In simple words, the encryption techniques range from good-enough, more-than-enough to overkills. The choice of the encryption technique will decide the complexity and features supported to handle the encrypted data.
- 1.Deterministic Symmetric Encryption(good-enough) - The primary advantage of keeping it deterministic is so that we can support equality search on the encrypted data. Here we are stuck with a single active encryption key per tenant.
- 2.Non-deterministic Symmetric Encryption(more-than-enough) - If we are not constrained to keep the encryption deterministic, then we could also support thousands of active encryption keys per tenant to introduce more randomness to the data. With this, we cannot support equality search on the encrypted data.
Both of the above techniques have been implemented as part of the DIGIT Encryption Service. The links to the implementations are attached above.