Hacker News new | ask | show | jobs
by blintz 1477 days ago
These things are indeed possible while maintaining fully semantically secure encryption. Recent, mostly theoretical work shows that this is possible using fully homomorphic encryption. The basic idea is, the client can encrypt its query, the server can process the encrypted query and produce an encrypted result, and send this back to the client. It sounds impossible, but it isn’t! Very cool stuff. There are actually also some practical implementations that work… so it’s gradually exiting the “theoretical only” stage.

MongoDB is very short on details, and I suspect they do something worse than homomorphic encryption, that does indeed make some kind of compromise between privacy and convenience.
1 comments
dweinus 1477 days ago
Yeah, they contrast their method with homomorphic encryption, which makes me share your suspicion
link
it_was_cool 1476 days ago
Searchable encryption trades privacy for efficiency. However, the privacy loss can be tuned. For example, SE constructions will specify whether they leak search-pattern (how many of the same queries a client makes), access-pattern (the frequencies with which different items are accessed) or other things. Usually, a client can pay in storage/bandwidth to mitigate these leakages.
link
VenetianSnares 1477 days ago
Yeah, I've been looking for more information and I can't really see any indication as to how they are planning on implementing it. The whole thing seems more like marketing than actual innovation: searching encrypted data isn't that complicated if you are always dealing with the entire ciphertext, it's just another string in that use case.
link
bawolff 1477 days ago
> searching encrypted data isn't that complicated if you are always dealing with the entire ciphertext, it's just another string in that use case.

This isn't really true because there are multiple ciphertexts that can decode to the same plaintext in any modern encryption algorithm. If you skip that property you weaken the encryption. (Chosen plaintext attacks)

link
tapeloop 1477 days ago
it's not complicated if they are using deterministic encryption - which brings it's own issues
link