Encryption Schemes
| Encryption Scheme | Description |
|---|---|
STORE |
Encrypt with Advanced Encryption Standard (AES). Unsearchable. Available for all datatypes. Stored as column_name.Store.Enc in the table. |
SEARCH |
Encode with fingerprint. Searchable, for exact match. Available for all datatypes. Stored as column_name.Fingerprint in the table. |
ADDITION |
Encrypt with Paillier. Unsearchable. Able to perform addition and subtraction arithmetics. Available only for numeric datatypes. Stored as column_name.Paillier.Enc in the table. |
MULTIPLICATION |
Encrypt with ElGamal. Unsearchable. Able to perform multiplication and division arithmetics. Available only for numeric datatypes. Stored as column_name.ElGamal.Enc in the table. |
RANGE |
Encode with Order Preserving Encoding (OPE) (Versions 0.3.3 and above). Searchable, for equals, less than / greater than (equals) matches. Available for numeric datatypes. Stored as column_name.Range in the table.NOTE: OPE is implemented as a binary tree, with a maximum height of 63 nodes. When the height reaches 63 nodes, an OPETREE REBALANCE command is required to be executed to re-balance the tree. |
WILDCARD |
Encode with wildcard indexes. Used with the LIKE operator.Available only for string datatypes, except TEXT or BLOB.Stored as column_name.Wildcard in the table.NOTE: WILDCARD search uses full-text search in the backend, with significant performance degradation, and thus not recommended for databases with intensive workloads. |
- A single column can be encrypted with multiple encryption schemes, or none. Columns encrypted with multiple encryption schemes will take up more space in the encrypted database. Columns without any encryption schemes are stored as plaintext.
- Additional supporting columns will also be added for encrypted tables.
- If only
SEARCHor/andRANGEor/andWILDCARDencryption schemes are defined, theSTOREencryption scheme will automatically be added as well.
Support Matrix
| Operation | STORE |
SEARCH |
ADDITION |
MULTIPLICATION |
RANGE |
WILDCARD |
|---|---|---|---|---|---|---|
= |
- | ⚪ | - | - | ⚪ | - |
+ |
- | - | ⚪ | - | - | - |
- |
- | - | ⚪ | - | - | - |
* |
- | - | - | ⚪ | - | - |
/ |
- | - | - | ⚪ | - | - |
< |
- | - | - | - | ⚪ | - |
> |
- | - | - | - | ⚪ | - |
<= |
- | - | - | - | ⚪ | - |
>= |
- | - | - | - | ⚪ | - |
LIKE |
- | - | - | - | - | ⚪ |
SUM() |
- | - | ⚪ | - | - | - |
COUNT() |
- | - | - | - | - | - |
AVG() |
- | - | ⚪ | - | - | - |
MIN() |
- | - | - | - | ⚪ | - |
MAX() |
- | - | - | - | ⚪ | - |
- '⚪' signifies supported operation by encryption scheme.
- Plain-text columns support all native operations and are not restricted to the operators or functions listed here.