SCORAM: Oblivious RAM for Secure Computation

Oblivious RAMs (ORAMs) have traditionally been measured by their bandwidth overhead and client storage. We observe that when using ORAMs to build secure computation protocols for RAM programs, the size of the ORAM circuits is more relevant to the performance. We therefore embark on a study of the circuit-complexity of several recently proposed ORAM constructions. Our careful implementation and experiments show that asymptotic analysis is not indicative of the true performance of ORAM in secure computation protocols with practical data sizes. We then present SCORAM, a heuristic compact ORAM design optimized for secure computation protocols. Our new design is almost 10x smaller in circuit size and also faster than all other designs we have tested for realistic settings (i.e., memory sizes between 4MB and 2GB, constrained by 2-80 failure probability). SCORAM makes it feasible to perform secure computations on gigabyte-sized data sets.

[1]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[2]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[3]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[4]  Abhi Shelat,et al.  Efficient Secure Computation with Garbled Circuits , 2011, ICISS.

[5]  Abhi Shelat,et al.  PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation , 2013, USENIX Security Symposium.

[6]  Stratis Ioannidis,et al.  Privacy-preserving matrix factorization , 2013, CCS.

[7]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[8]  Craig Gentry,et al.  Garbled RAM Revisited, Part I , 2014, IACR Cryptol. ePrint Arch..

[9]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[10]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[11]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[12]  Michael K. Reiter,et al.  Automatic generation of two-party computations , 2003, CCS '03.

[13]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[14]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[15]  Rafail Ostrovsky,et al.  Garbled RAM Revisited , 2014, EUROCRYPT.

[16]  Kai-Min Chung,et al.  Statistically-secure ORAM with Õ(log2 n) Overhead , 2014, ASIACRYPT.

[17]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[18]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[19]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[20]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[21]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[22]  Mor Harchol-Balter,et al.  Performance Modeling and Design of Computer Systems: Contents , 2013 .

[23]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[24]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[25]  Peter Williams,et al.  Usable PIR , 2008, NDSS.

[26]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[27]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[28]  Rafail Ostrovsky,et al.  How to Garble RAM Programs , 2013, EUROCRYPT.

[29]  Elaine Shi,et al.  Automating Efficient RAM-Model Secure Computation , 2014, 2014 IEEE Symposium on Security and Privacy.

[30]  Rafail Ostrovsky,et al.  Garbled RAM Revisited, Part II , 2014, IACR Cryptol. ePrint Arch..

[31]  Dan Boneh,et al.  Remote Oblivious Storage: Making Oblivious RAM Practical , 2011 .

[32]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[33]  Michael Hicks,et al.  Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations , 2014, 2014 IEEE Symposium on Security and Privacy.

[34]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[35]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[36]  John C. Mitchell,et al.  Data-Oblivious Data Structures , 2014, STACS.

[37]  Craig Gentry,et al.  Outsourcing Private RAM Computation , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[38]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[39]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[40]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[41]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[42]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[43]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[44]  Michael T. Goodrich,et al.  Oblivious RAM simulation with efficient worst-case access overhead , 2011, CCSW '11.

[45]  Marcel Keller,et al.  Efficient, Oblivious Data Structures for MPC , 2014, IACR Cryptol. ePrint Arch..

[46]  Elaine Shi,et al.  FastPRP: Fast Pseudo-Random Permutations for Small Domains , 2012, IACR Cryptol. ePrint Arch..