Wednesday, March 10, 2010

Data Operations in Encryption Space

A key problem with encrypted data is that it needs to be temporarily decrypted before it can be operated on. This opens up an opportunity for security breach, and more sophisticated attacks do take advantage of data in its decrypted form in a CPU, in memory or in transit across a data bus. It isn't enough for the data to be encrypted on a hard disk.

This raises the question of whether data can be operated on meaningfully whilst still in encryption space.

This would mean operators would need to be transformed from unencrypted space to encrypted space. An advantage of this is that the operations are then also encrypted, reducing the amount of information that can be gleaned by eavesdropping on the operations.

Is there a limited class of operators than can be transformed to encryption space? Is this class sufficiently wide enough to be useful? Is this constrained by the type of encryption?