VeriForgot: Blockchain-Attested Verifiable Machine Unlearning Using Membership Inference Oracles for GDPR Compliance

GDPR Article 17 mandates the “Right to Be Forgotten,” requiring organizations to remove personal data influence from trained machine learning models. While machine unlearning techniques exist, no cryptographically verifiable mechanism currently proves that unlearning genuinely occurred. This paper proposes VeriForgot, a framework combining: (i) calibrated Membership Inference Attack (MIA) oracles as compliance verification tests, (ii) blockchain-issued immutable Unlearning Certificates, and (iii) a zero-knowledge proof protocol for parameter shift attestation. Experiments on CIFAR-10 using ResNet-18 show MIA AUC drops from 0.5918 to 0.4669 after unlearning, while retaining 92.05% accuracy on non-forgotten data. The MIA oracle achieves 95.0% detection accuracy, correctly identifying all 10 genuine unlearned models and rejecting 9 of 10 fake compliance attempts.