TransWikia.com

What is the best deterministic authenticated encryption algorithm to date?

Cryptography Asked by gtramontina on November 8, 2021

We have a main database where certain properties are PII and want to setup a read-only replica so other parts of the business can able to access (e.g. analytics)

We’d like those PII properties to be encrypted, so those with access to the read-only replica of the database would not be able to make sense of any PII. We’ve decided that we’re be OK with runtime en/decrypting those attributes when needed.

We also would like to enable queries that would correlate data, for example: encrypting the same email address would yield the same output.

I shall mention that I know little to nothing when it comes to cryptography… so please bear with me. I’ve looked around and eventually stumbled upon "nonce-misuse resistant" options that would produce the same output for the same input. But it feels wrong to "abuse" that by deliberatelly misusing nonce to produce the desired output. After some more digging, it seems we’re after a deterministic encryption algorithm (hence the title – please correct me if I’m wrong).

I’m seeking for advice on what would be, or how to pick, the most appropriate algorithm, given what we’re trying to achieve.

Thank you in advance!

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP