Sub-logarithmic Distributed Oblivious RAM with Small Block Size

\emph{Oblivious RAM} (ORAM) is a cryptographic primitive that allows a client to securely execute RAM programs over data that is stored in an untrusted server. \emph{Distributed Oblivious RAM} is a variant of ORAM, where the data is stored in $m$ non-colluding servers. Extensive research over the last few decades have succeeded to reduce the bandwidth overhead of ORAM schemes, both in the single-server and the multi-server setting, from $O(\sqrt{N})$ to $O(1)$. However, all known protocols that achieve a sub-logarithmic overhead either require heavy server-side computation (e.g. homomorphic encryption), or a relatively large block size of at least $\Omega(\log^3 N)$. In this paper, we present a family of distributed ORAM constructions that follow the hierarchical approach of Goldreich and Ostrovsky\cite{GO}. We enhance known techniques, and develop new ones, to take better advantage of the existence of multiple servers. By plugging efficient known hashing schemes in our constructions, we get the following results: 1. For any number $m\geq 2$ of servers, we show an $m$-server ORAM scheme with $O(\log N/\log\log N)$ overhead, and block size $\Omega(\log^2 N)$. This scheme is resilient even against an $(m-1)$-server adversary. 2. A three-server ORAM construction with $O(\omega(1)\cdot\log N/\log\log N)$ overhead and a block size almost logarithmic, i.e. $\Omega(\log^{1+\epsilon}N)$. We also investigate a model where the servers are allowed to perform a linear amount of light local computations, and show that constant overhead is achievable in this model, through a simple four-server ORAM protocol. This is the first ORAM scheme with constant overhead, and polylogarithmic block size, that does not use homomorphic encryption.

[1]  Michael Mitzenmacher,et al.  More Robust Hashing: Cuckoo Hashing with a Stash , 2008, ESA.

[2]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[3]  Abhi Shelat,et al.  Scaling ORAM for Secure Computation , 2017, IACR Cryptol. ePrint Arch..

[4]  Zeev Dvir,et al.  2-Server PIR with Subpolynomial Communication , 2016, J. ACM.

[5]  Michael T. Goodrich,et al.  Randomized Shellsort: A Simple Data-Oblivious Sorting Algorithm , 2011, JACM.

[6]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[7]  Yuval Ishai,et al.  On Locally Decodable Codes, Self-correctable Codes, and t -Private PIR , 2007, APPROX-RANDOM.

[8]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[9]  Jonathan Katz,et al.  Simple and Efficient Two-Server ORAM , 2018, IACR Cryptol. ePrint Arch..

[10]  Elaine Shi,et al.  Oblivious Hashing Revisited, and Applications to Asymptotically Efficient ORAM and OPRAM , 2017, ASIACRYPT.

[11]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[12]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[13]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[14]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[15]  János Komlós,et al.  An 0(n log n) sorting network , 1983, STOC.

[16]  B. Applebaum Cryptography in NC0 , 2014 .

[17]  Kartik Nayak,et al.  More is Less: Perfectly Secure Oblivious Algorithms in the Multi-Server Setting , 2018, IACR Cryptol. ePrint Arch..

[18]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[19]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[20]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[21]  Jinsheng Zhang,et al.  MSKT-ORAM: A Constant Bandwidth ORAM without Homomorphic Encryption , 2016, IACR Cryptol. ePrint Arch..

[22]  Tarik Moataz,et al.  Constant Communication ORAM with Small Blocksize , 2015, CCS.

[23]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[24]  Sarvar Patel,et al.  PanORAMa: Oblivious RAM with Logarithmic Overhead , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[25]  Tarik Moataz,et al.  CHf-ORAM : A Constant Communication ORAM without Homomorphic Encryption , 2016 .

[26]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[27]  Yuval Ishai,et al.  Share Conversion and Private Information Retrieval , 2012, 2012 IEEE 27th Conference on Computational Complexity.

[28]  Yuval Ishai,et al.  Distributed Point Functions and Their Applications , 2014, EUROCRYPT.

[29]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[30]  Jonathan Katz,et al.  Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[31]  Tarik Moataz,et al.  Constant Communication ORAM without Encryption , 2015, IACR Cryptol. ePrint Arch..

[32]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[33]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[34]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[35]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[36]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[37]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[38]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[39]  Micah Adler,et al.  Parallel randomized load balancing , 1995, STOC '95.

[40]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[41]  W. Marsden I and J , 2012 .

[42]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[43]  Kasper Green Larsen,et al.  Yes, There is an Oblivious RAM Lower Bound! , 2018, IACR Cryptol. ePrint Arch..

[44]  Kartik Nayak,et al.  OptORAMa: Optimal Oblivious RAM , 2020, IACR Cryptol. ePrint Arch..

[45]  Yuval Ishai,et al.  Function Secret Sharing , 2015, EUROCRYPT.

[46]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[47]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[48]  Kartik Nayak,et al.  Asymptotically Tight Bounds for Composing ORAM with PIR , 2017, Public Key Cryptography.

[49]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.