Mylar is an experimental research platform for building web applications with end-to-end encryption. Mylar encrypts data fields indicated as sensitive by a developer.

Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server (e.g., an attacker, a curious administrator, or a government) can obtain all of the data stored there.

Mylar stores sensitive data encrypted on the server, and decrypts that data only in users' browsers. Mylar addresses three challenges in making this approach work. First, Mylar allows the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys. Second, Mylar allows users to share keys and encrypted data securely in the presence of an active adversary. Finally, Mylar ensures that client-side application code is authentic, even if the server is malicious. Results with a prototype of Mylar built on top of the Meteor framework are promising: porting 6 applications required changing just 36 lines of code on average, and the performance overheads are modest, amounting to a 17% throughput loss and a 50 ms latency increase for sending a message in a chat application.

Response to "Breaking web applications built on top of encrypted data" (CCS 2016) by P. Grubbs, R. McPherson, M. Naveed, T. Ristenpart and V. Shmatikov.

People Publications Security Guarantees Software Applications



Security guarantees

Mylar provides end-to-end encryption for data fields a developer marks with encrypted. In addition, Mylar provides two defenses against active attacks: an attacker who controls the server cannot tamper with the client software in a way that the client does not detect, and the attacker cannot serve incorrect keys to clients during key distribution. For fields marked as searchable (which allow search on the encrypted data at the server), Mylar provides a different security guarantee, which is common among existing searchable encryption schemes. The Mylar paper elaborates on these guarantees in the section "Security guarantees", explaining concretely what Mylar gives and what it does not give.

A paper by Grubbs et al. (2016) considers three attack scenarios against Mylar: two of these are out of scope for Mylar (as Grubbs et al. acknowledge), and the third is prevented by Mylar. We elaborate on a separate page.


Disclaimer: Mylar's code is an experimental research prototype and not a product. The released version is for a passive attacker (the active attacker version is not ready for release). We do not guarantee that the implementation faithfully implements the system design, and there might be bugs or incompletely implemented features, so please use the paper as a reference. If you notice something is missing or buggy, please contribute and fix it! We are releasing the source code in the hope that the community will contribute to it and take it further.

Play with Mylar! Download it using git, and then follow the instructions in

git clone -b public git://

Our initial software (above) is based on an old version of Meteor, and hasn't been updated to Meteor's latest release. Thomas Steinhauer has ported Mylar to recent Meteor releases, which you can obtain below. Note that we did not validate this version.


For more information on Mylar, contact mylar AT mit DOT edu.


Mylar is an experimental research prototype and not a product.

In our evaluation, we tested Mylar using existing applications including a medical application (performing a survey of patients suffering from endometriosis) led by surgeons from Newton-Wellesley hospital. This medical application does not use search, but uses the other features of Mylar. We also tested Mylar on an existing chat application and on a class assignment submission website (for the MIT class 6.858), as well as on experimental prototypes of a calendar, a forum application and a photo sharing application. We found that these applications can be ported to Mylar with minimal annotations and incurs a modest overhead.

Mylar's core has inspired some ideas in a startup PreVeil, but PreVeil aims at a different and simpler problem space, where it provides a more complete set of security properties than Mylar aimed at: it encrypts all the data at the server including metadata, it supports user access revocation, it protects against a broader range of active attacks, it provides user accountability, and does not use Mylar's search.

App photo     App photo