ABSTRACT
We propose a new tree-based ORAM scheme called Circuit ORAM. Circuit ORAM makes both theoretical and practical contributions. From a theoretical perspective, Circuit ORAM shows that the well-known Goldreich-Ostrovsky logarithmic ORAM lower bound is tight under certain parameter ranges, for several performance metrics. Therefore, we are the first to give an answer to a theoretical challenge that remained open for the past twenty-seven years. Second, Circuit ORAM earns its name because it achieves (almost) optimal circuit size both in theory and in practice for realistic choices of block sizes. We demonstrate compelling practical performance and show that Circuit ORAM is an ideal candidate for secure multi-party computation applications.
- https://eprint.iacr.org/2014/672.pdf.Google Scholar
- http://www.oblivm.com.Google Scholar
- D. Apon, J. Katz, E. Shi, and A. Thiruvengadam. Verifiable oblivious storage. In PKC. 2014.Google ScholarDigital Library
- G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. More efficient oblivious transfer and extensions for faster secure computation. In CCS, 2013. Google ScholarDigital Library
- P. Beame and W. Machmouchi. Making branching programs oblivious requires superlogarithmic overhead. In CCC, 2011. Google ScholarDigital Library
- D. Boneh, D. Mazieres, and R. A. Popa. Remote oblivious storage: Making oblivious RAM practical. http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf, 2011.Google Scholar
- K.-M. Chung, Z. Liu, and R. Pass. Statistically-secure oram with ~O(log2 n) overhead. In Asiacrypt, 2014.Google Scholar
- I. Damgård, S. Meldgaard, and J. B. Nielsen. Perfectly secure oblivious RAM without random oracles. In TCC, 2011.Google ScholarCross Ref
- J. Dautrich, E. Stefanov, and E. Shi. Burst oram: Minimizing oram response times for bursty access patterns. In 23rd USENIX Security Symposium (USENIX Security 14), pages 749--764, San Diego, CA, Aug. 2014. USENIX Association. Google ScholarDigital Library
- S. Devadas, M. van Dijk, C. W. Fletcher, L. Ren, E. Shi, and D. Wichs. Onion ORAM: A constant bandwidth oram without FHE, 2015.Google Scholar
- D. Dubhashi and D. Ranjan. Balls and bins: a study in negative dependence. Random Struct. Algorithms, 13:99--124, September 1998. Google ScholarDigital Library
- C. W. Fletcher, M. v. Dijk, and S. Devadas. A secure processor architecture for encrypted computation on untrusted programs. In STC, 2012. Google ScholarDigital Library
- C. W. Fletcher, L. Ren, A. Kwon, M. van Dijk, E. Stefanov, and S. Devadas. RAW Path ORAM: A low-latency, low-area hardware ORAM controller with integrity verification. IACR Cryptology ePrint Archive, 2014.Google Scholar
- C. W. Fletcher, L. Ren, X. Yu, M. van Dijk, O. Khan, and S. Devadas. Suppressing the oblivious RAM timing channel while making information leakage and program efficiency trade-offs. In HPCA, pages 213--224, 2014.Google ScholarCross Ref
- C. Gentry, K. A. Goldman, S. Halevi, C. S. Jutla, M. Raykova, and D. Wichs. Optimizing ORAM and using it efficiently for secure computation. In Privacy Enhancing Technologies Symposium (PETS), 2013.Google ScholarCross Ref
- C. Gentry, S. Halevi, C. Jutla, and M. Raykova. Private database access with he-over-oram architecture. Cryptology ePrint Archive, Report 2014/345, 2014. http://eprint.iacr.org/.Google Scholar
- O. Goldreich. Towards a theory of software protection and simulation by oblivious RAMs. In STOC, 1987. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In STOC, 1987. Google ScholarDigital Library
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. J. ACM, 1996. Google ScholarDigital Library
- M. T. Goodrich. Zig-zag sort: A simple deterministic data-oblivious sorting algorithm running in O(N Log N) time. In STOC, 2014. Google ScholarDigital Library
- M. T. Goodrich and M. Mitzenmacher. Privacy-preserving access of outsourced data via oblivious RAM simulation. In ICALP, 2011. Google ScholarDigital Library
- M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Oblivious RAM simulation with efficient worst-case access overhead. In CCSW, 2011. Google ScholarDigital Library
- M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Practical oblivious storage. In CODASPY, 2012. Google ScholarDigital Library
- M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Privacy-preserving group data access via stateless oblivious RAM simulation. In SODA, 2012. Google ScholarDigital Library
- S. D. Gordon, J. Katz, V. Kolesnikov, F. Krell, T. Malkin, M. Raykova, and Y. Vahlis. Secure two-party computation in sublinear (amortized) time. In CCS, 2012. Google ScholarDigital Library
- M. Harchol-Balter. Performance Modeling and Design of Computer Systems: Queueing Theory in Action. Performance Modeling and Design of Computer Systems: Queueing Theory in Action. Cambridge University Press, 2013. Google ScholarDigital Library
- J. Hsu and P. Burke. Behavior of tandem buffers with geometric input and Markovian output. In IEEE Transactions on Communications. v24, pages 358--361, 1976.Google ScholarCross Ref
- M. Keller and P. Scholl. Efficient, oblivious data structures for mpc. In ASIACRYPT. 2014.Google ScholarCross Ref
- D. G. Kendall. Stochastic processes occurring in the theory of queues and their analysis by the method of the imbedded markov chain. The Annals of Mathematical Statistics, 1953.Google ScholarCross Ref
- V. Kolesnikov and T. Schneider. Improved Garbled Circuit: Free XOR Gates and Applications. In ICALP, 2008. Google ScholarDigital Library
- C. P. Kruskal, M. Snir, and A. Weiss. The distribution of waiting times in clocked multistage interconnection networks. IEEE Trans. Computers, 37(11):1337--1352, 1988. Google ScholarDigital Library
- E. Kushilevitz, S. Lu, and R. Ostrovsky. On the (in)security of hash-based oblivious RAM and a new balancing scheme. In SODA, 2012. Google ScholarDigital Library
- C. Liu, Y. Huang, E. Shi, J. Katz, and M. Hicks. Automating efficient ram-model secure computation. In IEEE S & P. IEEE Computer Society, 2014. Google ScholarDigital Library
- C. Liu, X. S. Wang, K. Nayak, Y. Huang, and E. Shi. ObliVM: A Generic, Customizable, and Reusable Secure Computation Architecture. S & P, 2015.Google Scholar
- J. R. Lorch, B. Parno, J. W. Mickens, M. Raykova, and J. Schiffman. Shroud: Ensuring private access to large-scale data in the data center. FAST, 2013. Google ScholarDigital Library
- S. Lu and R. Ostrovsky. Distributed oblivious ram for secure two-party computation. In TCC, 2013. Google ScholarDigital Library
- M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, and D. Song. Phantom: Practical oblivious computation in a secure processor. In CCS, 2013. Google ScholarDigital Library
- T. Mayberry, E.-O. Blass, and A. H. Chan. Efficient private file retrieval by combining oram and pir. 2014.Google ScholarCross Ref
- J. C. Mitchell and J. Zimmerman. Data-Oblivious Data Structures. In STACS, 2014.Google Scholar
- T. Moataz, T. Mayberry, E.-O. Blass, and A. H. Chan. Resizable tree-based oblivious ram, 2015.Google ScholarCross Ref
- M. Naor, B. Pinkas, and R. Sumner. Privacy preserving auctions and mechanism design. In EC, 1999. Google ScholarDigital Library
- R. Ostrovsky. Efficient computation on oblivious RAMs. In STOC, 1990. Google ScholarDigital Library
- R. Ostrovsky and V. Shoup. Private information storage. In STOC, 1997. Google ScholarDigital Library
- B. Pinkas and T. Reinman. Oblivious RAM revisited. In CRYPTO, 2010. Google ScholarDigital Library
- N. Pippenger and M. J. Fischer. Relations among complexity measures. J. ACM, 26(2), Apr. 1979. Google ScholarDigital Library
- L. Ren, C. W. Fletcher, A. Kwon, E. Stefanov, E. Shi, M. van Dijk, and S. Devadas. Constants count: Practical improvements to oblivious ram. http://eprint.iacr.org/2014/997/, 2014.Google Scholar
- L. Ren, X. Yu, C. W. Fletcher, M. van Dijk, and S. Devadas. Design space exploration and optimization of path oblivious RAM in secure processors. In ISCA, pages 571--582, 2013. Google ScholarDigital Library
- E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li. Oblivious RAM with O((log N)3) worst-case cost. In ASIACRYPT, 2011. Google ScholarDigital Library
- E. Stefanov and E. Shi. Multi-cloud oblivious storage. In ACM Conference on Computer and Communications Security (CCS), 2013. Google ScholarDigital Library
- E. Stefanov and E. Shi. Oblivistore: High performance oblivious cloud storage. In IEEE Symposium on Security and Privacy (S & P), 2013. Google ScholarDigital Library
- E. Stefanov, E. Shi, and D. Song. Towards practical oblivious RAM. In NDSS, 2012.Google Scholar
- E. Stefanov, M. van Dijk, E. Shi, T.-H. H. Chan, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: an extremely simple oblivious ram protocol. Cryptology ePrint Archive, Report 2013/280, previous version published on CCS, 2013. Google Scholar
- X. S. Wang, Y. Huang, T.-H. H. Chan, A. Shelat, and E. Shi. Scoram: Oblivious ram for secure computation. In CCS, 2014. Google ScholarDigital Library
- P. Williams and R. Sion. Usable PIR. In NDSS, 2008.Google Scholar
- P. Williams and R. Sion. Single round access privacy on outsourced storage. In CCS, 2012. Google ScholarDigital Library
- P. Williams and R. Sion. SR-ORAM: Single round-trip oblivious ram. In CCS, 2012.Google Scholar
- P. Williams, R. Sion, and B. Carbunar. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In CCS, 2008. Google ScholarDigital Library
- A. C.-C. Yao. Protocols for secure computations (extended abstract). In FOCS, 1982. Google ScholarDigital Library
- S. Zahur and D. Evans. Circuit structures for improving efficiency of security and privacy tools. In S&P, 2013. Google ScholarDigital Library
- S. Zahur, M. Rosulek, and D. Evans. Two halves make a whole: Reducing data transfer in garbled circuits using half gates. In EUROCRYPT, 2015.Google ScholarCross Ref
Index Terms
- Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound
Recommendations
Path ORAM: an extremely simple oblivious RAM protocol
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityWe present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM ...
Path ORAM: An Extremely Simple Oblivious RAM Protocol
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and DatabasesWe present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM ...
Three-Party ORAM for Secure Computation
Proceedings, Part I, of the 21st International Conference on Advances in Cryptology -- ASIACRYPT 2015 - Volume 9452An Oblivious RAM ORAM protocol [13] allows a client to retrieve $${\mathrm {N}}$$-th element of a data array $${\mathsf {D}}$$ stored by the server s.t. the server learns no information about $${\mathrm {N}}$$. A related notion is that of an ORAM for ...
Comments