Show HN: XTrace – Encrypted vector DB (search embeddings without exposing them)
Hey everyone! This is XTrace. Wanted to share what we’ve been working on for the past year. We built a private vector database from the ground up that performs similarity search on encrypted vectors. The server never sees your plaintext embeddings or documents. The problem we’re trying to solve: every vector DB today requires plaintext on the server. If you're doing RAG over sensitive data (medical, legal, financial), your embeddings — which researchers have shown can be inverted to recover original text — sit exposed on someone else's infrastructure. XTrace encrypts everything on your machine first. Vectors get Paillier homomorphic encryption, text gets AES-256. The server stores and searches only ciphertexts. Your keys never leave your environment. We just open-sourced the SDK (Apache 2.0). You can run the encryption verification tests offline without even creating an account. Trade-offs we're upfront about: there's latency overhead from the encryption operations. We're actively optimizing this. The free tier is rate-limited but fully functional. Happy to answer questions about the crypto approach, architecture decisions, or anything else.
Discussion Highlights (2 comments)
fromaustinc
I was thinking about this as well especially when all the AI tools we're using are keeping our conversations and data. Not sure if this solution can solve it though, since all that data will still go through them even if i can encrypt it in XTrace. thoughts? Will give it a try!
felix_xtrace
Founder of XTrace here. Happy to share how we built the homomorphic encryption to make semantic search on ciphertext fast enough to be practical, and to go deeper on the cryptography and security model if useful.