
such as Distributed Hash Tables (DHT) (as implemented in the
Kademlia protocol) [17] to coordinate and maintain metadata
about p2p systems, and a BitTorrent inspired communication
protocol, BitSwap, to coordinate networks of untrusting peers
(swarms) to cooperate in distributing pieces of files to each
other [18]. It also uses Self-Certified Filesystems (SFS) techniques
to authenticate the server and to establish a secure communica-
tion channel to remote filesystems [19]. On top of these, the IPFS
builds a cryptographically authenticated data structure, similar
to Git,13 to support file versioning and efficient distribution: a
Merkle Directed Acyclic Graph (DAG)14 of immutable objects
(representing files or other arbitrary data structures) with links
to the cryptographic hash of the target object. The central IPFS
principles of modelling all data as part of the same Merkle DAG
object and addressing contents via their hashes provide useful
properties such as content addressability, tamper resistance and
deduplication [7]. According to these properties: all contents are
always addressed by their cryptographic hashes; they are by
default immutable since editing a file results to a new address
(hash) of that file (due to the collision-resistant property of the
hash function); and duplicate files are only stored once since they
always refer to the same hash. IPFS provides two protocols for
creating mutable addresses to reference always the latest version
10 To this end, it employs two variations of proof-of-storage consensus mecha-
nism, Proof-of-Replication (PoRep) and Proof-of-Spacetime (PoSt), to publicly verify
that a node stores a particular file.
11 https://www.sitepoint.com/ipfs-swarm-decentralized-content-publication-
storage/
12 https://blog.cloudflare.com/distributed-web-gateway/
13 http://git-scm.com
14 http://docs.ipfs.io/guides/concepts/merkle-dag/
of an object: IPNS and DNSLink, with the latter being more effi-
cient [7]. Moreover, the InterPlanetary Linked Data (IPLD)15 set
of standards are implemented in the IPFS to create more flexible
universally addressable and linkable decentralized data structures
of different sorts of data.
In the IPFS network, nodes store a collection of objects (hashed
files) in local storage, and they connect to each other to transfer
objects. Nodes, i.e. users, are not required to store all the data
published in the network. Instead, they can choose which data
they want to persist. Users who want to retrieve any of those
files access an abstraction layer where they simply call the hash of
the file they want. IPFS then, after searching carefully through the
nodes, takes care of finding the closest peer who has what they
need and supplies the users with the file. Accessed resources are
cached locally in the IPFS node to make those resources available
for upload to other nodes and thereby to help with the load
distribution for popular content.
As opposed to traditional location addressing used by the HTTP
where a single server hosts many files and information has to
be fetched by accessing this server, the content addressability,
i.e. looking up the content by its cryptographic hash, ensures
the authenticity of content regardless of where it is located. The
implications of this property are tremendous as the IPFS could
transform the Internet from being location-based, to be a content-
based distributed file network. First and foremost, IPFS eliminates
the HTTP problem of broken links as a given address will always
point to the same content added to the IPFS network because
even a slight change will result to a different address. As already
mentioned, another powerful property of IPFS is its censorship
resistance since web content does not depend any more on a
single entity. This censorship-resistant nature has already been
exploited in many occasions to bypass web policy restrictions and
to enable the freedom of speech16 and the right to information.17
In this regard, it has been argued that the IPFS could evolve the
web and even replace the most successful ‘‘distributed system of
files’’ ever deployed, the HTTP [15].
While the IPFS does not provide object-level encryption yet,
personal information can be encrypted before added to the net-
work. Finally, it should be noted that the IPFS does not provide
access control at the IPFS connection level to restrict untrusted
peers from getting unauthorized data. An overview of how the
IPFS works is illustrated in Fig. 1.
4. Deleting content in IPFS
While the IPFS has been widely advertised as the new ‘‘perma-
nent web’’ where stored information remains available regardless
of single point of failure attacks or censorship takedowns, the
term ‘‘permanent’’ should not be misunderstood to be equivalent
to the permanent storage and availability of the uploaded con-
tent. Instead, it has been clarified that the term is used to refer
to the permanent reference of the content to which an IPFS link
points.18 As previously stated, this is due to the content address-
ability property, which ensures that all resources are uniquely
and permanently addressed by their contents. The permanent
availability of resources in the IPFS is most commonly specified as
storage persistency and is handled by the functionality of pinning,
which excludes an object and its children from being garbage
collected within an IPFS node. The garbage collector frequently
runs to delete any cached data the IPFS node downloaded when
accessing resources in the network. Whether content added in
15 https://ipld.io/
16 http://www.eurekastreet.com.au/article.aspx?aeid=54133
17 https://observer.com/2017/05/turkey-wikipedia-ipfs/
18 https://discuss.ipfs.io/t/deleting-content/202
 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964 959

Fig. 1. An overview of the main IPFS operations. On the left, we depict a typical operation when data are stored in IPFS (or other DFS) and only their hashes and
metadata are stored in the blockchain. On the right, a high-level overview of the IPFS data storage and retrieval is depicted. First, a user stores a file f in IPFS. Next,
to retrieve these data, another user performs a request for file f using its corresponding hash value (bottom right). As the nodes are aware of the location of that
file (i.e. due to the use of the DHT), they are able to efficiently retrieve the data from the nodes storing the queried file (orange nodes) to deliver it to the user
finally. (For interpretation of the references to colour in this figure legend, the reader is referred to the web version of this article.)

the IPFS network is stored persistently or not depends solely on
the users that choose to pin this content so as not to be garbage
collected after a given period of time. Otherwise, unpinned con-
tent is automatically garbage collected, provided that the garbage
collector is enabled to run on a schedule or manually. Obviously,
the more IPFS nodes are pinning a specific file, the easier and
faster another node can get it.
Yet, even when a file is garbage collected, i.e. deleted, from
a node, it is not certain that it has also been deleted from all
the other nodes that had previously accessed and thereby cached
that file. Moreover, if a node has pinned it, the file remains per-
manently available to other peers. Therefore, as long as anybody
is willing to continue spending energy to maintain an object
online, that content would be permanently stored in IPFS. For
this reason, Filecoin, when implemented, will incentivize people
to share their unused storage for hosting/pinning IPFS files. In
a nutshell, a file is preserved in the IPFS network if there is at
least one node that is actively sharing it (i.e. by pinning it), and it
can only be completely removed from the network if its original
host, and all other hosts serving it, delete it and its cached copies
throughout the network expire.
As a side note, IPFS provides the option of building private IPFS
networks using IPFS Clusters to coordinate connection among
peers who share a secret key.19 In these networks, an entity
controls all peers and hence collective unpinning and thereby
deleting a file from all the peers participating in the private
network is possible. Yet, completely removing content previously
uploaded to the IPFS public network cannot be guaranteed.
5. The need for complete content removal
As discussed, IPFS is a decentralized public network where
nodes do not need to trust each other and with no single point
of failure as there is no entity in control of the dissemination
(or the very existence) of the information within the network.
However, the original vision of the IPFS (and of the Internet
in general) did not consider the malevolent uses for promoting
and disseminating illegal or copyrighted content, or even cases
19 https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.
md#private-networks
of infringing on human rights such as the right to privacy. As
a result, the IPFS does not support any efficient methods for
completely removing – and thereby stop from being disseminated
across its entire network – any illegal, personal or copyrighted
content. Arguably, this lack may have adverse implications for
IPFS alignment with at least the data protection and privacy laws.
Acknowledging this deficiency, IPFS plans to support block-
lists, i.e. lists of illegal content that needs to be blocked from the
IPFS network. These blocklists will specify policies for content
storage and distribution and therefore will allow subnetworks
of peers to agree upon sets of content they would wish to cen-
sor. Yet, blocklists, as they have been so far designed, present
some limitations. First of all, they cannot be universally applied
since what is illegal in one jurisdiction is not necessarily in
others; e.g. consider political or even religious-related content.
Furthermore, the maintenance and coordination of such lists by
the IPFS gateways would be proved burdensome given the high
demand for links/content to be censored and the continuously
increasing size of these lists. Besides, these blocklists can be easily
circumvented since by changing just a bit of the unwanted file the
corresponding hash does change, but the actual information may
not be radically affected. In addition to these, as the subscription
to these blocklists will be most probably optional, nothing would
prevent a node from not subscribing. Last but not least, there
must be pedantic processes in place to carefully examine and add
links/content to these blocklists in order not to violate any other
legal rights, such as the freedom of speech. Most importantly,
however, blocklists fall short of meeting the data protection re-
quirement of the RtbF anticipated by the GDPR that mandates the
erasure of individuals personal data published in the IPFS network
should certain conditions apply. In this regard, we examine in the
following paragraphs the RtbF in terms of its applicability on the
IPFS protocol.
5.1. GDPR RtbF and IPFS
The GDPR enforcement in 2018 provoked greater scepticisms
due to its severe impact on the processing of personal data
within and outside the EU territory [5]. Of its provisions, the most
radical and controversial one that has been subject to heated
debates is Article 17 that anticipates the RtbF. In simple terms,
960 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964
the RtbF allows the possibility of individuals to request the era-
sure of their personal data from all the available sources to
which they have been disseminated when certain conditions are
met (Article 17(1)). Beyond any doubt, as explained thoroughly
in [5,20], the impact of encompassing the RtbF in contempo-
rary information systems is immense, whereas its integration
into the design of new technological advancements is currently
disputable. One such advanced technology emerged over the
long period under which the final GDPR text was being de-
bated and finalized, is blockchain. Considering that a few years
ago blockchain technology was not the widespread technolog-
ical trend that it is nowadays, its compatibility with some of
the GDPR provisions is currently challenged [3]. A major incon-
sistency between blockchain and the RtbF emerges due to the
blockchain’s by design immutability. While, as shown in [3], sig-
nificant research is being carried out for implementing restricted
mutability on blockchain environments, allowing data stored in
public blockchains to be edited or deleted is still a controversial
topic. To overcome this barrier, several blockchain projects are
adopting the IPFS network for decentralized storage and distri-
bution of the actual personal files while keeping only their hash
addresses in the blockchain. This solution, however, moves the
burden of removing the actual information to the IPFS protocol
should a request for erasing personal data under the RtbF be
raised.
5.2. Towards aligning RtbF with IPFS
Aligning the IPFS with the RtbF is not an easy task. As a matter
of fact, any attempts to implement and enforce an erasure request
would most probably be futile since IPFS is a trustless network,
and as such other nodes can never be trusted to respect a request
for content erasure. A node can keep data for as long as it likes,
and there is nothing to prevent that from happening because
there is not any way to verify that data in the IPFS have been
removed from the entire network. Above all, IPFS – likewise HTTP
– in its core is actually a protocol, a base layer foundation that
other systems may use to be built upon. Consequently, impos-
ing data manipulation rules on it is technically impossible since
application and data specific functionality is implemented in a
higher architectural layer.
Nevertheless, given the extensive use of IPFS to store personal
data and the strict data protection obligations anticipated by the
GDPR, providing a kind of erasure request on a protocol level
and across the entire IPFS network is highly recommended, if not
urgent. According to Article 17(2) of the GDPR:
‘‘the controller, taking account of available technology and the
cost of implementation, shall take reasonable steps, including
technical measures, to inform controllers which are processing the
personal data that the data subject has requested the erasure by
such controllers of any links to, or copy or replication of, those
personal data’’.
In other words, regardless of the feasibility of enforcing an era-
sure request, there should be at least a method to disseminate
the request to all data controllers holding the personal data under
consideration. Since by definition every IPFS node fully controls
the data that holds, or put differently, an IPFS node determines
on its own the means and purpose for the processing of these
data; it essentially acts as a data controller in GDPR terms. Hence,
according to the GDPR, each IPFS node should at least be able
to ‘‘take reasonable steps, including technical measures, to inform’’
other IPFS nodes holding these data about the removal request.
Based on the above analysis, it is evident that – even though
it is not feasible to enforce data erasure across all the IPFS nodes
– implementing a delegation mechanism for securely handling
erasure requests in the protocol layer would be the most op-
timum and application-agnostic way towards aligning the IPFS
with the RtbF. Thereby, the onus of enforcing the actual erasure
is moved to each individual IPFS node which is a data controller
on its own. By all means, the integration of this kind of erasure
delegation mechanism into the IPFS protocol it will endorse its
GDPR compliance considerably, and as a result, it will add real
value to its future adoption by any applications that are process-
ing personal data. In this regard, the security and technical details
of implementing and integrating such a protocol into the IPFS,
along with the formal definition and the proof of concept results,
are presented in the following section.
6. The proposed protocol
6.1. Assumptions and Desiderata
The main goal of the proposed protocol is to allow a user to
request the erasure of a content that she has already shared and
consequently resides in other nodes of the network. To this end,
the proposed protocol introduces a ‘‘proof-of-ownership’’ so that
the content is linked in an anonymous way with a secret that only
a set of designated users have. Therefore, once someone makes
an erasure request of the content with the corresponding secret,
each node validates that the secret matches the ownership proof
and propagates the request to the other nodes. The request may
be repeated periodically to cater for nodes which might be offline
at the time of the initial erasure request.
In our protocol we consider that the removal is performed
on all nodes that conform to the protocol and store the content
along with the ‘‘proof-of-ownership’’. The main motivation be-
hind the introduction of ‘‘proof-of-ownership’’ is to maintain the
censorship-resistant nature of the IPFS network. To this end, no
one can arbitrarily request content erasure, e.g. for content that
was not submitted by herself. Therefore, while the current IPFS
model supports sharing of content in the form of, e.g. a file c,
we augment it, to support the sharing of tuples of the form (c , s)
where s is an encrypted string which will be used afterwards
to prove the ownership when an erasure request is made for a
specific file c. Upon an erasure request, a content-dependent key
k is sent to the network along with the hashed version of the file.
The content-dependent key k derives from a master key that each
user owns, preventing thus the hustle of having to remember
different keys. Note that the proposed extension would allow
users to continue sharing content without proofs of ownerships.
The proofs are only appended if the user considers that she might
once want to delete her shared files.
Obviously, extending the IPFS protocol to embrace the proof-
of-ownership s and to support accordingly the management of
the corresponding content is a major deviation from its current
implementation. Yet, it is a feasible and workable alternative
to allow IPFS to handle erasure requests successfully. In what
follows, we assume that we have honest nodes that comply with
the protocol, and they duly follow its rules.
6.2. Threat model
Since the scope of this work is to allow the content erasure,
the attacks that could be launched will target the erasure of a
user’s contents without her knowledge or consent. To achieve
this, an adversary would try to extract the key, or forge the
erasure request to achieve the removal of the content from all
IPFS nodes. We assume that attempts to bypass the protocol so
that the content is not removed, e.g. not forwarding and not
complying with the erasure request, are beyond the scope of
this work as they imply a node that does not comply with the
 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964
protocol. Such nodes are considered to be misbehaving and can
be isolated from the rest of the network.
In our work, we assume probabilistic polynomial time (PPT)
passive adversaries that are polynomially bounded and do not
have the ability to break the underlying cryptographic primitives
used in the protocol, i.e. reverse hash functions or break any
secure block cipher. We also assume that an adversary is able to
monitor all the traffic exchanged within the protocol execution.
We do not consider active attacks; we assume that the messages
exchanged in a protocol execution are authenticated, and their
integrity is protected. Thus an adversary cannot modify or inject
fake messages pretending to originate from another legitimate
user.
6.3. IPFS delegated erasure protocol
Let h : {0, 1}∗ → {0, 1}k be a secure hash function, and two
keyed permutation Ex : {0, 1}k → {0, 1}n , ey : {0, 1}k → {0, 1}ν
for keys x ∈ {0, 1}λ and y ∈ {0, 1}n , respectively, for security
parameters k, n, ν, λ ∈ N.
The protocol is a set of five polynomial-time algorithms,
namely Keygen, ConKeygen, GenProof , GenDelReq and CheckProof
and is composed of three phases: initialization, content dissemi-
nation and erasure request.
• Keygen(1λ ) → mk: A probabilistic algorithm for generating
a personal master key mk ∈ {0, 1}λ which is kept secret by
each user.
• ConKeygen(mk, c) → k: An algorithm for generating a
content-based key k for the master key mk of the user that
wants to submit her content c ∈ {0, 1}∗ . The generated key k
can be shared with the users that should be granted content
erasure. In this work, we set ConKeygen(mk, c) = Emk (h(c)).
• GenProof (k, c) → s: An algorithm for generating a proof of
ownership s for a content c using a content-based key k. We
instantiate GenProof as: GenProof (k, c) = ek (h(c)).
• GenDelReq(k, c) → (h, k): An algorithm for generating a
request for erasure of content c from the user that dis-
seminated it. Takes as input the content c and the content
based key k. It outputs the erasure request which consists
of the hash h of the content to facilitate its discovery and
the corresponding key k that proves the ownership of the
content. We instantiate this algorithm as: GenDelReq(k, c) =
(h(c), k).
• CheckProof (h, k) → {‘‘success’’, ‘‘fail’’} an algorithm executed
by the recipient of an erasure request to determine whether
she has pinned locally a content c with hash h. If this is the
case, the recipient checks whether the corresponding proof
s was generated using key k, which is done by simply verify-
ing that for the hosted tuple (c , s) it holds that s = ek (h(c)).
The algorithm returns success if the check was successful
and fail otherwise.
During the initialization phase, each user executes Keygen
to generate her personal master key mk ∈ {0, 1}λ , which is
kept secret. Next, the content dissemination phase takes place,
in which Alice wants to submit her content c ∈ {0, 1}∗ to
the IPFS network. Further to than simply storing and sharing c,
Alice executes ConKeygen and GenProof to create the proof of
ownership for her content. More concretely, ConKeygen is realized
by computing key k = Emk (h(c)), which is subject to her personal
master key and the content she wants to share. To generate her
ownership proof, she uses GenProof to compute s = ek (h(c)). Fi-
nally, she commits the tuple (c , s) that is disseminated to the IPFS
network by using the IPFS distributed sloppy hash table (DSHT)
and BitSwap protocol [15]. In particular, the IPFS DSHT is used
to store a key–value set which is spread over the participating
961
nodes to enhance performance and scalability by ‘‘announcing’’
the content that nodes have by referring to the corresponding
hash h(c).
Algorithm 1: Handling of an erasure request from a node.
1: On receiving a content erasure request d = (h(c), k)
2: if Content c with h(c) = h is stored in the node then
3: if CheckProof (h, k) == True then
4: Delete c from local storage.
5: Forward d to neighbor nodes using DSHT ℓ times every
T seconds.
6: end if
7: end if
In the erasure request phase, Alice (or one of her delegates) de-
cides to erase content c from IPFS. Hence, she uses the GenDelReq
and sends her request as a tuple d = (h(c), k) to the network. Any
receiving node may now use CheckProof to first locate the content
using h(c), and then to verify whether the erasure request is valid,
i.e. s = ek (h(c)). Finally, to minimize the network overhead, the
receiving node forwards the erasure request d to all the neigh-
bours holding the file by using DSHT and the file’s corresponding
hash h(c). Note that this action is already implemented in IPFS
with functions like ( ipfs dht findprovs ⟨h(c)⟩). Therefore, the
corresponding modification would be made by simply changing
the ⟨h(c)⟩ value to (⟨h(c)⟩, k).
Fig. 2 illustrates a workflow overview of the proposed protocol
starting from the creation of mk, up to the point where other
nodes check the validity of the erasure request sent by a delegate
for a given content c. Finally, Algorithm 1 outlines the handling
process of an erasure request from a node. Note that the process
is repeated ℓ times every T seconds to accommodate for nodes
which might be offline. Both of these values are constants and can
be set either by each node individually or by computing specific
parameters for node participation distribution and the probability
of storing a content.
6.4. Security proof
In what follows, we provide formal proofs regarding the prop-
erties of the proposed protocol.
Theorem 1. Alice’s personal master key is secure against any PPT
adversary if the keyed permutation E is secure.
Proof. For the sake of brevity and convenience, we prove the
theorem for the worst-case scenario, which is the case of a
malicious delegate. Contrary to any other adversaries, a delegate
for erasing any of Alice’s contents is the only one who has some
output directly linked to Alice’s personal master key.
Let us assume that a malicious delegate of Alice, Malory (from
now on denoted as M) wants to extract the personal master key
of Alice X . Therefore, we assume that M has access to a set of
m > 0 delegated keys KCj X = EX (h(cj )), j ∈ {1, 2, . . . , m} for the
corresponding contents cj , j ∈ {1, 2, . . . , m}. To extract X , M must
perform a known-plaintext attack to E. Since E is a secure keyed
permutation this is not possible, so X is secure from M. □
Theorem 2. A PPT adversary cannot forge an erasure request for
any given tuple (c , s) if the keyed permutation e is secure.
Proof. Let us assume that a PPT adversary M wants to forge an
erasure request for a given tuple (c , s). M needs to find κ ∈ {0, 1}k
such that eκ (h(c)) = s. Since e is a secure keyed permutation, κ
cannot be computed in probabilistic polynomial time. Therefore,
an erasure request for any tuple (c , s) cannot be forged by M. □
962 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964

Fig. 2. An overview of the proposed protocol. (1) Alice uses her master key mk to create the content-dependent key k for content c. (2) Alice uses k and c to derive
the proof of ownership s. (3) Tuple (c , s) is pushed to the IPFS network. (4) Alice or one of her delegates use the content-dependent key k to issue a request for
erasure for c by computing (h(c), k). (5) The request is disseminated to the IPFS network, and each node checks the validity of the request.

) of the form (c , s) = c , eKCX (h(c)) ,

( )
Theorem 3. ( Given two tuples
(c ′ , s′ ) = c ′ , eKC ′ X ′ (h(c ′ )) , a PPT adversary cannot determine
whether they belong to the same user if the keyed permutations e
and E are secure.

Proof. To determine whether two tuples (c , s) and (c ′ , s′ ) belong

to the same user, one has to determine whether X = X ′ . Since the
keyed permutations e and E are secure, one cannot recover either
KCX nor KC ′ X ′ and from them X and X ′ to determine whether they
are equal or not. Therefore, a PPT adversary cannot determine
whether two tuples (c , s) and (c ′ , s′ ) belong to the same user. □
Fig. 3. Performance analysis of the simulated P2P network with different
Corollary 1. The proposed erasure protocol is anonymous. number of participating nodes.

Proof. The proof of the theorem above follows from the anony-
mity that IPFS provides and the proof of Theorem 3. □
6.5. Protocol efficiency
The proposed protocol has a minimal footprint as the addi-
tional overhead for the proofs-of-ownership in terms of storage
space is equal to the length of the encryption of a hash. In terms
of creating a proof, one has to perform two encryptions with a
symmetric cipher, and two hashes. Similarly, for the validation
phase, which checks whether a given content exists and whether
an erasure request is valid, one has to perform one hash and one
decryption with a symmetric cipher.
To validate the efficacy of our proposal, we implemented the
proposed protocol proofs in Python 2.7. We used AES in CBC mode
with 256-bit keys and SHA-256 hash function. Without using par-
allelization, we generated 1000 random files of 1 MB on a system
running with an Intel Core i7-6700K CPU at 4.00 GHz and 16 GB of
RAM on Ubuntu 19.04. We then created a master key for the user,
and for each file, we computed the corresponding keys, the proof-
of-ownership and the verification time. The average time for
generating the content-dependent keys, the proofs-of-ownership,
and the verification of the proof are 2.011 ms, 2.023 ms, and
1.99 ms, respectively, which can be considered minimal. In regard
to the rest of functionalities, we consider only existing functions
of the IPFS (see Section 6.3), so that minimal modifications are
required.
In Fig. 3, we studied the performance of the proposed protocol
using the NS-3 network simulator20 to simulate a p2p communi-
cation that spreads data packets among the network nodes [21].
20 http://www.nsnam.org/
In our simulation, we designed a node that disseminates the
erasure request to different numbers of participants in cases
between 20 and 100 nodes. The size of the packet travelling
through the network is typically 64 bytes. The X -axis represents
the average time required in each case (i.e., the time required to
disseminate the request) with no deviation of the time. The Y -axis
represents the number of participating nodes, which had been
increased statically to study the time impact when the network
expands. In terms of scalability, the time increases as more nodes
are added to the network; hence a linear relationship exists with
a positive line slope. Extending our previous experiment, we
studied the impact of the packet size on the IPFS network time
latency to analyse the required time for handling the erasure
request. As shown in Fig. 4, we validated our network for cases
where the packet size (i.e. user key and the hash of the file)
changes, ensuring the scalability of the method and its resilience
to future variations of the hash size.
6.6. Limitations and countermeasures
As discussed above, the integration of the proposed erasure
mechanism into the IPFS protocol provides several benefits. Nev-
ertheless, some limitations should also be pointed out. A first
limitation arises due to the duplication attack according to which
a user could claim the ownership of a content that was previously
deleted by committing it again with her own key. A simple way
to prevent this is to store in a parallel structure (e.g. a Merkle
DAG) the erasure requests made by the users. For this purpose,
the protocol could be further expanded to check if a file that is
going to be added in the IPFS already existed in the system. On
 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964
Fig. 4. Simulation of disseminating large-scale nodes communication with
different packet sizes in the IPFS network to validate a request.
top of this, the IPFS protocol could be updated to prevent users
from adding an existing file. This can be achieved either by forcing
the execution of the following commands:
i p f s r e f s l o c a l | grep <hash>
and
i p f s dht f i n d p r o v s <key>
or by directly checking if the file exists through one of the
gateways. Clearly, this checking procedure has an implicit over-
head of several milliseconds [7,22] and therefore, the trade-off
between performance and security must be carefully examined
and discussed. Besides, to enhance further the scalability and
performance, the erasure requests could have some specific time
to live (TTL). Nonetheless, it is worth noticing that such kind
of attacks may arise in any kind of platform or database and
therefore establishing a mitigation strategy against these is very
complex. However, with the proposed approach, we partially
avoid such kind of malicious behaviour.
A second issue closely related to the previous one is the case of
a malicious user that uploads content from competitors, or legally
owned by other authors, or any other kind of copyrighted files,
to claim their ownership dishonestly. Likewise to the duplication
attack, this situation is not specific to our proposed protocol nor
to the IPFS as it may occur in all available storage systems. A
possible solution to this issue would be the implementation of
an ownership claim protocol which involves an identity manage-
ment system supported by a consensus mechanism. Yet, while
this implementation could indeed provide a nice-to-have feature,
we argue that it is beyond the essence of the IPFS and as such, it
is out of the scope of this work.
7. Conclusions
As systems for decentralized file storage and sharing are in-
creasingly adopted to store personal data, their immutability
and data persistence properties create great uncertainty as far
as their alignment with the privacy and data protection rights
is concerned. One particular privacy and data protection right
enshrined in the GDPR is considered to be the holy grail for many
state-of-the-art decentralized technologies: the RtbF that foresees
the erasure of personal data under certain conditions. Beyond
any doubt, even though the GDPR has not taken into account
emerging technologies such as the blockchain, let alone the IPFS,
963
when legislated the RtbF, its impact on such networks may be
rather severe.
In this work, we discussed and analysed how IPFS could be
possibly aligned with the RtbF since ensuring content erasure in
a decentralized network is, in fact, questionable. Under this per-
spective, we formally introduced an anonymous IPFS delegation
protocol that could be integrated into the IPFS to distribute a
content erasure request among all the IPFS peers when a request
for erasure under the RtbF needs to be fulfilled. The benefits and
performance of the proposed protocol were extensively discussed
in the article, showcasing its efficacy and its potentials.
In the future, we plan to investigate the suitability of our pro-
posed protocol in other decentralized file storage systems since
we believe that their compliance with the GDPR will encourage
their adoption. In addition, we will focus on the development
of mechanisms to prevent limitations such as those discussed in
Section 6.6.
Declaration of competing interest
The authors declare that they have no known competing finan-
cial interests or personal relationships that could have appeared
to influence the work reported in this paper.
Acknowledgements
This work was supported by the European Commission under
the Horizon 2020 Programme (H2020), as part of the projects Cy-
berSec4Europe (https://www.cybersec4europe.eu) (Grant Agree-
ment no. 830929) and LOCARD (https://locard.eu) (Grant Agree-
ment no. 832735).
The content of this article does not reflect the official opinion
of the European Union. Responsibility for the information and
views expressed therein lies entirely with the authors.
References
[1] P. Bardhan, Decentralization of governance and development, J. Econ.
Perspect. 16 (4) (2002) 185–205.
[2] P. Seabright, Accountability and decentralisation in government: An
incomplete contracts model, Eur. Econ. Rev. 40 (1) (1996) 61–89.
[3] E. Politou, F. Casino, E. Alepis, C. Patsakis, Blockchain mutability: Challenges
and proposed solutions, IEEE Trans. Emerg. Top. Comput. (2019) 1, http:
//dx.doi.org/10.1109/TETC.2019.2949510.
[4] General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal
data and on the free movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation), Offic. J. Eur. Union 119 (4
May 2016) (2016) 1–88, L.
[5] E. Politou, E. Alepis, C. Patsakis, Forgetting personal data and revoking
consent under the GDPR: Challenges and proposed solutions, J. Cybersecur.
4 (1) (2018).
[6] F. Casino, E. Politou, E. Alepis, C. Patsakis, Immutability and decentralized
storage: An analysis of emerging threats, IEEE Access 8 (2020) 4737–4744.
[7] C. Patsakis, F. Casino, Hydras and IPFS: a decentralised playground for
malware, Int. J. Inf. Secur. (2019).
[8] D.S. Milojicic, et al., Peer-to-Peer Computing, Technical Report HPL-2002-
57, HP Labs, 2002.
[9] P.G. Lopez, A. Montresor, A. Datta, Please, do not decentralize the Inter-
net with (permissionless) blockchains!, in: 2019 IEEE 39th International
Conference on Distributed Computing Systems, ICDCS, IEEE, 2019, pp.
1901–1911.
[10] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, 2008.
[11] F. Casino, T.K. Dasaklis, C. Patsakis, A systematic literature review of
blockchain-based applications: current status, classification and open
issues, Telemat. Inform. (2018).
[12] M. Scherer, Performance and Scalability of Blockchain Networks and Smart
Contracts, Umea University, Sweden, 2017.
[13] S. Wilkinson, T. Boshevski, J. Brandoff, V. Buterin, Storj a peer-to-peer cloud
storage network, 2014.
[14] D. Vorick, L. Champine, Sia: Simple decentralized storage, 2014, White
paper available at https://sia.tech/sia.pdf.
964 E. Politou, E. Alepis, C. Patsakis et al. / Future Generation Computer Systems 112 (2020) 956–964
[15] J. Benet, IPFS-content addressed, versioned, P2P file system, 2014, arXiv
preprint arXiv:1407.3561.
[16] M. Ogden, Dat-distributed dataset synchronization and versioning, 2017,
OSF Preprints.
[17] P. Maymounkov, D. Mazieres, Kademlia: A peer-to-peer information system
based on the xor metric, in: International Workshop on Peer-to-Peer
Systems, Springer, 2002, pp. 53–65.
[18] B. Cohen, Incentives build robustness in BitTorrent, in: Workshop on
Economics of Peer-to-Peer Systems, Vol. 6, 2003, pp. 68–72.
[19] D.D.F. Mazières, Self-Certifying File System (Ph.D. thesis), Massachusetts
Institute of Technology, 2000.
[20] E. Politou, A. Michota, E. Alepis, M. Pocs, C. Patsakis, Backups and the right
to be forgotten in the GDPR: An uneasy relationship, Comput. Law Secur.
Rev. 34 (6) (2018) 1247–1257.
[21] L. Campanile, M. Gribaudo, M. Iacono, F. Marulli, M. Mastroianni, Computer
network simulation with ns-3: A systematic literature review, Electronics
9 (2) (2020) 272.
[22] B. Confais, A. Lebre, B. Parrein, Performance analysis of object store sys-
tems in a fog/edge computing infrastructures, in: 2016 IEEE International
Conference on Cloud Computing Technology and Science, CloudCom, 2016,
pp. 294–301, http://dx.doi.org/10.1109/CloudCom.2016.0055.
Eugenia Politou received her Diploma (BSE) and her
M.Sc. degrees in electrical and computer engineering
both from the Democritus University of Thrace, Xanthi,
Greece. She is currently pursuing her Ph.D. in Infor-
matics at the University of Piraeus, Greece. Her current
research interests include privacy and data protection
in decentralized networks and other state-of-the-art
technologies such as mobile computing. She has a long
experience in research, security, analysis, and system
design under various national and European large-scale
IT projects within the private and public sector. She
currently works as an Information Security Officer at the Independent Authority
for Public Revenue, Greece.
Dr. Euthimios Alepis received his B.Sc. in Infor-
matics in 2002 and his Ph.D. in 2009, both from
the Department of Informatics, University of Piraeus
(Greece). He is Assistant Professor in the Department
of Informatics, University of Piraeus since December
2013. He has authored/co-authored more than 60
scientific papers which have been published in in-
ternational journals, book chapters and international
conferences. His current research interests are in the
areas of Object-oriented Programming, Mobile Software
Engineering, Human–Computer Interaction, Affective
Computing, User Modelling and Educational Software.
View publication stats
Constantinos Patsakis holds a B.Sc. in Mathematics
from the University of Athens, Greece and a M.Sc. in
Information Security from Royal Holloway, University
of London. He obtained his Ph.D. in Cryptography and
Malware from the Department of Informatics of Uni-
versity of Piraeus. His main areas of research include
cryptography, malware analysis, security, privacy, and
data anonymization. He has participated in several
national (Greek, Spanish, Catalan and Irish) and Euro-
pean R&D projects and coordinates the H2020 project
LOCARD. Additionally, he has worked as researcher at
the UNESCO Chair in Data Privacy and as a research fellow at Trinity College,
Dublin Ireland. Currently, he is Assistant Professor at University of Piraeus and
adjunct researcher of Athena Research and Innovation Center.
Fran Casino is a postdoctoral researcher in the De-
partment of Informatics at Piraeus University (Piraeus,
Greece). He obtained his B.Sc. degree in Computer
Science in 2010 and his M.Sc. degree in Computer
Security and Intelligent Systems in 2013, both from
Rovira i Virgili University in Tarragona, Catalonia, Spain.
He received a Ph.D. in Computer Science from the
Rovira i Virgili University in 2017 with honours (A
cum laude) as well as the best dissertation award.
He was visiting researcher in ISCTE-IUL (Lisbon-2016).
He has participated in several European-, Spanish- and
Catalan-funded research projects. His research focuses on pattern recognition,
and data management applied to different fields such as privacy and security
protection, recommender systems, smart health and blockchain.
Mamoun Alazab is an Associate Professor at the Col-
lege of Engineering, IT and Environment at Charles
Darwin University, Australia. He received his Ph.D.
degree in Computer Science from the Federation Uni-
versity of Australia, School of Science, Information
Technology and Engineering. He is a cyber security
researcher and practitioner with industry and academic
experience. Dr Alazab’s research is multidisciplinary
that focuses on cyber security and digital forensics
of computer systems including current and emerging
issues in the cyber environment like cyber–physical
systems and internet of things, by taking into consideration the unique chal-
lenges present in these environments, with a focus on cybercrime detection
and prevention. Alazab’s look into the intersection use of Artificial Intelligence
and Machine Learning as essential tools for cybersecurity, for example, detecting
attacks, analysing malicious code or uncovering vulnerabilities in software and
hardware.
He has more than 150 research papers, two of his papers were selected as
the featured articles, and two other papers received the best paper award. He is
the recipient of short fellowship from Japan Society for the Promotion of Science
(JSPS) based on his nomination from the Australian Academy of Science. Also,
two teaching and learning awards.