Searchable Symmetric Encryption (SEE)

Notice: This section describes a non-default alternative backend for using encrypted search. The current recommended way is to use the default hash-based index search.

A key feature of Confidential Storage is the ability to search through encrypted data. The main challenge is that the higher the security of a system is, the lower its performance and efficiency.

The reasons that the search functionality consumes more performance are obvious: If you want to search through encrypted data, you either have to decrypt the data first to be able to search through it, or you use other methods that also involve additional operations. Regardless of the method, the system must always carry out additional steps that are not required in unencrypted systems.

The SSE concept tries to achieve a suitable balance between security and efficiency.

The following graphic shows the main components of a simple SEE system:

The semicircles outside the subsystem box are showing the interfaces (actually the data which is needed or returned by the component) the component uses. The rectangles in which component is located represent a component of the system. These are interpreted as class elements and can thus be functions or function calls. The squares are so-called ports. They represent the interfaces to functions and resources outside the subsystem. The only drawback to this illustration is that it does not show the flow of how the system and the individual functions must be called.

Last updated

Was this helpful?