The encrypting party should sign or MAC a "hash chain" of the records in the database upon save, and validate on read.

Basically, do things the same way Git handles adding or removing files from a directory, but use HMACs or RSA signatures instead of plain SHA-1 hashes. So you would compute HMAC(newdata,HMAC(olddata)) on each save, and store that result with the data. newdata and olddata are some canonical sorted encoding of each data collection (or subset).

This encodes the entire history of the database into the data itself. As it can be expensive to compute MACs of everything on every save, you can break things up like Git does, into "directories" of object groups, so you don't need to re-MAC all items on every save. Basically, a Merkle Tree.

The encrypting party should sign or MAC a "hash chain" of the records in the database upon save, and validate on read.

Basically, do things the same way Git handles adding or removing files from a directory, but use HMACs or RSA signatures instead of plain SHA-1 hashes. So you would compute HMAC(newdata,HMAC(olddata)) on each save, and store that result with the data. newdata and olddata are some canonical sorted encoding of each data collection (or subset).

This encodes the entire history of the database into the data itself. As it can be expensive to compute MACs of everything on every save, you can break things up like Git does, into "directories" of object groups, so you don't need to re-MAC all items on every save. Basically, a Merkle Tree.