BT

Ready for InfoQ 3.0? Try the new design and let us know what you think!

ZeroDB Internals and End-To-End Database Encryption

| by Alex Giamas Follow 10 Followers on Apr 09, 2015. Estimated reading time: 1 minute |

ZeroDB, currently in closed beta, is an end-to-end encrypted database which as the vendor claims will "let clients run queries without exposing the decrypted data to the server". ZeroDB as a database does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation or modification and transmits it to server for storage. Server only stores data, without knowing the content of it or even being able to sort or compare stored data.

At the time of a user query, using a multi request algorithm, the client fetches data from the server, decrypts it and tries to find matches for the user query. The client can support range queries and full text search out of this end-to-end encrypted database. On the performance aspect, with a real world use case of 1GB index, just 150KB of data must be transferred on average over three requests to fetch the results back. In full text search terms, 250MB of data can be queried in around 500msec which even though slow, may not be prohibitively slow for some use cases. Insert queries also may take around the same time. The number of requests needed to fetch the query results grows logarithmically with the data size.

End to end database encryption is an interesting field of research. MIT’s CryptDB is also a well known end-to-end encrypted database. Based in a research paper and hosted in GitHub, it claims just 14.5% performance degradation for phpBB and 26% for TPC-C query load compared to unmodified MySQL. CryptDB is in research prototype stage.

According to ZeroDB’s Co-founder, ZeroDB can offer exposing less information about your data together with better performance in high concurrency loads (and worse in low) since queries are handled by the client. CryptDB can also only search for a keyword in text, whereas ZeroDB allows for full text search. Active research in the area has advanced as far as proposing complete end-to-end architecture for data confidentiality.

All these are bold claims and since the product is still in closed beta, one needs to wait for the final product to arrive to see if it will be a step towards our current state.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss
BT