Frequently Asked Questions

Q: What is end-to-end encryption?

With end-to-end encryption (E2EE) your data is encrypted throughout its lifecycle, even when it is being processed on a server. This is critically important because it means your servers - whether on-premise or in the cloud - never see plaintext data and are therefore of no value to a hacker. Here's a detailed blog post where we explain how E2EE for a database works.

Q: Are there commercial deployments of E2EE?

Yes. E2EE provides strong security guarantees and is the underlying architecture for secure messaging applications like Telegram, Signal, and WhatsApp. E2EE protected versions of email and videoconferencing have also come on the market.

Q: What is Structured Encryption?

 

Structured Encryption (STE) is a type of encryption that supports fast queries on end-to-end encrypted data. STE was pioneered by our founders and has been studied by cryptographers for 15 years in the leading cryptography research venues. Here is a short white-paper that describes how STE can be used to encrypt an inverted index data structure. If you are interested in seeing a demo of our STE technology running on Elasticsearch, MongoDB, or DynamoDB, you can contact us here

 

Q: Are your cryptographic algorithms public?

 

Like many information security vendors, Aroki supports transparency and full disclosure about its encryption algorithms. Security through obscurity is a certain path to disaster and our founders are active contributors to the cryptography research community, whose common purpose is to improve cryptography algorithms and identify security weaknesses.

 

Q: How does Structured Encryption compare to other approaches?

Broadly speaking, there are three types of cryptographic primitives that can support search on encrypted data: Property Preserving Encryption (PPE), Fully Homomorphic Encryption (FHE), and Structured Encryption (STE). Deterministic encryption and Tokenization are often mentioned in articles about encryption and they are sub-types of PPE.

PPE

PPE is vulnerable to various well-known attacks and should not to be considered for protecting data of any consequence. Nevertheless, it is often used because until recently, STE was unavailable in a productized form.

FHE

FHE offers strong security guarantees but is too slow for real-world workloads. Though progress has been made, FHE-based search still requires a linear scan of the database which results in unacceptably poor performance.

STE

STE combines strong security guarantees with excellent performance, making it an affordable solution for handling complex queries on large databases at scale.

 

© 2020 by Aroki Systems, Inc.