Cryptographic Relational Algebra

Data protection in computer systems is a rather complex problem. Data has to be protected while it is in memory, during communication and while it is stored on mass storage devices. During computation the central processor executes instructions and operates on data that are in readable form. The problem of operating on encrypted data was first considered by Rivest et al [4]. However, notrivial privacy homomorphisms do not exist. Thus it seems that isolation of users is the only alternative if security and privacy is to be achieved. However, in practice isolation is difficult to enforce. Worse, when user to user communication is allowed, more serious loopholes develop. Even though the problems of protection in Operating Systems in general are difficult, one does not have to settle for no security. Encryption allows the protection of data even when good security measures are lacking in an Operating System. In fact it is possible to design operating systems with improved protection using encryption [3]. In this paper we shall consider the problems of encrypted relational datsbases and show that it is possible under some circumstances to perform relational operations without decrypting an entire record.