The approach that I would take here is ... secure the channel. Use certificates to authenticate the users (and to secure the communications with each). Use existing standard protocols to do this, not one that you have rolled. Put the information on a highly-secured server which will only communicate with bearers of currently-valid credentials. The information that passes through the secured channel can be plaintext, since it passes between parties with mutually-assured identities. The database files are encrypted using a key known only to the server: these services are already readily-available in any major server. I would advocate avoiding use of deterministic encryption altogether, because I do not think it will ever provide the data-security and data-integrity that you need.
I fail to see why you should be having to “roll your own anything” to accomplish this... This is hardly an atypical or novel requirement.