同态加密homomorphic encryption的好处

2 minute read

背景

在引入同态加密前,看一个stackoverflow的问答。

问题:

1. I got a SaaS product and the data is kinda sensitive. I want to give my customers 100% security on the fact that I can't read their data.  
  
2. Is this even possible? What kind of possibilities do I got?  

回答:

1. I got a SaaS product and the data is kinda sensitive. I want to give my customers 100% security on the fact that I can't read their data.  
If it's software as a service, and you do more than simply store blobs of data then give those blobs back when the customer asks, this is pretty much impossible.  
  
You're dreaming. You can't realistically combine SaaS and the inability to see the customers' data.  
  
(About the only outfit I know that does so is SpiderOak, and it does so by supporting almost no features - it stores stuff, and then it retrieves that stuff. That's it.)  
  
2. Is this even possible? What kind of possibilities do I got?  
Few.  
  
You can't index encrypted data unless you know the key - and the index will contain decrypted values.  
一般的加密,我们如果要使用索引,必须使用函数索引,即索引解密后的数据。  
  
You can't write a WHERE clause that filters based on the encrypted values unless you know the key. You could get the client to supply a pre-encrypted key to compare if it's a simple equality test, but you can't do b-tree index scans (requires > and < operators), or much else of interest.  
同样,一些数据加密前原有的操作符也不能被使用了,必须解密数据后才能使用。  
  
You can't aggregate values unless you know the key.  
聚合当然也不能直接对加密数据使用。  
  
You really can't do anything useful with them unless you know the key.  
  
In theory you can use homomorphic encryption to allow computations on encrypted values. In practice it's incredibly limited, slow, and impractical, as well as weaker than other crypto. In practice most real-world homomorphic systems are useful for sums and that's about it.  
如果你要在不了解KEY的前提下满足以上需求,那么可以考虑同态加密(homomorphic encryption),但是这种加密方法相比其他加密方法安全性更脆弱,同时需要忍受其使用场景受限,性能差,实用性差的缺点。  

另外有几篇论文介绍同态加密的数据库系统 CryptDB 。

https://people.csail.mit.edu/nickolai/papers/popa-cryptdb-tr.pdf

http://www.eecs.berkeley.edu/~raluca/CryptDB-sosp11.pdf

http://css.csail.mit.edu/cryptdb/

cryptdb是同态加密数据库的一种代表:

Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11-13 unique schema annotations to secure more than 20 sensitive fields and 2-7 lines of source code changes for three multi-user web applications.  
14.5%和26%的性能影响。  

通过UDF的方式,可以将cryptdb作为插件移植到PostgreSQL中。

https://github.com/CryptDB/cryptdb/blob/master/doc/notes/oldpostgres

需要修改一下 https://github.com/CryptDB/cryptdb/tree/master/udf

如果要让PostgreSQL支持这种加密方式,需要实现客户端支持,以及数据类型的支持。

使用PostgreSQL目前支持的pgcrypto插件也是一种比较靠谱的方法,根据实际的应用场景,一般被加密的数据很少作为查询条件来进行范围查询,或者聚合的,如果要做匹配查询,可以将加密数据获取到本地后进行匹配,或者使用函数进行匹配,但是需要在网络上传输解密的KEY。如果要提高安全级别,可以结合SSL和pgcrypto,做到非常牢固的安全场景。

同态加密可以做到一次秘钥认证,数据直接基于密文进行运算,网络传输的也是密文。在云数据库中的需求量较大。但是需要注意数据会膨胀,运算速度会下降的影响。

而普通的加密方式,每次数据的加解密都需要提供秘钥,使用较为繁琐,而且不支持直接对密文进行运算。

参考

1. http://dba.stackexchange.com/questions/82193/encrypt-data-without-performance-issues

2. http://www.postgresql.org/docs/9.5/static/pgcrypto.html

3. https://people.csail.mit.edu/nickolai/papers/popa-cryptdb-tr.pdf

4. http://www.eecs.berkeley.edu/~raluca/CryptDB-sosp11.pdf

5. http://css.csail.mit.edu/cryptdb/

Flag Counter

digoal’s 大量PostgreSQL文章入口