Abstract
Oblivious Random Access Machine (ORAM) allows a client to hide the access pattern when accessing sensitive data on a remote server. It is known that there exists a logarithmic communication lower bound on any passive ORAM construction, where the server only acts as the storage service. This overhead, however, was shown costly for some applications. Several active ORAM schemes with server computation have been proposed to overcome this limitation. However, they mostly rely on costly homomorphic encryptions, whose performance is worse than passive ORAM. In this article, we propose S3ORAM, a new multi-server ORAM framework, which features O(1) client bandwidth blowup and low client storage without relying on costly cryptographic primitives. Our key idea is to harness Shamir Secret Sharing and a multi-party multiplication protocol on applicable binary tree-ORAM paradigms. This strategy allows the client to instruct the server(s) to perform secure and efficient computation on his/her behalf with a low intervention thereby, achieving a constant client bandwidth blowup and low server computational overhead. Our framework can also work atop a general k-ary tree ORAM structure (k ≥ 2). We fully implemented our framework, and strictly evaluated its performance on a commodity cloud platform (Amazon EC2). Our comprehensive experiments confirmed the efficiency of S3ORAM framework, where it is approximately 10× faster than the most efficient passive ORAM (i.e., Path-ORAM) for a moderate network bandwidth while being three orders of magnitude faster than active ORAM with O(1) bandwidth blowup (i.e., Onion-ORAM). We have open-sourced the implementation of our framework for public testing and adaptation.
- Ittai Abraham, Christopher W. Fletcher, Kartik Nayak, Benny Pinkas, and Ling Ren. 2017. Asymptotically tight bounds for composing ORAM with PIR. In Proceedings of the IACR International Workshop on Public Key Cryptography. Springer, 91--120.Google ScholarCross Ref
- Anastasov Anton. 2016. Implementing Onion ORAM: A Constant Bandwidth ORAM using AHE. Retrieved from https://github.com/aanastasov/onion-oram/blob/master/doc/report.pdf.Google Scholar
- Daniel Apon, Jonathan Katz, Elaine Shi, and Aishwarya Thiruvengadam. 2014. Verifiable oblivious storage. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 131--148.Google ScholarDigital Library
- Amos Beimel and Yoav Stahl. 2002. Robust information-theoretic private information retrieval. In Proceedings of the International Conference on Security in Communication Networks. Springer, 326--341.Google Scholar
- M. Ben-Or, S. Goldwasser, and A. Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Janos Simon (Ed.). ACM, 1--10.Google Scholar
- Vincent Bindschaedler, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, and Yan Huang. 2015. Practicing oblivious access on cloud storage: The gap, the fallacy, and the new way forward. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 837--849.Google ScholarDigital Library
- T.-H. Hubert Chan, Jonathan Katz, Kartik Nayak, Antigoni Polychroniadou, and Elaine Shi. 2018. More is less: Perfectly secure oblivious algorithms in the multi-server setting. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Springer, 158--188.Google Scholar
- Binyi Chen, Huijia Lin, and Stefano Tessaro. 2016. Oblivious parallel RAM: Improved efficiency and generic constructions. In Proceedings of the Theory of Cryptography Conference. Springer, 205--234.Google ScholarCross Ref
- Benny Chor, Eyal Kushilevitz, Oded Goldreich, and Madhu Sudan. 1998. Private information retrieval. Journal of the ACM (JACM) 45, 6 (1998), 965--981.Google ScholarDigital Library
- Ivan Damgård and Mads Jurik. 2001. A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 119--136.Google ScholarCross Ref
- Jonathan Dautrich and Chinya Ravishankar. 2015. Combining ORAM with PIR to minimize bandwidth costs. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. ACM, 289--296.Google ScholarDigital Library
- Srinivas Devadas, Marten van Dijk, Christopher W. Fletcher, Ling Ren, Elaine Shi, and Daniel Wichs. 2016. Onion ORAM: A constant bandwidth blowup oblivious RAM. In Proceedings of the Theory of Cryptography Conference. Springer, 145--174.Google ScholarCross Ref
- Sky Faber, Stanislaw Jarecki, Sotirios Kentros, and Boyang Wei. 2015. Three-party ORAM for secure computation. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Springer, 360--385.Google ScholarDigital Library
- Christopher Fletcher, Muhammad Naveed, Ling Ren, Elaine Shi, and Emil Stefanov. 2015. Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM. Technical Report. IACR Cryptology ePrint Archive, Report 2015, 1065.Google Scholar
- Sanjam Garg, Payman Mohassel, and Charalampos Papamanthou. 2015. TWORAM: Round-optimal Oblivious RAM with Applications to Searchable Encryption. Technical Report. IACR Cryptology ePrint Archive, 2015: 1010.Google Scholar
- Rosario Gennaro, Michael O. Rabin, and Tal Rabin. 1998. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proceedings of the 17th Annual ACM Symposium on Principles of Distributed Computing. ACM, 101--111.Google ScholarDigital Library
- Craig Gentry, Kenny A. Goldman, Shai Halevi, Charanjit Julta, Mariana Raykova, and Daniel Wichs. 2013. Optimizing ORAM and using it efficiently for secure computation. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. Springer, 1--18.Google ScholarCross Ref
- Ian Goldberg. 2007. Improving the robustness of private information retrieval. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07). IEEE, 131--148.Google ScholarDigital Library
- Oded Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing. ACM, 182--194.Google ScholarDigital Library
- Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM) 43, 3 (1996), 431--473.Google ScholarDigital Library
- S. Dov Gordon, Jonathan Katz, and Xiao Wang. 2018. Simple and efficient two-server ORAM. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 141--157.Google ScholarCross Ref
- Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, and Tam Nguyen. 2017. S3ORAM: A computation-efficient and constant client bandwidth blowup ORAM with shamir secret sharing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS’17). ACM, New York, NY, 491--505. DOI:https://doi.org/10.1145/3133956.3134090Google ScholarDigital Library
- Thang Hoang, Attila Altay Yavuz, and Jorge Guajardo. 2016. Practical and secure dynamic searchable encryption via oblivious access on distributed data structure. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 302--313.Google ScholarDigital Library
- Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS.Google Scholar
- Steve Lu and Rafail Ostrovsky. 2013. Distributed oblivious RAM for secure two-party computation. In Theory of Cryptography. Springer, 377--396.Google Scholar
- Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. 2013. Phantom: Practical oblivious computation in a secure processor. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. ACM, 311--324.Google ScholarDigital Library
- Travis Mayberry, Erik-Oliver Blass, and Agnes Hui Chan. 2014. Efficient private file retrieval by combining ORAM and PIR. In NDSS. Citeseer.Google Scholar
- Tarik Moataz, Erik-Oliver Blass, and Travis Mayberry. [n.d.]. CHf-ORAM: A constant communication ORAM without homomorphic encryption. ([n.d.]).Google Scholar
- Tarik Moataz, Erik-Oliver Blass, and Travis Mayberry. 2015. Constant Communication ORAM without Encryption. Technical Report. IACR Cryptology ePrint Archive, Report 2015/1116.Google Scholar
- Tarik Moataz, Travis Mayberry, and Erik-Oliver Blass. 2015. Constant communication ORAM with small blocksize. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 862--873.Google ScholarDigital Library
- Muhammad Naveed. 2015. The fallacy of composition of oblivious RAM and searchable encryption. IACR Cryptology ePrint Archive 2015 (2015), 668.Google Scholar
- Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 223--238.Google ScholarDigital Library
- Benny Pinkas and Tzachy Reinman. 2010. Oblivious RAM revisited. In Advances in Cryptology--CRYPTO 2010. Springer, 502--519.Google ScholarCross Ref
- Ling Ren, Christopher W. Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten van Dijk, and Srinivas Devadas. 2014. Ring ORAM: Closing the gap between small and large client storage oblivious RAM. IACR Cryptology ePrint Archive 2014 (2014), 997.Google Scholar
- Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612--613.Google ScholarDigital Library
- Elaine Shi, T.-H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O ((logN) 3) worst-case cost. In Advances in Cryptology--ASIACRYPT 2011. Springer, 197--214.Google ScholarDigital Library
- Emil Stefanov, Charalampos Papamanthou, and Elaine Shi. 2014. Practical dynamic searchable encryption with small leakage. In NDSS, Vol. 71. 72--75.Google Scholar
- Emil Stefanov and Elaine Shi. 2013. Multi-cloud oblivious storage. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. ACM, 247--258.Google ScholarDigital Library
- Emil Stefanov and Elaine Shi. 2013. Oblivistore: High performance oblivious cloud storage. In Proceedings of the IEEE Symposium on Security and Privacy (SP’13). IEEE, 253--267.Google ScholarDigital Library
- Emil Stefanov, Elaine Shi, and Dawn Song. 2011. Towards practical oblivious RAM. arXiv preprint arXiv:1106.3652 (2011).Google Scholar
- Emil Stefanov, Marten Van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An extremely simple oblivious RAM protocol. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. ACM, 299--310.Google ScholarDigital Library
- Jonathan Trostle and Andy Parrish. 2010. Efficient computationally private information retrieval from anonymity or trapdoor groups. In Proceedings of the International Conference on Information Security. Springer, 114--128.Google Scholar
- Xiao Wang, Hubert Chan, and Elaine Shi. 2015. Circuit oram: On tightness of the goldreich-ostrovsky lower bound. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 850--861.Google ScholarDigital Library
- Xiao Wang, Yan Huang, T.-H. Hubert Chan, Abhi Shelat, and Elaine Shi. 2014. SCORAM: Oblivious RAM for secure computation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 191--202.Google ScholarDigital Library
- Xiao Shaun Wang, Kartik Nayak, Chang Liu, T. H. Chan, Elaine Shi, Emil Stefanov, and Yan Huang. 2014. Oblivious data structures. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 215--226.Google ScholarDigital Library
- Andrew C. Yao. 1982. Protocols for secure computations. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, 1982. IEEE, 160--164.Google ScholarDigital Library
Index Terms
- A Multi-server ORAM Framework with Constant Client Bandwidth Blowup
Recommendations
S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityOblivious Random Access Machine (ORAM) enables a client to access her data without leaking her access patterns. Existing client-efficient ORAMs either achieve O(log N) client-server communication blowup without heavy computation, or O(1) blowup but with ...
Path ORAM: An Extremely Simple Oblivious RAM Protocol
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and DatabasesWe present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM ...
Path ORAM: an extremely simple oblivious RAM protocol
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityWe present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM ...
Comments