“We’re not looking at how to do arithmetic on encrypted data, but how to find information quickly — really, really fast,” said Kamara, who is now leaving his associate professorship at Brown University.
Speed is a challenge in cryptographic operations, where every additional key check and computation adds complexity to the underlying operation. But MongoDB claims that searches performed using Queryable Encryption are very fast and do not incur an unreasonable performance penalty—customers can test it out for themselves with the new preview. MongoDB has also open sourced much of the Queryable Encryption system so users and other researchers can scrutinize its underlying cryptography.
“A lot of the work is very theoretical in nature, algorithms, cryptographic security definitions, but for me, eventually I want to see it come to fruition,” Kamara said. “There is a societal need behind the work scientists do. Working with a Mongo-scale company that will serve a large number of people and a large number of workloads.”
Moataz and Kamara noted that Aroki’s major breakthrough allowed them to transfer ideas about structured encryption from academia to the real world, an approach that uses simulations to combine the properties of structured encryption with existing structured databases that differ . Like emulating a Super Nintendo game on a PC or Windows on a Mac, this approach creates a critical space where structured encryption can run on top of traditional databases.
Nonetheless, Kamara and Moataz emphasized that it was a challenge and a learning curve to work with MongoDB engineers and turn the Aroki system prototype into something that could actually be deployed globally.
“Seny and I have been learning a lot about practical deployment constraints that academia doesn’t know about,” Moataz said. “Academia has fewer model constraints. So we’re excited to be reaching out to this and improving our models and designs based on those constraints.”
While Tuesday’s launch will be the first public review of queryable encryption in the wild, Aroki Systems let cryptographer JP Aumasson perform technical due diligence on the cryptographic underpinnings of its prototype system. MongoDB also invited University of Chicago cryptographer and searchable encryption researcher David Cash to conduct early research. Both told Wired that while they haven’t audited the entire system deployment, the underlying cryptography appears to be sound. They both emphasized that it was great to see a real-world searchable encryption scheme take shape after so long.
“A lot of crypto research since the 1980s has focused on how we do these things, so it’s been a long time,” Cash said. “Everything in cryptography is about tradeoffs, the world is complex, so it’s important to be careful with absolute statements, but it’s very exciting to have this vision realized in some form. It’s not snake oil or security theater at all. They’re going deep Study that and think carefully about what’s important.”
Many others claim to offer searchable encryption but have no technical depth or capability, Aumasson said. “There are other products that advertise encrypted search, but academics really laugh at those,” he said. “What Mongo does is academically compliant, and I’m excited to see it.”