Abstract
We propose a new garbled RAM construction called NanoGRAM, which achieves an amortized cost of \(\widetilde{O}(\lambda \cdot (W \log N + \log ^3 N))\) bits per memory access, where \(\lambda \) is the security parameter, W is the block size, and N is the total number of blocks, and \(\widetilde{O}(\cdot )\) hides \({\textsf{poly}} \log \log \) factors. For sufficiently large blocks where \(W = \varOmega (\log ^2 N)\), our scheme achieves \(\widetilde{O}(\lambda \cdot W \log N)\) cost per memory access, where the dependence on N is optimal (barring \({\textsf{poly}} \log \log \) factors), in terms of the evaluator’s runtime. Our asymptotical performance matches even the interactive state-of-the-art (modulo \({\textsf{poly}} \log \log \) factors), that is, running Circuit ORAM atop garbled circuit, and yet we remove the logarithmic number of interactions necessary in this baseline. Furthermore, we achieve asymptotical improvement over the recent work of Heath et al. (Eurocrypt ’22). Our scheme adopts the same assumptions as the mainstream literature on practical garbled circuits, i.e., circular correlation-robust hashes or a random oracle. We evaluate the concrete performance of NanoGRAM and compare it with a couple of baselines that are asymptotically less efficient. We show that NanoGRAM starts to outperform the naïve linear-scan garbled RAM at a memory size of \(N = 2^9\) and starts to outperform the recent construction of Heath et al. at \(N = 2^{13}\).
Finally, as a by product, we also show the existence of a garbled RAM scheme assuming only one-way functions, with an amortized cost of \(\widetilde{O}(\lambda ^2 \cdot (W \log N + \log ^3 N))\) per memory access. Again, the dependence on N is nearly optimal for blocks of size \(W = \varOmega (\log ^2 N)\) bits.
Author ordering is randomized. The full version of the paper can be accessed at https://eprint.iacr.org/2022/191.
W-K. Lin—The work was done while the author was a postdoctoral researcher at CMU.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Garbled RAM only needs an ORAM in a relaxed model where we do not charge the cost of pre-processing, but even in this relaxed model, it remains an open question how to construct a \(o(\log ^2 N)\) statistical ORAM.
- 2.
Throughout the paper, we use capitalized letters N and W to denote the number of blocks and block size of the final \(\textsf{GRAM}\) construction, and we use small letters n, m, and w to denote the size and payload length of building blocks. The reason for this distinction is because we need to instantiate multiple instances of these building blocks with varying parameters in the final scheme.
- 3.
Although computationally secure ORAMs can achieve asymptotically better overhead in cloud outsourcing scenarios, we currently do not know any way to use computationally secure ORAMs in blackbox garbled RAM schemes, without having to securely evaluate the circuits of cryptographic primitives such as pseudo-random functions.
- 4.
Using switches of arity-2 is the most efficient with our current techniques.
- 5.
The leaf switches take no \({\{\!\{{{\textsf{addr}}}\}\!\}} \) nor \({\textsf{Finalize}} \), and hence the parent \(\textsf{GSwitch}\) outputs \({\{\!\{{{\textsf{addr}}}\}\!\}} \) or \({\textsf{Finalize}} \) only to the children buckets (Fig. 4).
References
Applebaum, B.: Garbling xor gates "for free" in the standard model. In: TCC (2013). https://doi.org/10.1007/978-3-642-36594-2_10
Asharov, G., Komargodski, I., Lin, W.K., Nayak, K., Peserico, E., Shi, E.: OptORAMa: Optimal Oblivious RAM. In: Eurocrypt (2020). https://doi.org/10.1007/978-3-030-45724-2_14
Batcher, K.E.: Sorting networks and their applications. In: American Federation of Information Processing Societies: AFIPS Conference Proceedings (1968). https://doi.org/10.1145/1468075.1468121
Canetti, R., Chen, Y., Holmgren, J., Raykova, M.: Adaptive succinct garbled RAM or: How to delegate your database. In: TCC (2016). https://doi.org/10.1007/978-3-662-53644-5_3
Canetti, R., Holmgren, J.: Fully succinct garbled RAM. In: ITCS, pp. 169–178. ACM (2016). https://doi.org/10.1145/2840728.2840765
Chan, T.H., Nayak, K., Shi, E.: Perfectly secure oblivious parallel RAM. In: TCC (2018). https://doi.org/10.1007/978-3-030-03810-6_23
Chan, T.H., Shi, E.: Circuit OPRAM: unifying statistically and computationally secure orams and oprams. In: TCC (2017). https://doi.org/10.1007/978-3-319-70503-3_3
Chan, T.H., Shi, E., Lin, W., Nayak, K.: Perfectly oblivious (parallel) RAM revisited, and improved constructions. In: ITC (2021). https://doi.org/10.4230/LIPIcs.ITC.2021.8
Chen, Y., Chow, S.S.M., Chung, K., Lai, R.W.F., Lin, W., Zhou, H.: Cryptography for parallel RAM from indistinguishability obfuscation. In: ITCS. pp. 179–190. ACM (2016). https://doi.org/10.1145/2840728.2840769
Choi, S.G., Katz, J., Kumaresan, R., Zhou, H.S.: On the security of the "free-xor" technique. In: TCC (2012). https://doi.org/10.1007/978-3-642-28914-9_3
Damgård, I., Meldgaard, S., Nielsen, J.B.: Perfectly secure oblivious RAM without random oracles. In: TCC, pp. 144–163 (2011). https://doi.org/10.1007/978-3-642-19571-6_10
Fincher, D.: The curious case of benjamin button, film (2008)
Fletcher, C., Naveed, M., Ren, L., Shi, E., Stefanov, E.: Bucket ORAM: Single online roundtrip, constant bandwidth Oblivious RAM. Cryptology ePrint Archive, Report 2015/1065 (2015)
Garg, S., Lu, S., Ostrovsky, R.: Black-box garbled RAM. In: FOCS (2015). https://doi.org/10.1109/FOCS.2015.22
Garg, S., Lu, S., Ostrovsky, R., Scafuro, A.: Garbled ram from one-way functions. STOC (2015). https://doi.org/10.1145/2746539.2746593
Gentry, C., Goldman, K.A., Halevi, S., Jutla, C.S., Raykova, M., Wichs, D.: Optimizing ORAM and using it efficiently for secure computation. In: PETS (2013). https://doi.org/10.1007/978-3-642-39077-7_1
Gentry, C., Halevi, S., Lu, S., Ostrovsky, R., Raykova, M., Wichs, D.: Garbled ram revisited. In: EUROCRYPT (2014)
Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: STOC (1987). https://doi.org/10.1145/28395.28416
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM (1996). https://doi.org/10.1145/233551.233553
Hazay, C., Lilintal, M.: Gradual gram and secure computation for ram programs. In: Security and Cryptography for Networks (2020). https://doi.org/10.1007/978-3-030-57990-6_12
Heath, D., Kolesnikov, V.: Stacked garbling. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 763–792. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_27
Heath, D., Kolesnikov, V.: Logstack: Stacked garbling with O(b log b) computation. In: EUROCRYPT (2021). https://doi.org/10.1007/978-3-030-77883-5_1
Heath, D., Kolesnikov, V.: One hot garbling. In: CCS (2021). https://doi.org/10.1145/3460120.3484764
Heath, D., Kolesnikov, V., Ostrovsky, R.: Epigram: Practical garbled ram. In: EUROCRYPT (2022). https://doi.org/10.1007/978-3-031-06944-4_1
Kolesnikov, V., Mohassel, P., Rosulek, M.: FleXOR: flexible garbling for xor gates that beats free-XOR. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 440–457. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_25
Kolesnikov, V., Schneider, T.: Improved Garbled Circuit: Free XOR Gates and Applications. In: ICALP (2008). https://doi.org/10.1007/978-3-540-70583-3_40
Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious ram lower bound! In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_18
Lu, S., Ostrovsky, R.: How to Garble RAM programs? In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_42
Lu, S., Ostrovsky, R.: Black-box parallel garbled RAM. In: CRYPTO (2017)
Park, A., Lin, W.K., Shi, E.: NanoGRAM: Garbled RAM with \(\widetilde{O}(\log N)\) overhead. Cryptology ePrint Archive, Paper 2022/191 (2022). https://eprint.iacr.org/2022/191
Patel, S., Persiano, G., Raykova, M., Yeo, K.: Panorama: Oblivious ram with logarithmic overhead. In: FOCS (2018). https://doi.org/10.1109/FOCS.2018.00087
Rosulek, M., Roy, L.: Three halves make a whole? beating the half-gates lower bound for garbled circuits. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 94–124. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_5
Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)3) Worst-Case Cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_11
Stefanov, E., et al.: Path ORAM - an extremely simple oblivious ram protocol. In: CCS (2013). https://doi.org/10.1145/2508859.2516660
Stefanov, E., Shi, E., Song, D.: Towards practical oblivious RAM. In: Network and Distributed System Security Symposium (NDSS) (2012)
Waksman, A.: A permutation network. J. ACM 15(1), 159–163 (jan 1968). https://doi.org/10.1145/321439.321449
Wang, X.S., Chan, T.H.H., Shi, E.: Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. In: CCS (2015). https://doi.org/10.1145/2810103.2813634
Wang, X.S., et al.: Oblivious Data Structures. In: CCS (2014). https://doi.org/10.1145/2660267.2660314
Yao, A.C.C.: Protocols for secure computations (extended abstract). In: FOCS (1982). https://doi.org/10.5555/1382436.1382751
Yao, A.C.C.: How to generate and exchange secrets. In: FOCS (1986). https://doi.org/10.1109/SFCS.1986.25
Zahur, S., Evans, D.: Circuit Structures for Improving Efficiency of Security and Privacy Tools. In: IEEE S & P (2013). https://doi.org/10.1109/SP.2013.40
Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_8
Acknowledgments
This work is in part supported by a DARPA SIEVE grant, a Packard Fellowship, NSF awards under the grant numbers 2128519 and 2044679, and a grant from ONR. We gratefully acknowledge Wenting Zheng for helpful technical discussions during an early phase of the project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Park, A., Lin, WK., Shi, E. (2023). NanoGRAM: Garbled RAM with \(\widetilde{O}(\log N)\) Overhead. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14004. Springer, Cham. https://doi.org/10.1007/978-3-031-30545-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-30545-0_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30544-3
Online ISBN: 978-3-031-30545-0
eBook Packages: Computer ScienceComputer Science (R0)