Path Oblivious Heap: Optimal and Practical Oblivious Priority Queue

We propose Path Oblivious Heap, an extremely simple, practical, and optimal oblivious priority queue. Our construction also implies a practical and optimal oblivious sorting algorithm which we call Path Oblivious Sort. Not only are our algorithms asymptotically optimal, we show that their practical performance is only a small constant factor worse than insecure baselines. More specificially, assuming roughly logarithmic client private storage, Path Oblivious Heap consumes 2× to 7× more bandwidth than the ordinary insecure binary heap; and Path Oblivious Sort consumes 4.5× to 6× more bandwidth than the insecure Merge Sort. We show that these performance results improve existing works by 1-2 orders of magnitude. Finally, we evaluate our algorithm for a multi-party computation scenario and show 7x to 8x reduction in the number of symmetric encryptions relative to the state of the art1.

[1]  Baochun Li,et al.  Network Coding : The Case of Multiple Unicast Sessions , 2004 .

[2]  Kasper Green Larsen,et al.  Yes, There is an Oblivious RAM Lower Bound! , 2018, IACR Cryptol. ePrint Arch..

[3]  Elaine Shi,et al.  Cache-Oblivious and Data-Oblivious Sorting and Applications , 2018, SODA.

[4]  Beng Chin Ooi,et al.  M2R: Enabling Stronger Privacy in MapReduce Computation , 2015, USENIX Security Symposium.

[5]  Kartik Nayak,et al.  OptORAMa: Optimal Oblivious RAM , 2020, IACR Cryptol. ePrint Arch..

[6]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[7]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[8]  Elaine Shi,et al.  Can We Overcome the n log n Barrier for Oblivious Sorting? , 2019, IACR Cryptol. ePrint Arch..

[9]  Elaine Shi,et al.  Constants Count: Practical Improvements to Oblivious RAM , 2015, USENIX Security Symposium.

[10]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[11]  Kartik Nayak,et al.  More is Less: Perfectly Secure Oblivious Algorithms in the Multi-Server Setting , 2018, IACR Cryptol. ePrint Arch..

[12]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[13]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[14]  Amr El Abbadi,et al.  TaoStore: Overcoming Asynchronicity in Oblivious Data Storage , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[15]  Kasper Green Larsen,et al.  Lower Bounds for Oblivious Data Structures , 2018, SODA.

[16]  Shyamkishor Kumar NETWORK CODING THE CASE OF MULTIPLE UNICAST SESSIONS , 2015 .

[17]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[18]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[19]  Sahar Mazloom,et al.  Secure Computation with Differentially Private Access Patterns , 2018, CCS.

[20]  Adam D. Smith,et al.  Distributed Differential Privacy via Shuffling , 2018, IACR Cryptol. ePrint Arch..

[21]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[22]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[23]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[24]  Stratis Ioannidis,et al.  GraphSC: Parallel Secure Computation Made Easy , 2015, 2015 IEEE Symposium on Security and Privacy.

[25]  Kamalika Chaudhuri,et al.  When Random Sampling Preserves Privacy , 2006, CRYPTO.

[26]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[27]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[28]  Tomas Toft Secure data structures based on multi-party computation , 2011, PODC '11.

[29]  Kasper Green Larsen,et al.  Optimal Oblivious Priority Queues and Offline Oblivious RAM , 2019, IACR Cryptol. ePrint Arch..

[30]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[31]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[32]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[33]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[34]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[35]  Kai-Min Chung,et al.  Statistically-secure ORAM with Õ(log2 n) Overhead , 2014, ASIACRYPT.

[36]  Johannes Gehrke,et al.  Crowd-Blending Privacy , 2012, IACR Cryptol. ePrint Arch..

[37]  János Komlós,et al.  An 0(n log n) sorting network , 1983, STOC.

[38]  Michael T. Goodrich,et al.  Zig-zag sort: a simple deterministic data-oblivious sorting algorithm running in O(n log n) time , 2014, STOC.

[39]  Olga Ohrimenko,et al.  Oblivious Sampling Algorithms for Private Data Analysis , 2019, NeurIPS.

[40]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[41]  Jeffrey Scott Vitter,et al.  Random sampling with a reservoir , 1985, TOMS.

[42]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[43]  Elaine Shi,et al.  Lower bounds for external memory integer sorting via network coding , 2019, STOC.

[44]  Úlfar Erlingsson,et al.  Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity , 2018, SODA.

[45]  Borja Balle,et al.  The Privacy Blanket of the Shuffle Model , 2019, CRYPTO.

[46]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.