Re: Encryption in pg_dump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Paul,

There is a way to implement full homomorphic encryption (FHE) with Postgres. The decision which attributes to encrypt must be done at database planning step. It worth mentioning that FHE is good to implement, if one wants to be able to do server side supported mathematical operations on the encrypted data. If the data just needs to be stored in an encrypted form then using FHE might be a storage overkill. A dump of the database with FHE encrypted attributes preserves the encryption of the encrypted attributes.

I've used a relatively old version (2.3.1) of Microsoft's SEAL library in my University project for that. At the time of doing that there were some "issues" that I had to address:

1. The encrypted attributes were big in size and Postgres cannot store the FHE cypher texts data type. 20,858 encrypted values used 3,6GB. ~33% of that size is because of base64 and the rest of the size ist because of my chosen encryption parameters.

2. Handling queries related to FHE encrypted attributes on the server side requires an implementation of own C language functions.

The were some other FHE schema (BFV) limitation that were addressed in newer versions of SEAL, by introducing a more suitable (for my needs) FHE schema (CKKS).

It's not always a good Idea to say that something cannot be done or that some one needs to be replaced. Sometimes it's worth to develop some new process, based on a mixture of available technologies out there.

Best regards,
Tal 

Paul Förster <paul.foerster@xxxxxxxxx> schrieb am Do., 23. Juli 2020, 09:23:
Hi Ron,

> On 23. Jul, 2020, at 09:17, Ron <ronljohnsonjr@xxxxxxxxx> wrote:
> Adding hooks into libgpgme from pg_dump and pg_restore (needed for --format=directory) would be Very Helpful.

I guess, replacing stupid IT heads with competent ones makes more sense.

Cheers,
Paul




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux