This is fascinating. Awesome work!<p>An encrypted server-side database with client-side decryption definitely seems like a great building block for private, secure applications! However, my ideal building block for the data-layer would take one step further: by only storing data on the client, and be able to synchronize between separate clients in a fully distributed manner.<p>This would open up the door to purely client-side applications with zero-knowledge sync clients that can be <i>optionally</i> hosted on servers to improve availability without any compromises to privacy. It also has the potential to offer better-than-centralized UX due to the fact that all data is available locally, so there is no network roundtrip to be concerned with. A centralized solution like ZeroDB definitely still has it's place though, especially in applications that involve sharing and collaboration between multiple users, and in applications where the size of each user's dataset is too large to be managed fully locally.<p>My previous project, Toc Messenger [1], used a custom encryption layer over remoteStorage [2] to achieve something close to this, but remoteStorage is not a fully distributed protocol, and has to rely on the existence of a centralized storage server to function. For my next project, I'm hoping to experiment with something like Swarm [3] for the data layer instead, which uses CRDTs for conflict resolution and supposedly supports direct P2P sync in the upcoming 1.0 release [4].<p>[1] <a href="http://toc.im/" rel="nofollow">http://toc.im/</a><p>[2] <a href="http://remotestorage.io/" rel="nofollow">http://remotestorage.io/</a><p>[3] <a href="https://github.com/gritzko/swarm" rel="nofollow">https://github.com/gritzko/swarm</a><p>[4] <a href="http://swarmjs.github.io/articles/2of5/" rel="nofollow">http://swarmjs.github.io/articles/2of5/</a>