Path ORAM

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM has a O(log N) bandwidth cost for blocks of size B = Ω (log2 N) bits. For such block sizes, Path ORAM is asymptotically better than the best-known ORAM schemes with small client storage. Due to its practicality, Path ORAM has been adopted in the design of secure processors since its proposal.

[1]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[2]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Peter Williams,et al.  Usable PIR , 2008, NDSS.

[4]  Michael T. Goodrich,et al.  MapReduce Parallel Cuckoo Hashing and Oblivious RAM Simulations , 2010, ArXiv.

[5]  Johann-Christoph Freytag,et al.  Almost Optimal Private Information Retrieval , 2002, Privacy Enhancing Technologies.

[6]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[7]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[8]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[9]  Dan Boneh,et al.  Remote Oblivious Storage: Making Oblivious RAM Practical , 2011 .

[10]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[11]  Michael T. Goodrich,et al.  Oblivious RAM simulation with efficient worst-case access overhead , 2011, CCSW '11.

[12]  Marcel Keller,et al.  Efficient, Oblivious Data Structures for MPC , 2014, IACR Cryptol. ePrint Arch..

[13]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[14]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[15]  Miklós Ajtai,et al.  Oblivious RAMs without cryptogrpahic assumptions , 2010, STOC '10.

[16]  Rafail Ostrovsky,et al.  How to Garble RAM Programs , 2013, EUROCRYPT.

[17]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[18]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[19]  Rafail Ostrovsky,et al.  Black-Box Garbled RAM , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[20]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[21]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[22]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[23]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[24]  Mor Harchol-Balter,et al.  Performance Modeling and Design of Computer Systems: Queueing Theory in Action , 2013 .

[25]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[26]  Devdatt P. Dubhashi,et al.  Balls and bins: A study in negative dependence , 1996, Random Struct. Algorithms.

[27]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[28]  David Cash,et al.  Dynamic Proofs of Retrievability via Oblivious RAM , 2013, EUROCRYPT.

[29]  Elaine Shi,et al.  Constants Count: Practical Improvements to Oblivious RAM , 2015, USENIX Security Symposium.

[30]  Elaine Shi,et al.  Practical dynamic proofs of retrievability , 2013, CCS.

[31]  Ran Canetti,et al.  Succinct Garbling and Indistinguishability Obfuscation for RAM Programs , 2015, STOC.

[32]  Elaine Shi,et al.  Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns , 2014, USENIX Security Symposium.

[33]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[34]  Kai-Min Chung,et al.  Statistically-secure ORAM with $\tilde{O}(\log^2 n)$ Overhead , 2013, ArXiv.

[35]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[36]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[37]  Srinivas Devadas,et al.  Integrity verification for path Oblivious-RAM , 2013, 2013 IEEE High Performance Extreme Computing Conference (HPEC).

[38]  Srinivas Devadas,et al.  Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM , 2015 .

[39]  Rafail Ostrovsky,et al.  Garbled RAM From One-Way Functions , 2015, STOC.

[40]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[41]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[42]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[43]  Rafail Ostrovsky,et al.  Garbled RAM Revisited , 2014, EUROCRYPT.

[44]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[45]  Paul Beame,et al.  Making RAMs Oblivious Requires Superlogarithmic Overhead , 2010, Electron. Colloquium Comput. Complex..

[46]  Sean W. Smith,et al.  Practical server privacy with secure coprocessors , 2001, IBM Syst. J..

[47]  Elaine Shi,et al.  GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation , 2015, ASPLOS.

[48]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[49]  Sean W. Smith,et al.  Protecting client privacy with trusted computing at the server , 2005, IEEE Security & Privacy Magazine.

[50]  Christopher W. Fletcher Ascend : an architecture for performing secure computation on encrypted data , 2013 .

[51]  Kai-Min Chung,et al.  A Simple ORAM , 2013, IACR Cryptol. ePrint Arch..

[52]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[53]  Desh Ranjan,et al.  Balls and bins: A study in negative dependence , 1996, Random Struct. Algorithms.

[54]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[55]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[56]  Kai-Min Chung,et al.  Large-Scale Secure Computation: Multi-party Computation for (Parallel) RAM Programs , 2015, CRYPTO.

[57]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[58]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[59]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[60]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[61]  Kai-Min Chung,et al.  Statistically-secure ORAM with Õ(log2 n) Overhead , 2014, ASIACRYPT.

[62]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[63]  Srinivas Devadas,et al.  A Low-Latency, Low-Area Hardware Oblivious RAM Controller , 2015, 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing Machines.

[64]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[65]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[66]  Yan Huang,et al.  Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward , 2015, CCS.

[67]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[68]  John C. Mitchell,et al.  Data-Oblivious Data Structures , 2014, STACS.