Hey everyone! This is XTrace. Wanted to share what we’ve been working on for the past year.
We built a private vector database from the ground up that performs similarity search on encrypted vectors. The server never sees your plaintext embeddings or documents.
The problem we’re trying to solve: every vector DB today requires plaintext on the server. If you're doing RAG over sensitive data (medical, legal, financial), your embeddings — which researchers have shown can be inverted to recover original text — sit exposed on someone else's infrastructure.
XTrace encrypts everything on your machine first. Vectors get Paillier homomorphic encryption, text gets AES-256. The server stores and searches only ciphertexts. Your keys never leave your environment.
We just open-sourced the SDK (Apache 2.0). You can run the encryption verification tests offline without even creating an account.
Trade-offs we're upfront about: there's latency overhead from the encryption operations. We're actively optimizing this. The free tier is rate-limited but fully functional.
Happy to answer questions about the crypto approach, architecture decisions, or anything else.
Comments URL: https://news.ycombinator.com/item?id=47867151
Points: 6
# Comments: 1