BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News ZeroDB Internals and End-To-End Database Encryption

ZeroDB Internals and End-To-End Database Encryption

ZeroDB, currently in closed beta, is an end-to-end encrypted database which as the vendor claims will "let clients run queries without exposing the decrypted data to the server". ZeroDB as a database does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation or modification and transmits it to server for storage. Server only stores data, without knowing the content of it or even being able to sort or compare stored data.

At the time of a user query, using a multi request algorithm, the client fetches data from the server, decrypts it and tries to find matches for the user query. The client can support range queries and full text search out of this end-to-end encrypted database. On the performance aspect, with a real world use case of 1GB index, just 150KB of data must be transferred on average over three requests to fetch the results back. In full text search terms, 250MB of data can be queried in around 500msec which even though slow, may not be prohibitively slow for some use cases. Insert queries also may take around the same time. The number of requests needed to fetch the query results grows logarithmically with the data size.

End to end database encryption is an interesting field of research. MIT’s CryptDB is also a well known end-to-end encrypted database. Based in a research paper and hosted in GitHub, it claims just 14.5% performance degradation for phpBB and 26% for TPC-C query load compared to unmodified MySQL. CryptDB is in research prototype stage.

According to ZeroDB’s Co-founder, ZeroDB can offer exposing less information about your data together with better performance in high concurrency loads (and worse in low) since queries are handled by the client. CryptDB can also only search for a keyword in text, whereas ZeroDB allows for full text search. Active research in the area has advanced as far as proposing complete end-to-end architecture for data confidentiality.

All these are bold claims and since the product is still in closed beta, one needs to wait for the final product to arrive to see if it will be a step towards our current state.

Rate this Article

Adoption
Style

BT