MongoDB is the only database provider that allows customers to run expressive queries, such as equality (available now in preview) and range, prefix, suffix, substring, and more (coming soon) on fully randomized encrypted data.
以下是简要图解:
Here is a sample flow of operations in which an authenticated user wants to query the data, but now the user is able to query on fully randomly encrypted data. In this example, let’s assume we are retrieving the SSN number of a user.
When the application submits the query, MongoDB drivers first analyze the query.
Recognizing the query is against an encrypted field, the driver requests the encryption keys from the customer-provisioned key provider, such as AWS Key Management Service (AWS KMS), Google Cloud KMS, Azure Key Vault, or any KMIP-enabled provider, such as HashiCorp Vault.
The driver submits the query to the MongoDB server with the encrypted fields rendered as ciphertext.
Queryable Encryption implements a fast, searchable scheme that allows the server to process queries on fully encrypted data, without knowing anything about the data. The data and the query itself remain encrypted at all times on the server.
The MongoDB server returns the encrypted results of the query to the driver.
The query results are decrypted with the keys held by the driver and returned to the client and shown as plaintext.
并且已经Release了,虽然只是预览版。
这里有他们写的Blog文章 https://www.mongodb.com/blog/post/mongodb-releases-queryable-encryption-preview
以下是简要图解:
看来密码学的前沿的技术正在逐渐出圈,隐私计算(零知识证明,多方安全计算,同态加密等等)这个大的领域会越来越有用武之地吧。