Skip to content

How it works

Cloudproof Encryption is the combination of two cryptographic schemes:


Cloudproof encryption is available in libraries in multiple languages including Java, Javascript and Python, so it can encrypt in applications as close as possible to the source of data and decrypt as close as possible to the user.

Get started programming with the APIs, by checking these documentation pages:

The libraries are open-source: see Cosmian Github for details.

Key Management System

To help manage keys, Cosmian provides a KMIP 2.1 compliant server, see its documentation.

Application Level Encryption

The first scheme is a public key encryption scheme that allows embedding attributes inside the cipher text providing fine grained partitioning of the encrypted data.

Consider the following 2 policy axes, Unit and Country according to which data is partitioned:

  1. Unit: Finance, Marketing, Human Res., Sales
  2. Country: France, UK, Spain, Germany

Each pair (Unit, Country) constitutes one of the 4x4=16 data partitions.

With Cosmian attribute-based encryption scheme, the encryption key is public and can only encrypt: encrypting systems (Spark, data engineering applications, ETLs, etc…) do not have to be secured and can directly hold the key, relaxing constraints on the infrastructure. The public key can encrypt with any set of attributes from the policy.

Each user has its own unique key even though partitions overlap:


Key 1 can decrypt all the France data with the following access policy

(Unit::Finance || Unit::Marketing || Unit::Human Res. || Unit::Sales)
    && Country::France

Key 2 can decrypt all the Sales data with the following access policy

    && (Country::France || Country::UK || Country::Spain || Country::Germany)

Key 3 can decrypt the Marketing and Sales data from Spain and Germany with the following access policy

(Unit::Marketing || Unit::Sales) && (Country::Spain || Country::Germany )

As an additional security benefit, user keys are truly unique: even though two users have the same access policy, their key fingerprints will be different. This makes it much easier for forensic cyber teams to trace a key leak.

Policy axes can be hierarchical. Suppose three levels on a confidentiality axis: Medium, Secret, and Top Secret. This hierarchical axis will let users with a Top Secret attribute in their key access policy decrypt Medium, Secret, and Top Secret data – whereas users with a Medium attribute will only be able to decrypt Medium data.

Finally, attributes can be rotated providing forward secrecy on selected partitions only.


In addition to encrypting the data with access policies, Cosmian Cloudproof Encryption libraries offer the ability to create encrypted indexes and securely search encrypted data.

These indexes will match an encrypted word to an encrypted database uid or to an encrypted file name. The encrypted search can handle exact match, starts-with, ends-with and synonyms.

Encrypted indexes have the following characteristics:

  • all data in the indexes are encrypted
  • queries to the index are encrypted
  • answers to queries are encrypted

Since the server never learns anything about the content, the queries or the answers, so the index can be safely stored in a zero trust environment, next to the indexed data. Typically, these indexes are stored in fast scalable key-value stores deployed in the cloud.

© Copyright 2018-2022 Cosmian. All rights reserved