Blurry-ORAM: A Multi-Client Oblivious Storage Architecture

Since the development of tree-based Oblivious RAM by Shi et al. (Asiacrypt ’11) it has become apparent that privacy preserving outsourced storage can be practical. Although most current constructions follow a client-server model, in many applications it is desirable to share data between different clients, in a way that hides the access patterns, not only from the server, but also between the clients. In this work, we introduce BlurryORAM, an extension of Path-ORAM that allows for oblivious sharing of data in the multi-client setting, so that accesses can be hidden from the server and other clients. Our construction follows the design of Path-ORAM as closely as possible in order to benefit from its performance as well as security. We prove our construction secure in a setting where the clients are semi-honest, do not trust each other but try to learn the access patterns of each other.

[1]  Stefan Katzenbeisser,et al.  Oblivious Outsourced Storage with Delegation , 2011, Financial Cryptography.

[2]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[3]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[4]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[5]  Giulio Malavolta,et al.  Privacy and Access Control for Outsourced Personal Records , 2015, 2015 IEEE Symposium on Security and Privacy.

[6]  Stefan Katzenbeisser,et al.  Privacy-Preserving Whole Genome Sequence Processing through Proxy-Aided ORAM , 2014, WPES.

[7]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[8]  Guevara Noubir,et al.  Multi-User Oblivious RAM Secure Against Malicious Servers , 2015, IACR Cryptol. ePrint Arch..

[9]  Pierre Baldi,et al.  Data structures and compression algorithms for genomic sequence data , 2009, Bioinform..

[10]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Distributed Cloud Data Store , 2013, NDSS.

[11]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[12]  Joshua Schiffman,et al.  Toward Practical Private Access to Data Centers via Parallel ORAM , 2012, IACR Cryptol. ePrint Arch..

[13]  Amir Herzberg,et al.  Anonymous RAM , 2016, ESORICS.

[14]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[15]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[16]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[17]  Zhang Jinsheng,et al.  A Multi-user Oblivious RAM for Outsourced Data , 2014 .

[18]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[19]  Kai-Min Chung,et al.  Oblivious Parallel RAM and Applications , 2016, TCC.