End-to-end Encryption

End-to-end (E2E) encryption ensures that only the client can decrypt sensitive data. The server evaluates encrypted computations without seeing plaintext vectors, queries, or scores.

Key Roles

• Secret Key: Held by the client; never sent to the server.

• Public/Evaluation Keys: Shared with the server to enable encrypted computation.

Data Insert

Encrypted Search

Guarantees

• Server never needs the client’s secret key.

• Index data remains encrypted at rest and during computation.

• Ciphertext queries further protect user intent and context.