Is SQL Server 2016’s Deterministic Encryption any good?

The currently published documentation on what that deterministic encryption really does is not sufficient to come to any definitive conclusion.

What can be said is that such deterministic encryption may be designed and implemented ‘properly’, in which case it incurs no extra weakness beyond the ones inherent to its functionality: namely, that if two values are identical, they will be encrypted to the same value, and this will be visible to the attacker. This is a big unavoidable problem if the values are in a small enough set (e.g. a boolean true/false).

Existing documentation seems to imply that the underlying encryption algorithm is ‘AEAD_AES_256_CBC_HMAC_SHA_256’, which says both a lot, and not nearly enough to actually know what runs under the hood. A ‘proper’ implementation that matches the documentation would compute the IV for CBC encryption with EK(SHA-256(m)) (symmetric encryption of the hash of the complete data to encrypt). Such an implementation would avoid the ECB/Penguin issue. However, it is not clear whether this is what Microsoft actually implemented.

Leave a Reply

Your email address will not be published. Required fields are marked *