diff --git a/Cargo.lock b/Cargo.lock
index ab2578638f..ba977ad39d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -777,6 +777,7 @@ dependencies = [
  "serde_json 1.0.39 (registry+https://github.com/rust-lang/crates.io-index)",
  "siphasher 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "uuid 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "zeroize 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
diff --git a/core/Cargo.toml b/core/Cargo.toml
index dcb53fab31..8673d983e6 100644
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@@ -27,6 +27,7 @@ siphasher = "0.2"
 uuid = { version = "0.6", features = ["serde", "v4"] }
 log = "0.4"
 chrono = { version = "0.4.4", features = ["serde"] }
+zeroize = "0.8"
 
 grin_keychain = { path = "../keychain", version = "1.1.0-beta.2" }
 grin_util = { path = "../util", version = "1.1.0-beta.2" }
diff --git a/core/src/lib.rs b/core/src/lib.rs
index 4bd824c0a1..fdd40b3eab 100644
--- a/core/src/lib.rs
+++ b/core/src/lib.rs
@@ -36,6 +36,7 @@ extern crate log;
 use failure;
 #[macro_use]
 extern crate failure_derive;
+extern crate zeroize;
 #[macro_use]
 pub mod macros;
 
diff --git a/core/src/libtx/proof.rs b/core/src/libtx/proof.rs
index a2fcd89ae6..5c848a9985 100644
--- a/core/src/libtx/proof.rs
+++ b/core/src/libtx/proof.rs
@@ -21,6 +21,7 @@ use crate::libtx::error::{Error, ErrorKind};
 use crate::util::secp::key::SecretKey;
 use crate::util::secp::pedersen::{Commitment, ProofMessage, RangeProof};
 use crate::util::secp::{self, Secp256k1};
+use crate::zeroize::Zeroize;
 use std::convert::TryFrom;
 
 /// Create a bulletproof
@@ -234,6 +235,25 @@ where
 	}
 }
 
+impl<'a, K> Zeroize for ProofBuilder<'a, K>
+where
+	K: Keychain,
+{
+	fn zeroize(&mut self) {
+		self.rewind_hash.zeroize();
+		self.private_hash.zeroize();
+	}
+}
+
+impl<'a, K> Drop for ProofBuilder<'a, K>
+where
+	K: Keychain,
+{
+	fn drop(&mut self) {
+		self.zeroize();
+	}
+}
+
 /// The legacy proof builder, used before the first hard fork
 pub struct LegacyProofBuilder<'a, K>
 where
@@ -325,6 +345,24 @@ where
 	}
 }
 
+impl<'a, K> Zeroize for LegacyProofBuilder<'a, K>
+where
+	K: Keychain,
+{
+	fn zeroize(&mut self) {
+		self.root_hash.zeroize();
+	}
+}
+
+impl<'a, K> Drop for LegacyProofBuilder<'a, K>
+where
+	K: Keychain,
+{
+	fn drop(&mut self) {
+		self.zeroize();
+	}
+}
+
 impl ProofBuild for ViewKey {
 	fn rewind_nonce(&self, secp: &Secp256k1, commit: &Commitment) -> Result<SecretKey, Error> {
 		let res = blake2b(32, &commit.0, &self.rewind_hash);