Re: Encryption in pg_dump

Hello Paul,

You are correct. If third party applications rely on the FHE encrypted
data, then they will need to change the way they quire it. But if it's
companies sensitive internal data stored outside (e.g. in a cloud) and the
company ist the only one that calculates on it, then it may be worth
looking into that.

As of 2018 I didn't see (maybe I've missed some) any commercial
implementation of FHE, but that might have been changed by now, since it's
a rapidly growing wide supported subject.

I didn't use Windows at all, everything ran on Linux.

Best regards,
Tal

Paul Förster <paul(dot)foerster(at)gmail(dot)com> schrieb am Do., 23. Juli 2020, 11:05:

> Hi Tal,
>
> > On 23. Jul, 2020, at 10:27, Tal Glo <glozmantal(at)gmail(dot)com> wrote:
> > There is a way to implement full homomorphic encryption (FHE) with
> Postgres.
>
> ok.
>
> > I've used a relatively old version (2.3.1) of Microsoft's SEAL library
> in my University project for that.
>
> I don't know about Windows but I assume, Linux would be similar?
>
> > 2. Handling queries related to FHE encrypted attributes on the server
> side requires an implementation of own C language functions.
>
> we don't do that. Also, we have third party applications. In case they
> need to be modified, this is impossible.
>
> > It's not always a good Idea to say that something cannot be done or that
> some one needs to be replaced. Sometimes it's worth to develop some new
> process, based on a mixture of available technologies out there.
>
> right, but only if it makes sense. To put a wallet in the file system and
> its key right next to it does not make sense but only serves to make IT
> heads and security "gurus" go quiet. In these cases, only replacing them by
> competent ones helps.
>
> Cheers,
> Paul