“What we’re focusing on is not how to do arithmetic operations on encrypted data, but how to find information quickly – as really, really fast,” says Kamara, who is currently on leave from her associate professor role at Brown.
Speed is a challenge in encrypted operations, where every extra key check and calculation adds complications to basic operations. But MongoDB claims that searches performed with Queryable Encryption are impressively fast and will not cause unreasonable loss of performance – a claim that customers themselves will be able to test with the new preview. MongoDB also opens up too much of the Queryable Encryption system for users and other researchers to examine its underlying cryptography.
“A lot of the work is very theoretical in nature, algorithms, crypto security definitions, but for me in the end I want to see something come out of it,” says Kamara. “There is a social imperative behind the work that scientists do. By working with a company on the Mongo scale, this will be accessible to a large number of people, a large number of workloads.”
Moataz and Kamara say the big breakthrough that allowed them to move their concept from academia to the real world was emulation, which enabled them to use the features of structured encryption with existing databases that have different architectures. Like emulating Super Nintendo games on your PC or emulating Windows on a Mac, the approach creates a liminal space where structured encryption can run on top of traditional databases.
Still, Kamara and Moataz emphasize that it has been a challenge and a learning process to collaborate with MongoDB engineers and transform the Aroki Systems prototype into something that can actually be implemented on a large scale around the world.
“Seny and I have learned a lot about the limitations of real-world implementations that academics know nothing about,” Moataz says. “Models in academia are less restrictive. So we enjoy being exposed to it and improving our models and our designs in terms of these limitations. “
Although Tuesday’s release will be the first time the public can explore Queryable Encryption in the wild, Aroki Systems got cryptographer JP Aumasson to perform technical due diligence on the cryptographic underpinnings of their prototype system. And MongoDB invited University of Chicago cryptographer and searchable encryption researcher David Cash to take an early look, too. Both told WIRED that although they have not revised the entire system implementation, the underlying cryptography seems sound. And they both emphasize that it’s exciting to see a searchable encryption scheme in the real world take shape after such a long time.
“A lot of crypto research since the 1980s has been kind of centered on how we do this, so it’s a long way off,” Cash says. “Everything in cryptography is about trade-offs, and the world is complicated, so it’s important to be careful with absolute statements, but that this vision is realized in one form or another is very exciting. And this is not snake oil or security theater at all. They go deep into this and think carefully about the important things. ”
Aumasson says many others have claimed to offer searchable encryption without the technical depth or capacity. “There have been other products that advertise encrypted search, but academics would really laugh at them,” he says. “What Mongo is doing is something that is academically compatible, and I’m very happy to see it.”