Is There an Oblivious RAM Lower Bound for Online Reads?

Oblivious RAM (ORAM), introduced by Goldreich and Ostrovsky (JACM 1996), can be used to read and write to memory in a way that hides which locations are being accessed. The best known ORAM schemes have an \(O(\log n)\) overhead per access, where \(n\) is the data size. The work of Goldreich and Ostrovsky gave a lower bound showing that this is optimal for ORAM schemes that operate in a “balls and bins” model, where memory blocks can only be shuffled between different locations but not manipulated otherwise. The lower bound even extends to weaker settings such as offline ORAM, where all of the accesses to be performed need to be specified ahead of time, and read-only ORAM, which only allows reads but not writes. But can we get lower bounds for general ORAM, beyond “balls and bins”?

[1]  David P. Woodruff New Lower Bounds for General Locally Decodable Codes , 2007, Electron. Colloquium Comput. Complex..

[2]  Rafail Ostrovsky,et al.  Public-Key Locally-Decodable Codes , 2008, CRYPTO.

[3]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[4]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Distributed Cloud Data Store , 2013, NDSS.

[5]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[6]  Sergey Yekhanin,et al.  Towards 3-query locally decodable codes of subexponential length , 2008, JACM.

[7]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[8]  Yuval Ishai,et al.  Reducing the Servers Computation in Private Information Retrieval: PIR with Preprocessing , 2000, CRYPTO.

[9]  János Komlós,et al.  An 0(n log n) sorting network , 1983, STOC.

[10]  Michael T. Goodrich,et al.  Zig-zag sort: a simple deterministic data-oblivious sorting algorithm running in O(n log n) time , 2014, STOC.

[11]  Craig Gentry,et al.  Private Database Access with HE-over-ORAM Architecture , 2015, ACNS.

[12]  Jonathan Katz,et al.  On the efficiency of local decoding procedures for error-correcting codes , 2000, STOC '00.

[13]  Norbert Blum A Boolean Function Requiring 3n Network Size , 1984, Theor. Comput. Sci..

[14]  Erik D. Demaine,et al.  Logarithmic Lower Bounds in the Cell-Probe Model , 2005, SIAM J. Comput..

[15]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[16]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[17]  Klim Efremenko,et al.  3-Query Locally Decodable Codes of Subexponential Length , 2008 .

[18]  Kai-Min Chung,et al.  Large-Scale Secure Computation: Multi-party Computation for (Parallel) RAM Programs , 2015, CRYPTO.

[19]  Kasper Green Larsen,et al.  Yes, There is an Oblivious RAM Lower Bound! , 2018, IACR Cryptol. ePrint Arch..

[20]  Travis Mayberry,et al.  Efficient Private File Retrieval by Combining ORAM and PIR , 2014, NDSS.

[21]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[22]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[23]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[24]  Prasad Raghavendra,et al.  A Note on Yekhanin's Locally Decodable Codes , 2007, Electron. Colloquium Comput. Complex..

[25]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[26]  Rafail Ostrovsky,et al.  Public Key Locally Decodable Codes with Short Keys , 2011, APPROX-RANDOM.

[27]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[28]  Elaine Shi,et al.  Constants Count: Practical Improvements to Oblivious RAM , 2015, USENIX Security Symposium.

[29]  Ran Canetti,et al.  Towards Doubly Efficient Private Information Retrieval , 2017, TCC.

[30]  Rafail Ostrovsky,et al.  Private Anonymous Data Access , 2018, IACR Cryptol. ePrint Arch..

[31]  David Cash,et al.  Dynamic Proofs of Retrievability Via Oblivious RAM , 2013, Journal of Cryptology.

[32]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[33]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[34]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[35]  Srinivas Devadas,et al.  Generalized external interaction with tamper-resistant hardware with bounded information leakage , 2013, CCSW.

[36]  Tao Feng,et al.  Query-Efficient Locally Decodable Codes of Subexponential Length , 2010, computational complexity.

[37]  Eyal Kushilevitz,et al.  Sub-logarithmic Distributed Oblivious RAM with Small Block Size , 2019, IACR Cryptol. ePrint Arch..

[38]  Marcel Keller,et al.  Efficient, Oblivious Data Structures for MPC , 2014, IACR Cryptol. ePrint Arch..

[39]  Jinsheng Zhang,et al.  MSKT-ORAM: A Constant Bandwidth ORAM without Homomorphic Encryption , 2016, IACR Cryptol. ePrint Arch..

[40]  Yuval Ishai,et al.  Can We Access a Database Both Locally and Privately? , 2017, TCC.

[41]  Edward A. Hirsch,et al.  A Better-Than-3n Lower Bound for the Circuit Complexity of an Explicit Function , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[42]  Jonathan Katz,et al.  Simple and Efficient Two-Server ORAM , 2018, IACR Cryptol. ePrint Arch..

[43]  Sarvar Patel,et al.  PanORAMa: Oblivious RAM with Logarithmic Overhead , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[44]  Elaine Shi,et al.  Automating Efficient RAM-Model Secure Computation , 2014, 2014 IEEE Symposium on Security and Privacy.

[45]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[46]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[47]  Kartik Nayak,et al.  Asymptotically Tight Bounds for Composing ORAM with PIR , 2017, Public Key Cryptography.

[48]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[49]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[50]  Kazuo Iwama,et al.  An Explicit Lower Bound of 5n - o(n) for Boolean Circuits , 2002, MFCS.

[51]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[52]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[53]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[54]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[55]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[56]  Yasuhiro Suzuki,et al.  Improved Constructions for Query-Efficient Locally Decodable Codes of Subexponential Length , 2008, IEICE Trans. Inf. Syst..

[57]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.