Journal of Cryptology

, Volume 32, Issue 3, pp 941–972 | Cite as

Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness

  • Dana Dachman-SoledEmail author
  • Chang Liu
  • Charalampos Papamanthou
  • Elaine Shi
  • Uzi Vishkin


Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted CPU to securely access untrusted memory, such that the access patterns reveal nothing about sensitive data. ORAM is known to have broad applications in secure processor design and secure multiparty computation for big data. Unfortunately, due to a logarithmic lower bound by Goldreich and Ostrovsky (J ACM 43(3):431–473, 1996), ORAM is bound to incur a moderate cost in practice. In particular, with the latest developments in ORAM constructions, we are quickly approaching this limit, and the room for performance improvement is small. In this paper, we consider new models of computation in which the cost of obliviousness can be fundamentally reduced in comparison with the standard ORAM model. We propose the oblivious network RAM model of computation, where a CPU communicates with multiple memory banks, such that the adversary observes only which bank the CPU is communicating with, but not the address offset within each memory bank. In other words, obliviousness within each bank comes for free—either because the architecture prevents a malicious party from observing the address accessed within a bank, or because another solution is used to obfuscate memory accesses within each bank—and hence we only need to obfuscate communication patterns between the CPU and the memory banks. We present new constructions for obliviously simulating general or parallel programs in the network RAM model. We describe applications of our new model in distributed storage applications with a network adversary.


Oblivious RAM Parallel-computing PRAM model 



We thank Srini Devadas, Ling Ren, Christopher Fletcher, and Marten van Dijk for helpful discussions. The first author is supported in part by an NSF CAREER Award #CNS-1453045, by a research partnership award from Cisco and by financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology. The third author is supported in part by NSF Grants #CNS-15142 61 and #CNS-1652259. The fourth author is supported in part by NSF Grants #CNS-1314857, #CNS-1514261, #CNS-1544613, #CNS-1561209, #CNS-1601879, #CNS-1617676, an Office of Naval Research Young Investigator Program Award, a Packard Fellowship, a DARPA Safeware Grant (subcontractor under IBM), a Sloan Fellowship, Google Faculty Research Awards, a Google Ph.D. Fellowship Award, a Baidu Research Award, and a VMware Research Award. The fifth author is supported in party by NSF Grant #CNS-1161857.


  1. 1.
    N. Alon, O. Goldreich, Y. Mansour. Almost k-wise independence versus k-wise independence. Inf. Process. Lett. 88(3), 107–110 (2003)Google Scholar
  2. 2.
    Y. Arbitman, M. Naor, G. Segev. De-amortized cuckoo hashing: provable worst-case performance and experimental results, in Automata, Languages and Programming, 36th International Colloquium, ICALP 2009, Rhodes, Greece, July 5–12, 2009, Proceedings, Part I (2009), pp. 107–118Google Scholar
  3. 3.
    S. Bajaj, R. Sion. Trusteddb: a trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng. 26(3), 752–765 (2014)CrossRefGoogle Scholar
  4. 4.
    H. Bast, T. Hagerup. Fast parallel space allocation, estimation, and integer sorting. Inf. Comput. 123(1), 72–110 (1995)Google Scholar
  5. 5.
    H. Bast, T. Hagerup. Fast and reliable parallel hashing, in SPAA (1991), pp. 50–61Google Scholar
  6. 6.
    D. Boneh, D. Mazieres, R.A. Popa. Remote oblivious storage: making oblivious RAM practical (2011).
  7. 7.
    E. Boyle, K.-M. Chung, R. Pass. Oblivious parallel ram.
  8. 8.
    K.-M. Chung, Z. Liu, R. Pass. Statistically-secure oram with \(\tilde{O}(\log ^2 n)\) overhead. CoRR. arXiv:1307.3699 (2013)
  9. 9.
    C.W. Fletcher, M. van Dijk, S. Devadas. A secure processor architecture for encrypted computation on untrusted programs, in STC (2012)Google Scholar
  10. 10.
    C.W. Fletcher, L. Ren, A. Kwon, M. Van Dijk, E. Stefanov, D.N. Serpanos, S. Devadas. A low-latency, low-area hardware oblivious RAM controller, in 23rd IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, FCCM 2015, Vancouver, BC, Canada, May 2–6 (2015), pp. 215–222.
  11. 11.
    C.W. Fletcher, L. Ren, A. Kwon, M. van Dijk, E. Stefanov, S. Devadas. RAW path ORAM: a low-latency, low-area hardware ORAM controller with integrity verification, in IACR Cryptology ePrint Archive, vol. 431 (2014)Google Scholar
  12. 12.
    C.W. Fletcher, L. Ren, X. Yu, M. van Dijk, O. Khan, S. Devadas. Suppressing the oblivious RAM timing channel while making information leakage and program efficiency trade-offs, in HPCA (2014), pp. 213–224Google Scholar
  13. 13.
    C. Gentry, K.A. Goldman, S. Halevi, C.S. Jutla, M. Raykova, D. Wichs. Optimizing ORAM and using it efficiently for secure computation, in Privacy Enhancing Technologies Symposium (PETS) (2013)Google Scholar
  14. 14.
    C. Gentry, S. Halevi, S. Lu, R. Ostrovsky, M. Raykova, D. Wichs. Garbled ram revisited, in Advances in Cryptology—EUROCRYPT 2014, vol. 8441 (2014), pp. 405–422Google Scholar
  15. 15.
    C. Gentry, S. Halevi, M. Raykova, D. Wichs. Garbled ram revisited, part i. Cryptology ePrint Archive, Report 2014/082, 2014.
  16. 16.
    C. Gentry, S. Halevi, M. Raykova, D. Wichs. Outsourcing private ram computation. IACR Cryptology ePrint Archive, vol. 148 (2014)Google Scholar
  17. 17.
    F. Ghanim, U. Vishkin, R. Barua. Easy PRAM-based high-performance parallel programming with ICE. IEEE Trans. Parallel Distrib. Syst. 29(2), 377–390 (2018). CrossRefGoogle Scholar
  18. 18.
    J. Gil, Y. Matias, U. Vishkin. Towards a theory of nearly constant time parallel algorithms, in 32nd Annual Symposium on Foundations of Computer Science (FOCS) (1991), pp. 698–710Google Scholar
  19. 19.
    O. Goldreich. Towards a theory of software protection and simulation by oblivious RAMs, in ACM Symposium on Theory of Computing (STOC) (1987)Google Scholar
  20. 20.
    O. Goldreich, R. Ostrovsky. Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)Google Scholar
  21. 21.
    M.T. Goodrich, D.S. Hirschberg, M. Mitzenmacher, J. Thaler. Fully de-amortized cuckoo hashing for cache-oblivious dictionaries and multimaps. CoRR. arXiv:1107.4378 (2011)
  22. 22.
    M.T. Goodrich, D.S. Hirschberg, M. Mitzenmacher, J. Thaler. Cache-oblivious dictionaries and multimaps with negligible failure probability, in G. Even, D. Rawitz, editors, Design and Analysis of Algorithms—First Mediterranean Conference on Algorithms, MedAlg 2012, Kibbutz Ein Gedi, Israel, December 3–5, 2012. Proceedings. LNCS, vol. 7659 (Springer, 2012), pp. 203–218Google Scholar
  23. 23.
    M.T. Goodrich, M. Mitzenmacher. Privacy-preserving access of outsourced data via oblivious RAM simulation, in ICALP (2011)Google Scholar
  24. 24.
    M.T. Goodrich, M. Mitzenmacher, O. Ohrimenko, R. Tamassia. Practical oblivious storage, in ACM Conference on Data and Application Security and Privacy (CODASPY) (2012)Google Scholar
  25. 25.
    M.T. Goodrich, M. Mitzenmacher, O. Ohrimenko, R. Tamassia. Privacy-preserving group data access via stateless oblivious RAM simulation, in SODA (2012)Google Scholar
  26. 26.
    S.D. Gordon, J. Katz, V. Kolesnikov, F. Krell, T. Malkin, M. Raykova, Y. Vahlis. Secure two-party computation in sublinear (amortized) time, in ACM CCS (2012)Google Scholar
  27. 27.
    T. Hagerup. The log-star revolution, in STACS 92, 9th Annual Symposium on Theoretical Aspects of Computer Science, Cachan, France, February 13–15, 1992, Proceedings (1992), pp. 259–278Google Scholar
  28. 28.
    A. Kirsch, M. Mitzenmacher, U. Wieder. More robust hashing: cuckoo hashing with a stash, in Algorithms—ESA 2008, 16th Annual European Symposium, Karlsruhe, Germany, September 15–17, 2008. Proceedings (2008), pp. 611–622.Google Scholar
  29. 29.
    E. Kushilevitz, S. Lu, R. Ostrovsky. On the (in)security of hash-based oblivious RAM and a new balancing scheme, in SODA (2012)Google Scholar
  30. 30.
    C. Liu, Y. Huang, E. Shi, J. Katz, M. Hicks. Automating efficient ram-model secure computation, in IEEE S & P (IEEE Computer Society, 2014)Google Scholar
  31. 31.
    S. Lu, R. Ostrovsky. Distributed oblivious RAM for secure two-party computation, in Theory of Cryptography Conference (TCC) (2013)Google Scholar
  32. 32.
    S. Lu, R. Ostrovsky. How to garble ram programs, in EUROCRYPT (2013), pp. 719–734Google Scholar
  33. 33.
    S. Lu, R. Ostrovsky. Garbled ram revisited, part ii. Cryptology ePrint Archive, Report 2014/083, 2014.
  34. 34.
    M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, D. Song. Phantom: practical oblivious computation in a secure processor, in CCS (2013)Google Scholar
  35. 35.
    M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, D. Song. A high-performance oblivious RAM controller on the convey hc-2ex heterogeneous computing platform, in Workshop on the Intersections of Computer Architecture and Reconfigurable Logic (CARL) (2013)Google Scholar
  36. 36.
    R. Meka, O. Reingold, G.N. Rothblum, R.D. Rothblum. Fast pseudorandomness for independence and load balancing—(extended abstract), in Automata, Languages, and Programming - 41st International Colloquium, ICALP 2014, Copenhagen, Denmark, July 8–11, 2014, Proceedings, Part I (2014), pp. 859–870Google Scholar
  37. 37.
    R. Ostrovsky, V. Shoup. Private information storage (extended abstract), in ACM Symposium on Theory of Computing (STOC) (1997)Google Scholar
  38. 38.
    R. Pagh, F.F. Rodler. Cuckoo hashing. J. Algorithms 51(2), 122–144 (2004)Google Scholar
  39. 39.
    L. Ren, X. Yu, C.W. Fletcher, M. van Dijk, S. Devadas. Design space exploration and optimization of path oblivious RAM in secure processors, in ISCA (2013), pp. 571–582Google Scholar
  40. 40.
    J.P. Schmidt, A. Siegel, A. Srinivasan. Chernoff-hoeffding bounds for applications with limited independence. SIAM J. Discrete Math. 8(2), 223–250 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    E. Shi, T.-H. Hubert Chan, E. Stefanov, M. Li. Oblivious RAM with \(O((\log N)^3)\) worst-case cost, in ASIACRYPT (2011)Google Scholar
  42. 42.
    E. Stefanov, E. Shi. Oblivistore: high performance oblivious cloud storage, in IEEE Symposium on Security and Privacy (S & P) (2013)Google Scholar
  43. 43.
    E. Stefanov, E. Shi, D. Song. Towards practical oblivious RAM, in NDSS (2012)Google Scholar
  44. 44.
    E. Stefanov, M. van Dijk, E. Shi, T.-H.H. Chan, C. Fletcher, L. Ren, X. Yu, S. Devadas. Path ORAM: an extremely simple oblivious ram protocol, in ACM CCS (2013)Google Scholar
  45. 45.
    U. Vishkin. Can parallel algorithms enhance seriel implementation? Commun. ACM 39(9), 88–91 (1996)CrossRefGoogle Scholar
  46. 46.
    U. Vishkin. Using simple abstraction to reinvent computing for parallelism. Commun. ACM 54(1), 75–85 (2011)CrossRefGoogle Scholar
  47. 47.
    X.S. Wang, T.-H.H. Chan, E. Shi. Circuit ORAM: on tightness of the Goldreich–Ostrovksy lower bound.
  48. 48.
    X.S. Wang, Y. Huang, T.-H.H. Chan, A. Shelat, E. Shi. Scoram: oblivious ram for secure computation.
  49. 49.
    P. Williams, R. Sion. Usable PIR, in Network and Distributed System Security Symposium (NDSS) (2008)Google Scholar
  50. 50.
    P. Williams, R. Sion. SR-ORAM: single round-trip oblivious ram, in ACM Conference on Computer and Communications Security (CCS) (2012)Google Scholar
  51. 51.
    P. Williams, R. Sion, B. Carbunar. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage, in CCS (2008)Google Scholar
  52. 52.
    P. Williams, R. Sion, A. Tomescu. PrivateFS: A parallel oblivious file system, in CCS (2012)Google Scholar
  53. 53.
    X. Yu, S.K. Haider, L. Ren, C.W. Fletcher, A. Kwon, M. van Dijk, S. Devadas. Program: dynamic prefetcher for oblivious RAM, in Proceedings of the 42nd Annual International Symposium on Computer Architecture, Portland, OR, USA, June 13–17, 2015 (2015), pp. 616–628Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Dana Dachman-Soled
    • 1
    • 3
    Email author
  • Chang Liu
    • 2
  • Charalampos Papamanthou
    • 1
    • 3
  • Elaine Shi
    • 4
  • Uzi Vishkin
    • 1
    • 3
  1. 1.Department of Electrical and Computer EngineeringUniversity of MarylandCollege ParkUSA
  2. 2.University of CaliforniaBerkeleyUSA
  3. 3.University of Maryland Institute for Advanced Computer Studies (UMIACS)College ParkUSA
  4. 4.Cornell UniversityIthacaUSA

Personalised recommendations