Garbled RAM Revisited, Part I

The notion of garbled random-access machines (garbled RAMs) was introduced by Lu and Ostrovsky (Eurocrypt 2013). It can be seen as an analogue of Yao’s garbled circuits, that allows a user to garble a RAM program directly, without performing the expensive step of converting it into a circuit. In particular, the size of the garbled program and the time it takes to create and evaluate it are only proportional to its running time on a RAM rather than its circuit size. Lu and Ostrovsky gave a candidate construction of this primitive based on pseudo-random functions (PRFs). The starting point of this work is a subtle yet dicult-to-overco me issue with the Lu-Ostrovsky construction, that prevents a proof of security from going through. Specically, the construction requires a complex \circular" use of Yao garbled circuits and PRFs. As our main result, we show how to remove this circularity and get a provably secure solution using identity-based encryption (IBE). We also abstract out, simplify and generalize the main ideas behind the Lu-Ostrovsky construction, making them easier to understand and analyze. In a companion work to ours (Part II), Lu and Ostrovsky show an alternative approach to solving the circularity problem. 1 Their approach relies only on the existence of one-way functions, at the price of higher overhead. Specically, our construction has overhead poly( )polylog(n) (with the security parameter and n the data size), while the Lu-Ostrovsky approach can achieve overhead poly( )n " for any constant " > 0. It remains as an open problem to achieve an overhead of poly( )polylog(n) assuming only the existence of one-way functions.

[1]  Stephen A. Cook,et al.  Time-bounded random access machines , 1972, J. Comput. Syst. Sci..

[2]  Michael J. Fischer,et al.  Relations Among Complexity Measures , 1979, JACM.

[3]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[4]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[5]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[6]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[7]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[10]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[11]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[12]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[13]  Dan Boneh,et al.  Efficient Selective Identity-Based Encryption Without Random Oracles , 2011, Journal of Cryptology.

[14]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[15]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[16]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[17]  Brent Waters,et al.  Standard Security Does Not Imply Security against Selective-Opening , 2012, EUROCRYPT.

[18]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[19]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[20]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[21]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[22]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[23]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[24]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Distributed Cloud Data Store , 2013, NDSS.

[25]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[26]  Ron Rothblum,et al.  On the Circular Security of Bit-Encryption , 2013, TCC.

[27]  Rafail Ostrovsky,et al.  How to Garble RAM Programs , 2013, EUROCRYPT.

[28]  Yael Tauman Kalai,et al.  How to Run Turing Machines on Encrypted Data , 2013, CRYPTO.

[29]  Rafail Ostrovsky,et al.  Garbled RAM Revisited, Part II , 2014, IACR Cryptol. ePrint Arch..