S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing

Oblivious Random Access Machine (ORAM) enables a client to access her data without leaking her access patterns. Existing client-efficient ORAMs either achieve O(log N) client-server communication blowup without heavy computation, or O(1) blowup but with expensive homomorphic encryptions. It has been shown that O(log N) bandwidth blowup might not be practical for certain applications, while schemes with O(1) communication blowup incur even more delay due to costly homomorphic operations. In this paper, we propose a new distributed ORAM scheme referred to as Shamir Secret Sharing ORAM (S3ORAM), which achieves O(1) client-server bandwidth blowup and O(1) blocks of client storage without relying on costly partial homomorphic encryptions. S3ORAM harnesses Shamir Secret Sharing, tree-based ORAM structure and a secure multi-party multiplication protocol to eliminate costly homomorphic operations and, therefore, achieves O(1) client-server bandwidth blowup with a high computational efficiency. We conducted comprehensive experiments to assess the performance of S3ORAM and its counterparts on actual cloud environments, and showed that S3ORAM achieves three orders of magnitude lower end-to-end delay compared to alternatives with O(1) client communication blowup (Onion-ORAM), while it is one order of magnitude faster than Path-ORAM for a network with a moderate bandwidth quality. We have released the implementation of S3ORAM for further improvement and adaptation.

[1]  Andy Parrish,et al.  Efficient Computationally Private Information Retrieval from Anonymity or Trapdoor Groups , 2010, ISC.

[2]  Jorge Guajardo,et al.  Practical and secure dynamic searchable encryption via oblivious access on distributed data structure , 2016, ACSAC.

[3]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[4]  Tarik Moataz,et al.  CHf-ORAM : A Constant Communication ORAM without Homomorphic Encryption , 2016 .

[5]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[6]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[7]  Elaine Shi,et al.  Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[8]  Travis Mayberry,et al.  Efficient Private File Retrieval by Combining ORAM and PIR , 2014, NDSS.

[9]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[10]  Sanjam Garg,et al.  TWORAM: Round-Optimal Oblivious RAM with Applications to Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[13]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[14]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[15]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[16]  Stanislaw Jarecki,et al.  Three-Party ORAM for Secure Computation , 2015, ASIACRYPT.

[17]  Muhammad Naveed,et al.  The Fallacy of Composition of Oblivious RAM and Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[18]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[19]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[20]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[21]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[22]  Xiaowei Yang,et al.  CloudCmp: comparing public cloud providers , 2010, IMC '10.

[23]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[24]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[25]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[26]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[27]  Tarik Moataz,et al.  Constant Communication ORAM with Small Blocksize , 2015, CCS.

[28]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[29]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[30]  Stefano Tessaro,et al.  Oblivious Parallel RAM: Improved Efficiency and Generic Constructions , 2016, TCC.

[31]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[32]  Tarik Moataz,et al.  Constant Communication ORAM without Encryption , 2015, IACR Cryptol. ePrint Arch..

[33]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[34]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[35]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[36]  Yan Huang,et al.  Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward , 2015, CCS.

[37]  Amos Beimel,et al.  Robust Information-Theoretic Private Information Retrieval , 2002, Journal of Cryptology.

[38]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[39]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[40]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[41]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[42]  Kartik Nayak,et al.  Asymptotically Tight Bounds for Composing ORAM with PIR , 2017, Public Key Cryptography.

[43]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[44]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[45]  Chinya V. Ravishankar,et al.  Combining ORAM with PIR to Minimize Bandwidth Costs , 2015, CODASPY.

[46]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.