CipherSweet: Searchable Encryption Doesn't Have to be Bitter
Back in 2017, we outlined the fundamentals of searchable encryption with PHP and SQL. Shortly after, we implemented this design in a library we call CipherSweet.
Our initial design constraints were as follows:
- Only use the cryptography tools that are already widely available to developers.
- Only use encryption modes that are secure against chosen-ciphertext attacks.
- Treat usability as a security property.
- Remain as loosely schema-agnostic as possible, so that it's possible to use our
design in NoSQL contexts or wildly different SQL database layouts.
- Be extensible, so that it may be integrated with many other products and services.
Today, we'd like to talk about some of the challenges we've encountered, as well as some
of the features that have landed in CipherSweet since its inception, and how we believe
they are beneficial for the adoption of usable cryptography at scale.
If you're not familiar with cryptography terms, you may find this page useful.
Continue Reading this Blog Post »