What is the query process after enabling static encryption in TiKV?

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: TiKV开启静态加密后的查询流程是怎样的?

| username: TiDBer_zelB38Ka

Will enabling static encryption have a significant impact on query performance? Especially in the case where both index files and data files in TiKV are encrypted, reading them into memory for decryption doesn’t seem very realistic.

| username: TiDBer_aaO4sU46 | Original post link

It will have a significant impact.

| username: FutureDB | Original post link

In what scenarios is it necessary to encrypt both the index files and data files of TiKV?

| username: 哈喽沃德 | Original post link

Enabling static encryption in TiDB can have a certain impact on query performance, especially when using indexes but both the index files and data files in TiKV are encrypted. Since the data needs to be decrypted before being read into memory, this may result in additional performance overhead.

| username: TiDBer_zelB38Ka | Original post link

It’s just a question that arose when learning about one of KiTV’s static encryption features. If it only encrypts data files but not index files, does it meet the original data security expectations? If both data files and index files are encrypted, how is the use of indexes during queries implemented to minimize the overhead of decrypting the indexes? I mainly want to understand the specifics of this feature.

| username: 小于同学 | Original post link

What specific scenario is needed?

| username: TiDBer_zelB38Ka | Original post link

To enhance the security of data at rest, using static encryption will definitely require consideration of the performance impact, right?

| username: zhang_2023 | Original post link

What is the scenario?

| username: TiDBer_RjzUpGDL | Original post link

If both the index files and data files are encrypted, then each time these files are read, a decryption operation is required. This will indeed add some extra overhead because the data must be decrypted before it can be processed.

| username: redgame | Original post link

The impact is significant…