Database Reference
In-Depth Information
$
ebq --master_key_filename=ebq.key query "
SELECT word, COUNT(word_count)
FROM ch13.enc_shakes
GROUP BY word"
Error in query string: Cannot GROUP BY probabilistic
encryption.
Another interesting encryption mode is homomorphic, which can be used
only for numeric fields (integers and floats). This tells Encrypted BigQuery
to encrypt the fields in a way that you can still do math on them. One
downside of encrypting numbers normally is that they no longer act like
numbers. That is, the query engine doesn't know how to sum them, for
example, unless you decrypt them first. Fear not, homomorphic encryption
to the rescue! Although describing the math behind
homomorphic
encryption
is beyond the scope of this topic, we can say that it is a special
encryption form that allows you to add two encrypted values to get their
encrypted sum without ever decrypting the data.
There is a special SQL function that the BigQuery query engine implements
to allow the addition of encrypted values—
PAILLIER_SUM()
. Encrypted
BigQuery turns your
SUM()
aggregations over encrypted fields into
PAILLIER_SUM()
. You can use
PAILLIER_SUM
on your own to perform
homomorphic encryption; you don't need to rely on
ebq
to do it for you. The
following query sums the homomorphically-encrypted field
word_count
and filters by the pseudonym-encrypted field
corpus
.
$
ebq --master_key_filename=ebq.key query "
SELECT sum(word_count)
FROM ch13.enc_shakes
WHERE corpus = 'hamlet'"
Waiting on bqjob_… (1s) Current status: DONE
+-----------------+
| SUM(word_count) |
+-----------------+
| 32446.0 |
+-----------------+
You can see that this is the same value we'd get from computing the sum on
the unencrypted table:
