MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks
“What we focus on is not how to perform arithmetic operations on encrypted data, but how to find information quickly — really really fast, for example.” Kamara, who is currently on leave as an associate professor at Brown, said.
Speed is a challenge in encrypted operations where each key check adds and adds complexity to the underlying operations. But MongoDB claims that searches performed using Encrypt are impressively fast and will not cause undue performance loss — a claim that customers will be able to test themselves with New preview. MongoDB is also open source most of the Queryable Encryption system, so users and other researchers can test its underlying cryptography.
“A lot of the work is theoretical, algorithmic, crypto-security definition, but for me at the end of the day, I want to see something come out of it,” Kamara said. “There is a social imperative behind the work that scientists do. Working with a company of the size of Mongo this will be available to a large number of people, a huge amount of work. ”
Moataz and Kamara note that the big breakthrough in Aroki that allowed them to transfer their ideas about structured coding from the academic world to the real world was an approach that used simulation as a way of using properties. properties of structured encryption with existing databases are of different architectures. Like emulating a Super Nintendo game on your PC or emulating Windows on a Mac, this method creates a small space in which structured encoding can run on a traditional database.
However, Kamara and Moataz emphasize that collaborating with the MongoDB engineers and turning the Aroki System prototype into something that can actually be deployed on a worldwide scale was a challenge and a learning process. ask.
“Seny and I learned so much about the limitations of real-world implementation that academics knew nothing about it,” Moataz said. “Models in academia are less restrictive. So we’d love to be exposed to that and improve our models and designs around these limitations. “
Although Tuesday’s release will be the first time the public will be able to test Query Encryption in the wild, Aroki Systems has asked cryptographer JP Aumasson to conduct a technical due diligence on the cryptographic foundation of the company. their prototype system. And MongoDB has also invited University of Chicago cryptographer and searchable cryptography researcher David Cash for an early review. Both told WIRED that while they haven’t tested the full implementation of the system, the underlying cryptography sounds sound. And both emphasize that it is interesting to see a real-world searchable encryption scheme take shape after such a long time.
“A lot of crypto research since the 1980s has focused on how we make this work, so this is a long time coming,” Cash said. so it’s important to be careful with absolute statements, but this vision being realized in some form is very interesting. And this is not snake oil or security theater at all. They are going deep into the matter and thinking about the important things carefully. ”
Aumasson says that many others have claimed to offer searchable encryption without the need for expertise or technical ability. “There have been other products with encrypted search ads, but academics would really laugh at those,” he said. “What Mongo is doing is something of an academic relevance, and I’m happy to see that.”