Encryption with Comparison Operations

Normally, when you encrypt data, you cannot perform any kind of comparison… unless, of course, you opt for less-secure encryption in which a specific clear-text value always encrypts to the same encrypted-value - you can then perform equality matches.

Homomorphic encryption refers to a form of encryption in which operations can be performed on the encrypted value without decryption. Order-preserving encryption preserves the order of the encrypted data. For example, if we encode 1, 2, 3 as A, B, C we know we can tell if a data point is greater or lesser than another data point even in the encrypted form. Or, think of a tuple with an ordinal attached to the encrypted value - a decrypted ordinal is harmless and still permits comparison of values. Format-preserving encryption can also give us an encrypted value with the same length as the clear-text value.

CipherStash has a product that makes it easy to encrypt/decrypt data within any database (Postgres, MySQL, SQL Server, …) and SDKs for popular programming languages are planned. A log (when? who? how many records? from which app name?) of decryptions is also maintained, and a log of visualizations helps in identifying anomalies in user behavior.

Here is sample code that CipherStash shares on its website (please don’t sue me for this copy-pasta 🍝):

const matchQuery = async () => {
  try { 
    const stash = await Stash.connect()
    const movies = await stash.loadCollection<Movie>("movies")
    const queryResult = await movies.query(movie =>
      movie.title.match("odyssey")
    )
    console.log(queryResult)
  } catch (err) {
    console.error(
      `Could not query collection! 
       Reason: ${JSON.stringify(err)}`
    )
  }
}

Also read: authenticated encryption

PS: No, this is NOT a sponsored post.