The blindfold library provides functions for encrypting/decrypting and secret sharing data stored in individual nilDB nodes and nilDB clusters. Blindfold supports store, match, and sum operations across single-node and multi-node configurations with various cryptographic implementations.
LIBRARY IMPLEMENTATIONS
Demos
STORE
Encrypt data for secure storage on cluster nodes using authenticated encryption or secret sharing.
MATCH
Generate deterministic hashes for privacy-preserving search and matching operations.
SUM
Perform secure addition on encrypted integers using homomorphic encryption or secret sharing.
OPERATION REFERENCE
| NODES | CLUSTER | OPERATION | IMPLEMENTATION | SUPPORTED TYPES |
|---|---|---|---|---|
| single node | store | XSalsa20 stream cipher + Poly1305 MAC | 32-bit signed integer; UTF-8 string (4096 bytes) | |
| multiple nodes | store | XOR-based secret sharing | 32-bit signed integer; UTF-8 string (4096 bytes) | |
| single node | match | deterministic salted hashing via SHA-512 | 32-bit signed integer; UTF-8 string (4096 bytes) | |
| multiple nodes | match | deterministic salted hashing via SHA-512 | 32-bit signed integer; UTF-8 string (4096 bytes) | |
| single node | sum | non-deterministic Paillier with 2048-bit primes | 32-bit signed integer | |
| multiple nodes | sum | additive secret sharing (no threshold; prime modulus 2^32 + 15) | 32-bit signed integer | |
| multiple nodes | sum | Shamir's secret sharing (with threshold; prime modulus 2^32 + 15) | 32-bit signed integer |
KEY MANAGEMENT
SecretKey
Contains blinding masks for exclusive access control. Requires deterministic seed for reproducible key generation.
ClusterKey
Coordination key without cryptographic material. Used for cluster management and node coordination.