Data encryption is a method to protect data in a secure and reversible way. The scheme requires a secret key that is used both to encrypt and to decrypt data: it is a symmetric-key encryption scheme. The security of the scheme is based on the hardness of the best algorithm known to recover the original data, in the case a user does not have the secret key. The encrypted data can only be accessed by the users owning the key. Encryption is performed by CLARUS once at the storage stage, and the decryption is performed after recovering the encrypted data from the CSP. The keys are stored at the proxy. In this way, the CSP never has access to the plaintext data or to the keys. 

(Efficiently*) Supported operations: 
Performance impact on local premises (per data size): 
Linear on all operations. Efficient encryption/decryption
Data accuracy preservation: 
None for CSPs
Full for CLARUS users
Access of non-CLARUS users: 
Very high
Key management