Support search for known strings


Using a compression-style star schema, we have a solution that allows for searching for known values in a table of encrypted strings. For tables that consist only of a single string data column, SecurEntity would assume that the additional overhead of computing a keyed hash for the plaintext string value, and storing the result in its own metadata column, is justified.

This approach allows LINQ queries for that keyed hash value (the application accesses a new SE interface for computing the keyed hash for a given string in a given table). This is an important performance improvement, because it supports string lookups without requiring an entire table to be decrypted.

Assuming that a compression schema is acceptable (i.e. that the plaintext string values are unique), there's no additional data disclosure in storing the keyed hashes.
Closed Jun 4, 2013 at 11:05 PM by dangriffin