[esseti]

homomorphic encryption should solve the problem of field encryption. But not now. Note: the choice of the different solutions should be aligned with the sensitivity of the data, such as: Field Encryption for Highly sensitive (among others, bank data, health data etc), while the DB is, off course, only encrypted at rest.

[dandraper]

Homomorphic is literally hundreds of thousands of times slower than operations on plaintext. A comparison of 2 64-bit integers can take around > 50ms. So even with a b-tree where maybe ~100 comparisons could occur, the query will take 5s. A linear scan over 1m records would take 13 hours!

SSE, ORE, STE schemes are all far more practical.