Oblivious RAM with Worst-Case Logarithmic Overhead

We present the first Oblivious RAM (ORAM) construction that for N memory blocks supports accesses with worst-case O(logN) overhead for any block size Ω(logN) while requiring a client memory of only a constant number of memory blocks. We rely on the existence of oneway functions and guarantee computational security. Our result closes a long line of research on fundamental feasibility results for ORAM constructions as logarithmic overhead is necessary. The previous best logarithmic overhead construction only guarantees it in an amortized sense, i.e., logarithmic overhead is achieved only for long enough access sequences, where some of the individual accesses incur Θ(N) overhead. The previously best ORAM in terms of worst-case overhead achieves O(logN/ log logN) overhead. Technically, we design a novel de-amortization framework for modern ORAM constructions that use the “shuffled inputs” assumption. Our framework significantly departs from all previous de-amortization frameworks, originating from Ostrovsky and Shoup (STOC ’97), that seem to be fundamentally too weak to be applied on modern ORAM constructions. A preliminary version of this paper appeared in IACR-CRYPTO 2021. Bar-Ilan University. Email: Gilad.Asharov@biu.ac.il. Hebrew University and NTT Research. Email: ilank@cs.huji.ac.il. Cornell University. Email: wklin@cs.cornell.edu. CMU. Email: runting@gmail.com.

[1]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[2]  Kasper Green Larsen,et al.  Yes, There is an Oblivious RAM Lower Bound! , 2018, IACR Cryptol. ePrint Arch..

[3]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[4]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[5]  Elaine Shi,et al.  Oblivious Hashing Revisited, and Applications to Asymptotically Efficient ORAM and OPRAM , 2017, ASIACRYPT.

[6]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[7]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[8]  Sarvar Patel,et al.  PanORAMa: Oblivious RAM with Logarithmic Overhead , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[9]  Ilan Komargodski,et al.  A Logarithmic Lower Bound for Oblivious RAM (for All Parameters) , 2021, CRYPTO.

[10]  Mikkel Thorup Randomized sorting in O(n log log n) time and linear space using addition, shift, and bit-wise boolean operations , 1997, SODA '97.

[11]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[12]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[13]  Kai-Min Chung,et al.  Statistically-secure ORAM with Õ(log2 n) Overhead , 2014, ASIACRYPT.

[14]  Kartik Nayak,et al.  OptORAMa: Optimal Oblivious RAM , 2020, IACR Cryptol. ePrint Arch..

[15]  Kartik Nayak,et al.  Perfectly Secure Oblivious Parallel RAM , 2018, IACR Cryptol. ePrint Arch..

[16]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[17]  Rafail Ostrovsky,et al.  Alibi: A Flaw in Cuckoo-Hashing based Hierarchical ORAM Schemes and a Solution , 2020, IACR Cryptol. ePrint Arch..

[18]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[19]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[20]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[21]  Srinivas Devadas,et al.  Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM , 2015 .

[22]  Michael T. Goodrich,et al.  Oblivious RAM simulation with efficient worst-case access overhead , 2011, CCSW '11.

[23]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[24]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[25]  Rafail Ostrovsky,et al.  Oblivious tight compaction in O(n) time with smaller constant , 2020, IACR Cryptol. ePrint Arch..

[26]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[27]  Vitaly Shmatikov,et al.  Breaking Web Applications Built On Top of Encrypted Data , 2016, CCS.

[28]  Craig Gentry,et al.  Private Database Access with HE-over-ORAM Architecture , 2015, ACNS.

[29]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[30]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[31]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[32]  Yan Huang,et al.  Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward , 2015, CCS.

[33]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[34]  Michael L. Fredman,et al.  Surpassing the Information Theoretic Bound with Fusion Trees , 1993, J. Comput. Syst. Sci..

[35]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[36]  Jonathan Katz,et al.  Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[37]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[38]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[39]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[40]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[41]  Elaine Shi,et al.  Optimal Oblivious Parallel RAM , 2022, IACR Cryptol. ePrint Arch..

[42]  Elaine Shi,et al.  Circuit OPRAM: Unifying Statistically and Computationally Secure ORAMs and OPRAMs , 2017, TCC.