Search in Encrypted messages, like in ProtonMail or Wire

Even though ProtonMail and Wire encrypt messages client-side and do not store raw versions on the server, emails and messages are searcheable.

Discourse too decrypts messages client-side. But it looks like the Search feature can’t see the messages that have not been loaded and decrypted by the client side.

Would be nice to have a fully fledged search feature for encrypted messages. At least I guess it is theoretically possible because some services make it happen.

What do you think?

4 Likes

It is absolutely possible to do encrypted search. The real trick is producing something that is all of secure (there are a billion ways to produce something that looks secure, but disintegrates in front of the first person who knows elementary statistics), efficient (searches of large datasets not taking too long), and effective (getting the results you wanted, not just what you asked for). It is… not easy.

This sort of thing is something of a focus of mine, as I’m the founder of the Encrypted Query Operations project (enquo.org), doing research into exactly this sort of thing. I’ve used Discourse as a testbed for practical queryable encryption (although at the moment that work is on hold while I focus on other things).

If there is sufficient interest in making this a reality, I’m certainly keen to pursue it with those who’d like to drive it forward.


Edited to add: I’ve looked into the search facilities in ProtonMail and Wire. It appears that ProtonMail uses client-side search, per this page, “We achieve this by creating a local index of your emails and storing it using your browser’s web storage.”. Wire doesn’t mention how it does search in its security whitepaper, which leads me to suspect it, too, is probably using client-side search, because otherwise the cryptographic mechanisms involved would definitely want to be disclosed in that whitepaper.

7 Likes