OmeGak
commented
9 years ago Good idea! I see a vast amount of possibilities here, so more than choosing just one I would leave the discussion open on which ones to consider in more detail.
I took the chance to talk to my professor in Security back in Spain and he quickly proposed something along these lines. He is a prominent figure on the field, so I'd say we are on the right track. :+1:
If we want to expose the possibility to choose the level of privacy, we have to decide on the details.
The simplest approach I see at the moment is to just say which part of the database I want to query, given that the database will be split into n parts of equal size. Thus, the server would expect a query to consist of:
[encrypted_index, number of parts to split the database into, part to query]and as an example[encrypted_index, 10, 2]. The server then would calculate the according index range for the third of ten parts and run the cryptographic algorithm just on these indices.A more sophisticated approach would be to let the client specifiy an index range:
[encrypted_index, start_index, end_index]. This provides the possibility to choose the database size more freely.The most general approach would be to completely define the database subset that should be queried. The client could then send a list of index ranges.