What is Deterministic Encryption?
An encryption scheme where the same plaintext always produces the same ciphertext, enabling exact-match searches on encrypted data at the cost of some security.
Deterministic encryption sacrifices some security for the ability to search and compare encrypted values.
Use Case
- Database column encryption where you need to query exact matches
- Example: Encrypt SSNs but still find records by SSN
- The server never sees the plaintext but can perform equality checks
Security Trade-off
- Reveals which ciphertexts share the same plaintext (frequency analysis)
- Significantly weaker than randomized encryption
- Should only be used when the search capability is essential
Alternatives
- Homomorphic encryption: Compute on encrypted data without deterministic weakness
- Searchable encryption: More complex schemes that support search with better security
- Client-side search: Decrypt on the client and search locally
Related Terms
Encryption
The process of converting information into a code to prevent unauthorized access. Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a cryptographic algorithm and key. Only those with the correct key can decrypt and read the original data.
Homomorphic Encryption
A form of encryption that allows computations to be performed on encrypted data without decrypting it first, preserving privacy during processing.
Have more questions?
Use our guided flow to get the right next privacy step for Deterministic Encryption.
Open Guided Flow