Situation:
We collect user phone numbers and encrypt them using AES256 in GCM mode before storing them in a database. This method produces different encryption values for the same phone number input. How can we ensure the uniqueness of the input phone numbers?
Questions
- Is there another method to ensure the uniqueness of encrypted phone numbers apart from the approach I've tried?
- The issue I want to address involves receiving a contact list from users, comparing phone numbers, and returning user information if it matches a user in the app, similar to Instagram or Facebook. However, if there are 1000 numbers in the contact list, implementing my attempted method (as described above) would require encrypting or decrypting 1000 times (even if AES was altered to always produce a consistent value), which I believe to be highly inefficient. Could you provide any solutions or hints on how this problem could be approached differently?
Attempted solution:
We introduced an additional column (hash_phone) set as unique and applied SHA256 to the input phone numbers to assess uniqueness.