ZeroDB white paper
This addresses data security for users of cloud databases by preventing exposure even if the server is compromised, though it builds incrementally on existing encryption and client-side processing concepts.
ZeroDB tackles the problem of data exposure in databases by introducing an end-to-end encrypted database that allows clients to perform operations like search and query on encrypted data without revealing keys or cleartext to the server, eliminating the risk of server-side breaches.
ZeroDB is an end-to-end encrypted database that enables clients to operate on (search, sort, query, and share) encrypted data without exposing encryption keys or cleartext data to the database server. The familiar client-server architecture is unchanged, but query logic and encryption keys are pushed client-side. Since the server has no insight into the nature of the data, the risk of data being exposed via a server-side data breach is eliminated. Even if the server is successfully infiltrated, adversaries would not have access to the cleartext data and cannot derive anything useful out of disk or RAM snapshots. ZeroDB provides end-to-end encryption while maintaining much of the functionality expected of a modern database, such as full-text search, sort, and range queries. Additionally, ZeroDB uses proxy re-encryption and/or delta key technology to enable secure, granular sharing of encrypted data without exposing keys to the server and without sharing the same encryption key between users of the database.