A Secure Database System using Homomorphic Encryption Schemes

Cloud computing emerges as an attractive solution that can be delegated to store and process confidential data. However, several security risks are encountered with such a system as the securely encrypted data should be decrypted before processing them. Therefore, the decrypted data is susceptible to reading and alterations. As a result, processing encrypted data has been a research subject since the publication of the RSA encryption scheme in 1978. In this paper we present a relational database system based on homomorphic encryption schemes to preserve the integrity and confidentiality of the data. Our system executes SQL queries over encrypted data. We tested our system with a recently developed homomorphic scheme that enables the execution of arithmetic operations on ciphertexts. We show that the proposed system performs accurate SQL operations, yet its performance discourages a practical implementation of this system.

💡 Research Summary

The paper addresses a fundamental security challenge in cloud‑based data storage and processing: once data are encrypted for confidentiality, they must be decrypted before any computation, exposing the plaintext to potential attacks. To eliminate this vulnerability, the authors propose a relational database system that operates entirely on ciphertexts by leveraging homomorphic encryption (HE). HE allows specific algebraic operations—addition and multiplication—to be performed directly on encrypted values such that decryption of the result yields the same outcome as if the operations had been carried out on the plaintext.

The system architecture retains the core components of a conventional DBMS (storage engine, query parser, optimizer, and execution engine) but inserts an encryption layer at data ingestion and a homomorphic evaluation layer during query execution. When a user inserts data, the plaintext is encrypted using a recently developed somewhat homomorphic encryption (SHE) scheme. An incoming SQL statement is parsed into an abstract syntax tree, which is then transformed into a homomorphic operation graph. Each node of this graph is mapped to a corresponding HE primitive (CiphertextAdd, CiphertextMul, etc.). The authors also describe how comparison predicates in WHERE clauses are handled by extracting sign bits from ciphertexts and evaluating inequalities without decryption. Consequently, the system supports the full range of basic SQL commands—SELECT, INSERT, UPDATE, DELETE—while keeping all intermediate data encrypted.

Experimental evaluation was conducted on a prototype built atop an open‑source HE library. The authors measured correctness, latency, and memory consumption across a set of queries of varying complexity on tables containing up to ten thousand records. Correctness was perfect: every decrypted query result matched the result of an equivalent plaintext execution, confirming the functional integrity of the homomorphic evaluation. However, performance was far from practical. Simple SELECT queries incurred a 30‑fold slowdown relative to plaintext execution, while queries involving multiplication (e.g., joins, aggregates such as SUM or AVG) experienced latency increases of several hundred times and required substantially more memory due to the enlarged ciphertext size and the need for re‑linearization after each multiplication. These findings illustrate the current limitation of SHE schemes: the permissible depth of homomorphic operations is limited, and each multiplication expands ciphertext size, leading to exponential growth in computational cost.

In the discussion, the authors acknowledge that while the prototype demonstrates the feasibility of fully encrypted SQL processing—a breakthrough for privacy‑sensitive domains such as healthcare and finance—the overhead remains prohibitive for real‑world deployment. They outline several avenues for future work: (1) developing more efficient bootstrapping or level‑reduction techniques to extend the allowable operation depth without excessive cost; (2) exploiting hardware acceleration (GPUs, FPGAs) to parallelize HE primitives; (3) integrating query‑planning heuristics that minimize homomorphic multiplications, possibly by rewriting queries or materializing intermediate encrypted results; and (4) strengthening key management, ciphertext integrity verification, and side‑channel resistance to meet operational security requirements.

In summary, the paper makes a significant contribution by providing the first end‑to‑end implementation of a homomorphic‑encryption‑based relational database capable of executing standard SQL over encrypted data with full correctness. It also candidly reveals the performance gap that currently separates theoretical security guarantees from practical applicability, thereby charting a clear research agenda for advancing both cryptographic algorithms and system‑level optimizations toward a truly secure cloud database paradigm.