A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.
MongoDB headquarters building
Photograph: Michael Vi/Shutterstock

After years of data breaches, leaks, and hacks leaving the world desperate for tools to stem the illicit flow of sensitive personal data, a key advance has appeared on the horizon.

On Tuesday, MongoDB is announcing “Queryable Encryption,” a feature that will allow database users to search their data while it remains encrypted. The tool, which is debuting in preview as part of MongoDB 6.0, attempts to bridge academic cryptography findings and real-world environments so users can adopt the feature without needing advanced theoretical expertise. Crucially, Queryable Encryption is built to work with existing databases rather than requiring users to re-architect their systems before they can take advantage of it.

Institutions from businesses to governments, health care facilities, and critical infrastructure already lean on encryption to render data unintelligible (and therefore not worth stealing) when it's traveling across networks or sitting in storage. But none of that protects data when it's actively being used for legitimate reasons—looking up a patient's medical records, say, or setting up a car rental reservation. That means an attacker—including a rogue employee—could potentially gain access to data the same way a doctor or customer service agent does. This is a nut everyone wants to crack, and the database maker MongoDB has been working on possible solutions for years. Now, the company says, it has one.

“This is exactly the kind of thing that customers are wanting. We work with the biggest banks, pension systems, treasury exchanges, payment networks, pizza chains—and everyone wants better assurances,” says Kenn White, MongoDB's security principal. “And because of some practical engineering breakthroughs, it went from an academic kind of thing to something that actually could work on big databases.”

Queryable Encryption could let a bank agent investigate your account for possible fraud on a range of dates without knowing which dates specifically flagged the system. Or it could allow a customer service rep to type the first few letters of a name and start a claims process while leaving the name encrypted and indecipherable. 

Many of these breakthroughs came from Brown University cryptographer Seny Kamara and his longtime collaborator Tarik Moataz. Several years ago, the pair cofounded a searchable encrypted database startup known as Aroki Systems along with entrepreneur John Partridge. Aroki collaborated with MongoDB on a database security feature, announced in 2019, and Kamara and Moataz continued working on a prototype of a truly searchable encrypted database. In 2021, MongoDB acquired Aroki.

The Queryable Encryption system is built with a combination of established cryptographic protocols and conceptual advances Kamara and Moataz have been working on for years in an area of cryptography known as structured encryption. The approach involves encrypting data with a specific architecture so it can be searched with special tokens specific to each query without data ever being decrypted. Other techniques such as homomorphic encryption allow users to do computations on encrypted data, like adding two columns in an encrypted spreadsheet. But structured encryption is specifically focused on organizing encrypted data so it can be found without exposing the data itself.

“What we focus on is not how to do arithmetic operations on encrypted data, but how to find information fast—like really, really fast,” says Kamara, who is currently on leave from his associate professor role at Brown.

Speed is a challenge in encrypted operations, where every extra key check and computation add complications to basic operations. But MongoDB claims that searches performed with Queryable Encryption are impressively fast and won't cause unreasonable performance losses—a claim that customers will be able to test for themselves with the new preview. MongoDB is also open-sourcing much of the Queryable Encryption system, so users and other researchers can vet its underlying cryptography.

“A lot of the work is very theoretical in nature, algorithms, crypto security definitions, but for me at the end of the day I want to see something come out of it,” Kamara says. “There is a social imperative behind the work that scientists do. Working with a company at the scale of Mongo, this will be available to a huge number of people, a huge number of work loads.”

Moataz and Kamara say the big breakthrough that allowed them to move their concept from the academic world toward the real world was emulation, which enabled them to use the properties of structured encryption with existing databases that have different architectures. Like emulating Super Nintendo games on your PC or emulating Windows on a Mac, the approach creates a liminal space in which structured encryption can run on top of traditional databases.

Still, Kamara and Moataz emphasize that it's been a challenge and a learning process to collaborate with MongoDB engineers and turn the Aroki Systems prototype into something that can actually be deployed at scale around the world.

“Seny and I have been learning a lot about the constraints of real-world deployments that academics know nothing about,” Moataz says. “Models in academia are less restrictive. So we are enjoying being exposed to that and improving our models and our designs with respect to these constraints.”

Though Tuesday's release will be the first time that the public can vet Queryable Encryption in the wild, Aroki Systems had cryptographer JP Aumasson conduct technical due diligence on the cryptographic underpinning of their prototype system. And MongoDB invited University of Chicago cryptographer and searchable encryption researcher David Cash to take an early look as well. Both told WIRED that while they haven't audited the entire system deployment, the underlying cryptography appears sound. And they both emphasize that it's exciting to see a real-world searchable encryption scheme take shape after so long.

“A lot of crypto research since the 1980s has sort of been centered on how do we do this stuff, so this is a long time coming," Cash says. “Everything in cryptography is about trade-offs, and the world is complicated, so it's important to be careful about absolute statements, but that this vision is realized in some form is very exciting. And this is not at all snake oil or security theater. They're going deep on this and thinking about the important stuff carefully.”

Aumasson says that many others have claimed to offer searchable encryption without the technical depth or capability. “There have been other products advertising encrypted search, but academics would really laugh at those,” he says. “What Mongo is doing is something that is academic-compliant, and I’m very happy to see it.”