Skip to main content
SpringerLink
Log in

NanoGRAM: Garbled RAM with \(\widetilde{O}(\log N)\) Overhead

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2023 (EUROCRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14004))

  • 1182 Accesses

Abstract

We propose a new garbled RAM construction called NanoGRAM, which achieves an amortized cost of \(\widetilde{O}(\lambda \cdot (W \log N + \log ^3 N))\) bits per memory access, where \(\lambda \) is the security parameter, W is the block size, and N is the total number of blocks, and \(\widetilde{O}(\cdot )\) hides \({\textsf{poly}} \log \log \) factors. For sufficiently large blocks where \(W = \varOmega (\log ^2 N)\), our scheme achieves \(\widetilde{O}(\lambda \cdot W \log N)\) cost per memory access, where the dependence on N is optimal (barring \({\textsf{poly}} \log \log \) factors), in terms of the evaluator’s runtime. Our asymptotical performance matches even the interactive state-of-the-art (modulo \({\textsf{poly}} \log \log \) factors), that is, running Circuit ORAM atop garbled circuit, and yet we remove the logarithmic number of interactions necessary in this baseline. Furthermore, we achieve asymptotical improvement over the recent work of Heath et al. (Eurocrypt ’22). Our scheme adopts the same assumptions as the mainstream literature on practical garbled circuits, i.e., circular correlation-robust hashes or a random oracle. We evaluate the concrete performance of NanoGRAM and compare it with a couple of baselines that are asymptotically less efficient. We show that NanoGRAM starts to outperform the naïve linear-scan garbled RAM at a memory size of \(N = 2^9\) and starts to outperform the recent construction of Heath et al. at \(N = 2^{13}\).

Finally, as a by product, we also show the existence of a garbled RAM scheme assuming only one-way functions, with an amortized cost of \(\widetilde{O}(\lambda ^2 \cdot (W \log N + \log ^3 N))\) per memory access. Again, the dependence on N is nearly optimal for blocks of size \(W = \varOmega (\log ^2 N)\) bits.

Author ordering is randomized. The full version of the paper can be accessed at https://eprint.iacr.org/2022/191.

W-K. Lin—The work was done while the author was a postdoctoral researcher at CMU.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Garbled RAM only needs an ORAM in a relaxed model where we do not charge the cost of pre-processing, but even in this relaxed model, it remains an open question how to construct a \(o(\log ^2 N)\) statistical ORAM.

  2. 2.

    Throughout the paper, we use capitalized letters N and W to denote the number of blocks and block size of the final \(\textsf{GRAM}\) construction, and we use small letters nm, and w to denote the size and payload length of building blocks. The reason for this distinction is because we need to instantiate multiple instances of these building blocks with varying parameters in the final scheme.

  3. 3.

    Although computationally secure ORAMs can achieve asymptotically better overhead in cloud outsourcing scenarios, we currently do not know any way to use computationally secure ORAMs in blackbox garbled RAM schemes, without having to securely evaluate the circuits of cryptographic primitives such as pseudo-random functions.

  4. 4.

    Using switches of arity-2 is the most efficient with our current techniques.

  5. 5.

    The leaf switches take no \({\{\!\{{{\textsf{addr}}}\}\!\}} \) nor \({\textsf{Finalize}} \), and hence the parent \(\textsf{GSwitch}\) outputs \({\{\!\{{{\textsf{addr}}}\}\!\}} \) or \({\textsf{Finalize}} \) only to the children buckets (Fig. 4).

References

  1. Applebaum, B.: Garbling xor gates "for free" in the standard model. In: TCC (2013). https://doi.org/10.1007/978-3-642-36594-2_10

  2. Asharov, G., Komargodski, I., Lin, W.K., Nayak, K., Peserico, E., Shi, E.: OptORAMa: Optimal Oblivious RAM. In: Eurocrypt (2020). https://doi.org/10.1007/978-3-030-45724-2_14

  3. Batcher, K.E.: Sorting networks and their applications. In: American Federation of Information Processing Societies: AFIPS Conference Proceedings (1968). https://doi.org/10.1145/1468075.1468121

  4. Canetti, R., Chen, Y., Holmgren, J., Raykova, M.: Adaptive succinct garbled RAM or: How to delegate your database. In: TCC (2016). https://doi.org/10.1007/978-3-662-53644-5_3

  5. Canetti, R., Holmgren, J.: Fully succinct garbled RAM. In: ITCS, pp. 169–178. ACM (2016). https://doi.org/10.1145/2840728.2840765

  6. Chan, T.H., Nayak, K., Shi, E.: Perfectly secure oblivious parallel RAM. In: TCC (2018). https://doi.org/10.1007/978-3-030-03810-6_23

  7. Chan, T.H., Shi, E.: Circuit OPRAM: unifying statistically and computationally secure orams and oprams. In: TCC (2017). https://doi.org/10.1007/978-3-319-70503-3_3

  8. Chan, T.H., Shi, E., Lin, W., Nayak, K.: Perfectly oblivious (parallel) RAM revisited, and improved constructions. In: ITC (2021). https://doi.org/10.4230/LIPIcs.ITC.2021.8

  9. Chen, Y., Chow, S.S.M., Chung, K., Lai, R.W.F., Lin, W., Zhou, H.: Cryptography for parallel RAM from indistinguishability obfuscation. In: ITCS. pp. 179–190. ACM (2016). https://doi.org/10.1145/2840728.2840769

  10. Choi, S.G., Katz, J., Kumaresan, R., Zhou, H.S.: On the security of the "free-xor" technique. In: TCC (2012). https://doi.org/10.1007/978-3-642-28914-9_3

  11. Damgård, I., Meldgaard, S., Nielsen, J.B.: Perfectly secure oblivious RAM without random oracles. In: TCC, pp. 144–163 (2011). https://doi.org/10.1007/978-3-642-19571-6_10

  12. Fincher, D.: The curious case of benjamin button, film (2008)

    Google Scholar 

  13. Fletcher, C., Naveed, M., Ren, L., Shi, E., Stefanov, E.: Bucket ORAM: Single online roundtrip, constant bandwidth Oblivious RAM. Cryptology ePrint Archive, Report 2015/1065 (2015)

    Google Scholar 

  14. Garg, S., Lu, S., Ostrovsky, R.: Black-box garbled RAM. In: FOCS (2015). https://doi.org/10.1109/FOCS.2015.22

    Article  Google Scholar 

  15. Garg, S., Lu, S., Ostrovsky, R., Scafuro, A.: Garbled ram from one-way functions. STOC (2015). https://doi.org/10.1145/2746539.2746593

    Article  Google Scholar 

  16. Gentry, C., Goldman, K.A., Halevi, S., Jutla, C.S., Raykova, M., Wichs, D.: Optimizing ORAM and using it efficiently for secure computation. In: PETS (2013). https://doi.org/10.1007/978-3-642-39077-7_1

  17. Gentry, C., Halevi, S., Lu, S., Ostrovsky, R., Raykova, M., Wichs, D.: Garbled ram revisited. In: EUROCRYPT (2014)

    Google Scholar 

  18. Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: STOC (1987). https://doi.org/10.1145/28395.28416

  19. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM (1996). https://doi.org/10.1145/233551.233553

    Article  MathSciNet  MATH  Google Scholar 

  20. Hazay, C., Lilintal, M.: Gradual gram and secure computation for ram programs. In: Security and Cryptography for Networks (2020). https://doi.org/10.1007/978-3-030-57990-6_12

  21. Heath, D., Kolesnikov, V.: Stacked garbling. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 763–792. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_27

    Chapter  Google Scholar 

  22. Heath, D., Kolesnikov, V.: Logstack: Stacked garbling with O(b log b) computation. In: EUROCRYPT (2021). https://doi.org/10.1007/978-3-030-77883-5_1

  23. Heath, D., Kolesnikov, V.: One hot garbling. In: CCS (2021). https://doi.org/10.1145/3460120.3484764

  24. Heath, D., Kolesnikov, V., Ostrovsky, R.: Epigram: Practical garbled ram. In: EUROCRYPT (2022). https://doi.org/10.1007/978-3-031-06944-4_1

  25. Kolesnikov, V., Mohassel, P., Rosulek, M.: FleXOR: flexible garbling for xor gates that beats free-XOR. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 440–457. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_25

    Chapter  Google Scholar 

  26. Kolesnikov, V., Schneider, T.: Improved Garbled Circuit: Free XOR Gates and Applications. In: ICALP (2008). https://doi.org/10.1007/978-3-540-70583-3_40

  27. Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious ram lower bound! In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_18

    Chapter  Google Scholar 

  28. Lu, S., Ostrovsky, R.: How to Garble RAM programs? In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_42

    Chapter  Google Scholar 

  29. Lu, S., Ostrovsky, R.: Black-box parallel garbled RAM. In: CRYPTO (2017)

    Google Scholar 

  30. Park, A., Lin, W.K., Shi, E.: NanoGRAM: Garbled RAM with \(\widetilde{O}(\log N)\) overhead. Cryptology ePrint Archive, Paper 2022/191 (2022). https://eprint.iacr.org/2022/191

  31. Patel, S., Persiano, G., Raykova, M., Yeo, K.: Panorama: Oblivious ram with logarithmic overhead. In: FOCS (2018). https://doi.org/10.1109/FOCS.2018.00087

  32. Rosulek, M., Roy, L.: Three halves make a whole? beating the half-gates lower bound for garbled circuits. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 94–124. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_5

    Chapter  Google Scholar 

  33. Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)3) Worst-Case Cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_11

    Chapter  Google Scholar 

  34. Stefanov, E., et al.: Path ORAM - an extremely simple oblivious ram protocol. In: CCS (2013). https://doi.org/10.1145/2508859.2516660

  35. Stefanov, E., Shi, E., Song, D.: Towards practical oblivious RAM. In: Network and Distributed System Security Symposium (NDSS) (2012)

    Google Scholar 

  36. Waksman, A.: A permutation network. J. ACM 15(1), 159–163 (jan 1968). https://doi.org/10.1145/321439.321449

  37. Wang, X.S., Chan, T.H.H., Shi, E.: Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. In: CCS (2015). https://doi.org/10.1145/2810103.2813634

  38. Wang, X.S., et al.: Oblivious Data Structures. In: CCS (2014). https://doi.org/10.1145/2660267.2660314

  39. Yao, A.C.C.: Protocols for secure computations (extended abstract). In: FOCS (1982). https://doi.org/10.5555/1382436.1382751

  40. Yao, A.C.C.: How to generate and exchange secrets. In: FOCS (1986). https://doi.org/10.1109/SFCS.1986.25

  41. Zahur, S., Evans, D.: Circuit Structures for Improving Efficiency of Security and Privacy Tools. In: IEEE S & P (2013). https://doi.org/10.1109/SP.2013.40

  42. Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_8

    Chapter  MATH  Google Scholar 

Download references

Acknowledgments

This work is in part supported by a DARPA SIEVE grant, a Packard Fellowship, NSF awards under the grant numbers 2128519 and 2044679, and a grant from ONR. We gratefully acknowledge Wenting Zheng for helpful technical discussions during an early phase of the project.

Author information

Authors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, USA

    Andrew Park & Elaine Shi

  2. Northeastern University, Boston, USA

    Wei-Kai Lin

Authors
  1. Andrew Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei-Kai Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elaine Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrew Park .

Editor information

Editors and Affiliations

  1. Bar-Ilan University, Ramat Gan, Israel

    Carmit Hazay

  2. Simula UiB, Bergen, Norway

    Martijn Stam

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Park, A., Lin, WK., Shi, E. (2023). NanoGRAM: Garbled RAM with \(\widetilde{O}(\log N)\) Overhead. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14004. Springer, Cham. https://doi.org/10.1007/978-3-031-30545-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-30545-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-30544-3

  • Online ISBN: 978-3-031-30545-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation