Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: Protecting Confidentiality with Encrypted Query Processing.
In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
(This is the main paper describing CryptDB.)
Raluca Ada Popa.
Building Practical Systems that Compute on Encrypted Data.
Ph.D. thesis, 2014.
(This thesis elaborates on various aspects of CryptDB.)
Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan.
Guidelines for Using the CryptDB System Securely.
In Cryptology ePrint Archive, Report 2015/979.
Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich.
An Ideal-Security Protocol for Order-Preserving Encoding.
In Proceedings of the 34th IEEE Symposium on Security and Privacy (IEEE
S&P/Oakland), San Francisco, CA, May 2013.
(This paper constructs the encryption scheme that computes order queries in CryptDB.)
Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich.
Processing Analytical Queries over Encrypted Data.
In Proceedings of the 39th International Conference on Very Large Data Bases (VLDB), Riva del Garda, Italy, August 2013.
(This paper extends CryptDB's basic design to complex analytical queries and large data sets.)
Raluca Ada Popa and Nickolai Zeldovich.
Cryptographic treatment of CryptDB's Adjustable Join.
Technical Report MIT-CSAIL-TR-2012-006, Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, March 2012.
(A formal description and analysis of CryptDB's adjustable join cryptographic scheme.)
Carlo Curino, Evan P. C. Jones, Raluca Ada Popa, Nirmesh Malviya, Eugene Wu, Sam Madden, Hari Balakrishnan, and Nickolai Zeldovich.
Relational Cloud: A Database-as-a-Service for the Cloud.
In Proceedings of the 5th Biennial Conference on Innovative Data Systems Research (CIDR 2011), Pacific Grove, CA, January 2011.
(A paper describing how CryptDB can help with hosting databases in the cloud.)
Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: A Practical Encrypted Relational DBMS.
Technical Report MIT-CSAIL-TR-2011-005, Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, January 2011.
(An earlier technical report on CryptDB, which has been superseeded by the SOSP paper above.)
git clone -b public git://g.csail.mit.edu/cryptdb
To install, read doc/README.
We will announce any significant changes to CryptDB on the cryptdb-announce mailing list.
If you are interested in using CryptDB's source code in any way or to receive announcements about CryptDB, we encourage you to subscribe to the cryptdb-announce mailing list below.
Please subscribe to the cryptdb-announce mailing list to receive announcements about updates to CryptDB.
To subscribe, fill out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you.
We no longer maintain the mailing list cryptdb-users. The list was used to ask questions about CryptDB, get help, and offer any suggestions. To see the collection of prior postings to the list, visit the archive.
SAP AG's system SEEED |
SAP AG developed a system called SEEED, which implements CryptDB's design on top of their HANA database system. SEEED uses most of the building blocks of CryptDB as well as the adjustable encryption (onion) strategy. Here are some references: Project SEEED, white paper. |
Google's Encrypted BigQuery |
Google has developed an experimental extension of the BigQuery client, known as Encrypted BigQuery, which was informed and motivated by the CryptDB paper.
It offers client-side encryption for a subset of query types, using encryption building blocks similar to the RND, HOM, and DET used in CryptDB.
Their code is available here.
|
Lincoln Laboratory |
Lincoln Labs added the CryptDB design on top of their D4M Accumulo no-SQL engine (using the RND, DET, OPE and HOM building blocks). |
Microsoft's Always Encrypted SQL Server |
Microsoft's Always Encrypted SQL Server enables administrators to encrypt columns with RND and DET. Before this service, the database in the SQL Server was in plaintext during processing. Some applications can support a lot of fields with RND and a set of other fields with DET, thus giving a significant security increase as compared to no encryption for these fields. The service is now distributed as part of the SQL Server. The authors of Microsoft's Cipherbase system led this effort; Cipherbase is a successor of CryptDB which enhances CryptDB with trusted hardware support for queries not supported on encryption.
|
Skyhigh Networks |
Skyhigh networks seems to be using most of the encryption building blocks in CryptDB. Skyhigh discusses these schemes here. |
sql.mit.edu |
sql.mit.edu is a SQL server at MIT hosting many MIT-ran applications. Volunteering users of Wordpress switched to running Wordpress through CryptDB, using our source code.
|
Startups based on CryptDB |
Privic, a startup in Silicon Valley, and Cryptonor, a startup in Europe, are both based on CryptDB's design. CryptonorDB targets no-SQL databases. |