Overview

Our Data Warehouse serves as the backbone for data queries. It is designed to allow efficient query processing over encrypted non-PII data. Thus, you can consider this data warehouse to be a type of “cache” only for queryable data fields.

Utilizing Queryable or Structured Encryption (STE), we can achieve rapid retrieval times that are asymptotically proportional to the size of the query’s response rather than the total size of the database. Moreover, data inside the warehouse always remains encrypted and is not viewable to anyone, not even our internal team. In fact, encrypted data fields (and the queries themselves) are always stored, transmitted, processed, and retrieved as ciphertext.

Structured Encryption (STE)

Specifically, our queries are a form of structured sub-linear search (i.e. unstructured and/or linear search is not useful). Thus, structured encryption is a symmetric-key encryption scheme that allows a data structure to be encrypted in such a way that queries can be performed efficiently given the encryption key. It supports efficient dynamic update operations like insertions and deletions.

Leakage Profile

STE schemes are designed with a focus on minimizing leakage. They guarantee that no information about the data or the queries can be inferred from the encrypted data structure and tokens, beyond what is explicitly allowed by the scheme’s leakage profile.

Efficiency

  • Queryable Encryption: STE allows for efficient querying in O(m) time complexity, where m is the size of the response.
  • No Leakage: Unlike Order-Preserving or Deterministic Encryption, which also enable efficient querying, STE has no leakage.
  • More Efficient than Homomorphic Encryption: Homomorphic encryption requires processing the entire database for queries, despite having no leakage, making it less efficient than STE.

Application in Data Warehouse

The application of STE in a Data Warehouse setting ensures that the data remains encrypted and secure while still allowing for efficient query operations. The Data Warehouse can respond to queries quickly, without the need to decrypt the entire dataset or the query response, which is a significant advantage over traditional encryption methods that require full decryption for any data access.

Security and Performance

  • The Data Warehouse with STE provides a secure environment for data storage and retrieval, balancing the need for confidentiality with the practical requirements of query efficiency.
  • The use of STE allows the Data Warehouse to maintain high performance standards, particularly in environments where the volume of data is large, and the frequency of queries is high.

References

The foundations of our structured encryption is based on the following papers: