Skip to content

Use Cases and Benefits

A solution to securely search and encrypt large repositories in the cloud

Cloudproof Encryption is a set of APIs that provide a fast, secure application-level encryption scheme meant to store and index large data repositories in a Zero Trust environment (typically, a Public Cloud).

✔Freely defined Access Policies. Application-level encryption with freely defined attributes along multiple axes and user decryption keys embedding access policies. See “Attributes Encryption API”

Designed for big data repositories. Encrypted data partitioning facilitates feeding data from multiple sources, the management of ciphertext rotations, and defining policies for extractions. Encrypted search provides a secure mechanism to quickly find encrypted data across the partitions.

The cloud learns nothing. Everything is encrypted: the data, the indexes, the search queries, and their response. Data is kept encrypted at all times and only decrypted on the end user’s device.

Improved security model. Using application layer encryption limits the attack surface. Ciphertext partitioning limits the consequences of key leakage. Post-quantum hybridization provides security against future threats.

Better key security. Keys can been kept in a KMS outside the infrastructure and applications. The encryption key is public and cannot be used to decrypt. Private decryption keys are unique, even when sharing the same access policies; this allows tracing in case of leakage and facilitates revocation inside a KMS.

Easy to deploy. Encrypting systems do not need to be secure since they only use the public key. Decryption keys are only created when needed.

Scalable. Everything but private keys is in the cloud. Everything in the cloud is encrypted and scales with the cloud.

Post-Quantum Resistance. Encryption can be made post-quantum resistant using the national agencies’ recommended approach of hybridization of a public scheme (elliptic curves) with a post-quantum scheme (Kyber) (see ANSSI recommendation).

Use cases

The combination of CoverCrypt (attribute based encryption) and Findex (encrypted indexes) provides a complete solution to building a large repository of data which

  • can be entirely stored in a zero-trust environment (e.g. the public cloud - attributes encryption is agnostic to the storage technology).
  • is quickly and securely searched and extracted
  • while user access to the data is controlled by the access policies in user decryption keys.

Typical uses cases are the secure storage and secure indexing in the cloud of:

  • large transactional databases (e.g. banking transactions)
  • large directories (e.g. employees directories)
  • logs

© Copyright 2018-2022 Cosmian. All rights reserved