You shared it. You can unshare it.
Cryptographic data revocation using Proxy Re-Encryption. When you revoke access, the broker's keys are destroyed and the data becomes mathematically inaccessible — not by policy, by proof.
View on GitHub →HMAC-signed destruction receipts. Deletion is verifiable, not promissory. "We deleted it" becomes a mathematical statement.
The broker re-encrypts but never decrypts. Umbral PRE ensures the proxy is cryptographically blind. Compromise the broker — get nothing.
Revoke access to any share, any time. Key fragments are destroyed immediately. No grace periods. No "processing your request."