We would try to ensure only an authenticate entities could ask queries, but it is reasonable to assume the attacker has been clever enough to figure a way around that. And in particular if the attacker is the storage system itself, it does have a way around it.
However "Craft a query" implies to me know what you are asking. The storage has encrypted data, does some homomorphic operations on the data it has and encrypted data it has been sent - ("the query"). This operation yields unencrypted data - which effectively a "yes/no" to send some data it has stored back.
So yes, in the sense that the server can dream up throw random queries at the database and see what it says - it can "craft queries". But since it has no idea what it is asking it is of limited usefulness.
The trigger for my comment is what these people aiming for - a complete and fast set of homomorphic operations, seems like it is a long, long away away. But we don't need that to change the world. All we need are a set of homomorphic operations for querying a database. And even that turns out to be simpler than it sounds - all you need to implement is a homomorphic range query. That sounds plausible to me, so plausible I've made it a personal hobby project.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds