>>
>> That's where we're having difficulty. Our requirements are that the
>> data must be strongly protected, but the appropriate people must be
>> able to do (often complex) searches on it that complete in record
>> time.
>>
>
> an index on the encrypted SSN field would do this just fine. if
> authorized person needs to find the record with a specific SSN, they
> encrypt that SSN and then look up the ciphertext in the database...
> done.
>
This will only work for e(lectronic?) code book ciphers, and not
chained block ciphers, since the initialization vector will randomize
the output of the encryption so that E(foo) != E(foo) just to prevent
this sort of attack.
You're looking for a hash function, since that's a one way, stable
function meant for comparing.
eric