Beyond Encryption: A New Approach to Database Confidentiality

by

Author: Denis Avetisyan

Researchers have developed a novel database system that prioritizes performance without sacrificing data security, offering a compelling alternative to traditional encryption-based methods.

Current confidential data block (CDB) architectures necessitate two decryption steps and a single encryption during cross-domain communication, creating substantial computational bottlenecks.
Current confidential data block (CDB) architectures necessitate two decryption steps and a single encryption during cross-domain communication, creating substantial computational bottlenecks.

Fadb decouples data indirection from cryptographic protection using ‘crypto-free mappings’ within Trusted Execution Environments to optimize performance and enhance security.

While confidential databases (CDBs) offer a promising path to secure data processing in untrusted environments, their widespread adoption is hampered by substantial performance overhead from frequent cryptographic operations. This paper, ‘Confidential Databases Without Cryptographic Mappings’, introduces FEDB, a novel CDB design that decouples data indirection from cryptographic protection via ‘crypto-free mappings’. By removing cryptographic operations from the critical path, FEDB achieves up to 78.0x speedup on industry-standard benchmarks like TPC-C and TPC-H. Could this approach unlock truly scalable and practical confidential computing solutions for sensitive data analysis?

Deconstructing Data Security: The Centralization Paradox

Contemporary data management increasingly depends on cloud-based databases and Database-as-a-Service (DBaaS) solutions, a shift that, while offering scalability and cost benefits, introduces concentrated security risks. This centralization creates a compelling target for malicious actors; a successful breach of a cloud provider or a compromised administrative account can expose vast quantities of sensitive data. Unlike traditional, distributed data storage, where impact is often limited to individual systems, these modern infrastructures present a single point of failure. The inherent complexity of managing access controls and maintaining data integrity across numerous virtualized environments further exacerbates these vulnerabilities, demanding innovative security approaches beyond conventional perimeter defenses and encryption methods.

Conventional data-at-rest protection, such as full-disk encryption, operates at a broad level, securing entire volumes or storage devices. While providing a foundational layer of security, this approach frequently introduces significant performance penalties due to the need to encrypt and decrypt large swathes of data, even when accessing only small portions. Moreover, these methods lack the granularity to enforce access controls at the individual data element level – meaning all data within the encrypted volume is equally protected, regardless of sensitivity. This creates a trade-off between security and usability, and can hinder efficient data processing, particularly in modern applications requiring real-time access to specific data fields. The inherent limitations of these traditional techniques are prompting a search for more refined and performant security solutions.

Contemporary data management demands precise access control without sacrificing performance, a challenge traditional security measures often struggle to meet. Full-disk encryption and similar techniques, while broadly protective, frequently introduce significant latency and lack the ability to selectively shield specific data elements within a database. This limitation fuels growing interest in Confidential Databases, which promise a more nuanced approach. These systems aim to provide fine-grained control over data access, enabling organizations to protect sensitive information at the field level while minimizing the operational overhead typically associated with robust security protocols. The escalating volume of data, coupled with increasingly stringent regulatory requirements, is therefore accelerating the demand for solutions that deliver both security and efficiency, positioning Confidential Databases as a crucial innovation in modern data infrastructure.

Confidential Databases represent a fundamental change in how data is secured, moving beyond traditional perimeter-based defenses. Instead of encrypting data at rest or in transit, these systems utilize Trusted Execution Environments (TEEs) – secure enclaves within the processor – to protect data while it is being processed. This means sensitive information remains encrypted even within the database’s memory, shielding it from malicious insiders, compromised administrators, and even certain types of software vulnerabilities. By isolating data processing within these TEEs, Confidential Databases offer a significantly enhanced level of protection, enabling organizations to confidently utilize cloud-based database services without exposing their most valuable assets. This approach minimizes performance overhead compared to full-disk encryption and provides granular control over data access, representing a crucial step towards a more secure and privacy-preserving data landscape.

Fedb demonstrates significant performance gains over HEDB on TPC-H queries, achieving speedups ranging from 1.0<span class="katex-eq" data-katex-display="false"> imes</span> to 78.0<span class="katex-eq" data-katex-display="false"> imes</span> when normalized to plaintext PostgreSQL execution times.
Fedb demonstrates significant performance gains over HEDB on TPC-H queries, achieving speedups ranging from 1.0 imes to 78.0 imes when normalized to plaintext PostgreSQL execution times.

Fedb: Subverting Encryption’s Bottleneck

Fedb is a Confidential Database (CDB) system engineered to optimize performance by minimizing cryptographic operations during data access. Traditional CDBs rely on encrypting data at rest and decrypting it during query processing, introducing significant overhead. Fedb avoids this by utilizing a novel approach that separates data identification from encryption. This design allows for direct access to plaintext data within Trusted Execution Environments (TEEs) without requiring decryption for every query, resulting in substantially reduced latency and increased throughput while preserving data confidentiality. The system is specifically designed to remove cryptographic steps from the critical path of database operations, enabling performance comparable to unencrypted databases without compromising security.

Fedb employs Crypto-Free Mappings to optimize data access within Trusted Execution Environments (TEEs). This technique establishes a binding between data-independent Field Identifiers (FIDs) and the plaintext values of specific data fields stored inside the TEE. Crucially, this mapping allows applications to directly access data using the FID without requiring a decryption step, as the data is already in plaintext within the secure enclave. By decoupling the identifier from the encrypted data, Fedb avoids the performance overhead associated with traditional field-level encryption and decryption operations, facilitating faster data retrieval and manipulation.

Traditional field-level encryption (FLE) techniques introduce ciphertext expansion, whereby the encrypted data occupies more storage space than the original plaintext. This expansion directly impacts performance due to increased I/O requirements and memory consumption. Furthermore, FLE necessitates decryption operations for every data access, adding computational overhead to the critical path. The magnitude of performance penalties associated with FLE is directly proportional to the volume of encrypted fields and the frequency of data access. Unlike FLE, systems like Fedb avoid these penalties by operating on plaintext data within a Trusted Execution Environment (TEE) and utilizing data-independent identifiers, thereby eliminating the need for decryption during typical database operations.

The Fedb system’s Mapping Store is central to its data management strategy, functioning as a persistent metadata repository that associates Field Identifiers (FIDs) with plaintext field locations within Trusted Execution Environments (TEEs). This store efficiently manages the FID-to-plaintext mapping, enabling direct access to data without requiring decryption operations. Data within the Mapping Store is segregated into two partitions: Temporary and Permanent. The Temporary Partition stores mappings for active transactions and is cleared upon completion, while the Permanent Partition holds mappings for persistent data, ensuring data confidentiality and integrity across system restarts. This partitioning scheme optimizes performance by minimizing the scope of data requiring secure storage and reducing the overhead associated with mapping maintenance.

Fedb utilizes a federated learning architecture with local training and global model aggregation to enable collaborative learning without direct data exchange.
Fedb utilizes a federated learning architecture with local training and global model aggregation to enable collaborative learning without direct data exchange.

Performance Under the Microscope: Benchmarking Reality

Fedb has been evaluated using the Transaction Processing Performance Council’s TPC-C and TPC-H benchmarks, which are widely recognized for measuring database performance in transactional and analytical processing scenarios, respectively. Performance on these benchmarks demonstrates Fedb’s capability to efficiently manage and process complex database operations. TPC-C focuses on simulating an online transaction processing (OLTP) environment, while TPC-H emphasizes decision support systems and analytical queries. Results from these benchmarks indicate Fedb’s suitability for both high-volume transaction processing and data analysis tasks, validating its architecture for a broad range of database applications.

Performance evaluations demonstrate Fedb significantly outperforms existing Confidential DataBase (CDB) systems, specifically HEDB, on the TPC-H benchmark. Peak speedup achieved by Fedb is 78.0x, while the average speedup across multiple runs is 3.7x. Importantly, Fedb attains 91.3% of the performance observed with a plaintext, non-confidential database implementation, indicating a relatively low performance overhead introduced by the confidentiality mechanisms.

Fedb employs a Write-Ahead Log (WAL) to guarantee data durability and consistency during database operations. The WAL records all modifications to data before they are actually applied to the database files on disk. This ensures that even in the event of a system crash or power failure, the database can be restored to a consistent state by replaying the log entries. Specifically, the WAL persists intended changes prior to physical data modification, allowing for atomic commit and rollback operations. This mechanism is fundamental for maintaining data integrity and reliability in transactional database systems, preventing data loss and corruption.

Fedb incorporates Remote Attestation to validate the integrity of its code execution environment within a Trusted Execution Environment (TEE). This process leverages ARM Secure EL2 hardware capabilities to cryptographically verify that the Fedb kernel and associated code running inside the TEE have not been tampered with. Remote Attestation provides a third party, such as a database administrator or auditor, with evidence that the code’s integrity is maintained before sensitive data is processed, mitigating the risk of malicious code execution and enhancing overall system security. The attestation report includes a cryptographic signature linked to a known-good code image, ensuring only authorized and verified code is executed within the secure enclave.

Fedb consistently outperforms HEDB in microbenchmark throughput, demonstrating its superior performance.
Fedb consistently outperforms HEDB in microbenchmark throughput, demonstrating its superior performance.

Beyond Speed: Architectural Echoes and Future Trajectories

The architecture of Fedb draws a striking parallel to Capability Systems, a long-established but often complex approach to data security. Instead of relying on traditional access control lists, Fedb employs indirect identifiers, termed FIDs, and meticulously managed mappings to govern data access. This allows for a remarkably fine-grained control model where access isn’t simply granted or denied, but rather authorized based on the specific ‘capability’ – the FID – held by the requesting party. Essentially, possessing the correct FID is the authorization, removing the need for centralized permission checks and bolstering security. This approach not only minimizes the risk of unauthorized data access, but also provides a flexible and scalable framework for managing complex data permissions in modern computing environments, echoing the core principles of Capability Systems while optimizing for performance and efficiency.

Fadb’s architecture is designed to optimize data locality, a critical factor in system performance. By strategically placing data close to the processing units that require it, the system drastically reduces the need to retrieve information from slower storage tiers. This minimization of data movement directly translates to lower I/O overhead, as the system spends less time waiting for data and more time actively processing it. The resulting enhancement in data access speed contributes to a significant boost in overall performance, allowing for faster query execution and improved responsiveness, particularly in data-intensive applications. This focus on locality represents a departure from traditional approaches, where data access often involves substantial delays due to the physical distance between processing and storage.

Fadb’s design prioritizes energy efficiency through a strategic reduction in computationally intensive cryptographic operations. Traditional confidential computing systems often rely heavily on encryption and decryption for every data access, leading to significant energy expenditure – a growing concern for large-scale data centers. By employing indirect identifiers and controlled access mappings, Fadb minimizes the need for frequent cryptographic processing, instead focusing it on initial data access and mapping creation. This approach not only accelerates data retrieval but also substantially lowers the overall energy footprint of data management, aligning with growing demands for sustainable computing practices and reduced environmental impact within cloud infrastructures. The resulting decrease in energy consumption represents a significant step towards more ecologically responsible data handling.

A significant benefit of the Fedb system lies in its markedly reduced storage footprint; comparative analysis demonstrates a storage overhead reduction ranging from 34.3% to 80.0% when contrasted with the HEDB architecture. This efficiency stems from innovative data structuring and the minimization of redundant information, directly translating to lower resource requirements for data management. Consequently, Fedb not only enhances performance but also presents a compelling solution for environments where storage capacity is limited or cost is a primary concern, offering a substantial advantage in practical deployment scenarios and contributing to more sustainable data infrastructure.

The advent of Fedb represents a significant stride towards realizing the full potential of confidential computing within cloud infrastructures. By enabling secure data processing without exposing sensitive information, this system directly addresses growing concerns regarding data privacy and security in shared computing environments. This innovative approach not only safeguards data at rest and in transit, but also facilitates more efficient data handling, reducing both computational overhead and storage requirements. Consequently, Fedb positions cloud providers to offer enhanced security guarantees, attract privacy-conscious clients, and optimize resource utilization – ultimately fostering a more trustworthy and sustainable cloud ecosystem where data can be leveraged without compromising confidentiality.

Fedbach achieves up to an 1.8x speedup in TPC-C throughput compared to HEDB when utilizing 128 warehouses.
Fedbach achieves up to an 1.8x speedup in TPC-C throughput compared to HEDB when utilizing 128 warehouses.

The pursuit of efficiency, as demonstrated by Fedb’s decoupling of data indirection from cryptographic protection, echoes a fundamental principle of system understanding: dismantling to rebuild. This paper doesn’t accept the assumed limitations of confidential database performance; instead, it dissects the traditional model to reveal opportunities for optimization. Ada Lovelace observed, “The Analytical Engine has no pretensions whatever to originate anything. It can do whatever we know how to order it to perform.” Fedb, similarly, doesn’t invent new cryptographic methods, but rather reorders existing components – specifically, the ‘crypto-free mappings’ – to achieve demonstrably improved performance. It’s a testament to the power of reverse-engineering, of recognizing that the most elegant solutions often lie in a novel arrangement of established principles.

What Lies Ahead?

The decoupling of indirection from cryptographic protection, as demonstrated by Fedb, represents a deliberate fracturing of established paradigms. It’s a necessary violence, really. Existing confidential database systems have, for too long, treated performance as an unavoidable tax on security. This work suggests that tax is, at least partially, self-imposed. The immediate challenge isn’t simply refining Fedb itself, but exploring the limits of this separation. How far can one push the abstraction of data access before the resulting indirection introduces vulnerabilities of its own? The system implicitly bets on the trustworthiness of the trusted execution environment; a wager that demands continuous, adversarial testing.

A fruitful line of inquiry lies in formalizing the security guarantees offered by ‘crypto-free mappings’. Current analyses largely rely on intuitive arguments; rigorous proof is essential. Beyond that, the concept could extend beyond databases. Consider its application to memory management, or even operating system kernels. The principle – shifting security enforcement from data transformation to access control – is broadly applicable. It’s a provocation: if security doesn’t inherently slow things down, what else have we mistakenly accepted as fundamental limitations?

Ultimately, Fedb isn’t about building a faster confidential database; it’s about questioning the very foundations of confidential computing. It asks: what if the problem isn’t how to encrypt data, but where the encryption needs to happen? That’s the kind of unsettling question that drives genuine progress.

Original article: https://arxiv.org/pdf/2603.18836.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2026-03-22 23:31