Advertisement

Locality-Preserving Oblivious RAM

  • Gilad AsharovEmail author
  • T.-H. Hubert Chan
  • Kartik Nayak
  • Rafael Pass
  • Ling Ren
  • Elaine Shi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11477)

Abstract

Oblivious RAMs, introduced by Goldreich and Ostrovsky [JACM’96], compile any RAM program into one that is “memory oblivious”, i.e., the access pattern to the memory is independent of the input. All previous ORAM schemes, however, completely break the locality of data accesses (for instance, by shuffling the data to pseudorandom positions in memory).

In this work, we initiate the study of locality-preserving ORAMs—ORAMs that preserve locality of the accessed memory regions, while leaking only the lengths of contiguous memory regions accessed. Our main results demonstrate the existence of a locality-preserving ORAM with poly-logarithmic overhead both in terms of bandwidth and locality. We also study the tradeoff between locality, bandwidth and leakage, and show that any scheme that preserves locality and does not leak the lengths of the contiguous memory regions accessed, suffers from prohibitive bandwidth.

To the best of our knowledge, before our work, the only works combining locality and obliviousness were for symmetric searchable encryption [e.g., Cash and Tessaro (EUROCRYPT’14), Asharov et al. (STOC’16)]. Symmetric search encryption ensures obliviousness if each keyword is searched only once, whereas ORAM provides obliviousness to any input program. Thus, our work generalizes that line of work to the much more challenging task of preserving locality in ORAMs.

Keywords

Oblivious RAM Locality Randomized algorithms 

Notes

Acknowledgments

This work was partially supported by a Junior Fellow award from the Simons Foundation to Gilad Asharov. This work was supported in part by NSF grants CNS-1314857, CNS-1514261, CNS-1544613, CNS-1561209, CNS-1601879, CNS-1617676, an Office of Naval Research Young Investigator Program Award, a Packard Fellowship, a Sloan Fellowship, Google Faculty Research Awards, a VMWare Research Award, and a Baidu Faculty Research Award to Elaine Shi. Kartik Nayak was partially supported by a Google Ph.D. Fellowship Award. T.-H. Hubert Chan was partially supported by the Hong Kong RGC under the grant 17200418.

References

  1. 1.
    Bitonic sorter. https://en.wikipedia.org/wiki/Bitonic_sorter. Accessed October 2018
  2. 2.
    Ajtai, M., Komlós, J., Szemerédi, E.: An \(O(N \log N)\) sorting network. In: ACM Symposium on Theory of Computing (STOC 1983), pp. 1–9 (1983)Google Scholar
  3. 3.
    Apon, D., Katz, J., Shi, E., Thiruvengadam, A.: Verifiable oblivious storage. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 131–148. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_8CrossRefGoogle Scholar
  4. 4.
    Arge, L., Ferragina, P., Grossi, R., Vitter, J.S.: On sorting strings in external memory (extended abstract). In: ACM Symposium on the Theory of Computing (STOC 1997), pp. 540–548 (1997)Google Scholar
  5. 5.
    Asharov, G., Chan, T.H.H., Nayak, K., Pass, R., Ren, L., Shi, E.: Locality-preserving oblivious ram. https://eprint.iacr.org/2017/772
  6. 6.
    Asharov, G., Komargodski, I., Lin, W.K., Nayak, K., Peserico, E., Shi, E.: OptORAMa: optimal oblivious RAM. Cryptology ePrint Archive, Report 2018/892Google Scholar
  7. 7.
    Asharov, G., Naor, M., Segev, G., Shahaf, I.: Searchable symmetric encryption: optimal locality in linear space via two-dimensional balanced allocations. In: ACM Symposium on Theory of Computing (STOC 2016), pp. 1101–1114 (2016)Google Scholar
  8. 8.
    Asharov, G., Segev, G., Shahaf, I.: Tight tradeoffs in searchable symmetric encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 407–436. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96884-1_14CrossRefzbMATHGoogle Scholar
  9. 9.
    Batcher, K.E.: Sorting networks and their applications. In: AFIPS 1968 (1968)Google Scholar
  10. 10.
    Boyle, E., Naor, M.: Is there an oblivious RAM lower bound? In: ACM Conference on Innovations in Theoretical Computer Science (ITCS 2016), pp. 357–368 (2016)Google Scholar
  11. 11.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Cash, D., Jarecki, S., Jutla, C.S., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part 1. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_20CrossRefGoogle Scholar
  13. 13.
    Cash, D., Tessaro, S.: The locality of searchable symmetric encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 351–368. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_20CrossRefGoogle Scholar
  14. 14.
    Chakraborti, A., Aviv, A.J., Choi, S.G., Mayberry, T., Roche, D.S., Sion, R.: rORAM: efficient range ORAM with \(O(\log ^2 N)\) locality. In: Network and Distributed System Security (NDSS) (2019)Google Scholar
  15. 15.
    Chan, T.H., Nayak, K., Shi, E.: Perfectly secure oblivious parallel RAM. In: Theory of Cryptography Conference (TCC) (2018)Google Scholar
  16. 16.
    Chan, T.H., Chung, K.M., Maggs, B., Shi, E.: Foundations of differentially oblivious algorithms. In: Symposium on Discrete Algorithms (SODA) (2019)Google Scholar
  17. 17.
    Chase, M., Kamara, S.: Structured encryption and controlled disclosure. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 577–594. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_33CrossRefGoogle Scholar
  18. 18.
    Chung, K.-M., Liu, Z., Pass, R.: Statistically-secure ORAM with \(\tilde{O}(\log ^2 n)\) overhead. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 62–81. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45608-8_4CrossRefGoogle Scholar
  19. 19.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM Conference on Computer and Communications Security (CCS 2006), pp. 79–88 (2006)Google Scholar
  20. 20.
    Demertzis, I., Papadopoulos, D., Papamanthou, C.: Searchable encryption with optimal locality: achieving sublogarithmic read efficiency. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 371–406. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96884-1_13CrossRefGoogle Scholar
  21. 21.
    Demertzis, I., Papamanthou, C.: Fast searchable encryption with tunable locality. In: SIGMOD Conference, pp. 1053–1067. ACM (2017)Google Scholar
  22. 22.
    Devadas, S., van Dijk, M., Fletcher, C.W., Ren, L., Shi, E., Wichs, D.: Onion ORAM: a constant bandwidth blowup oblivious RAM. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 145–174. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49099-0_6CrossRefGoogle Scholar
  23. 23.
    Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: STOC (1987)Google Scholar
  24. 24.
    Goldreich, O.: The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press, Cambridge (2004)zbMATHGoogle Scholar
  25. 25.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43, 431–473 (1996)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Goodrich, M.T.: Zig-zag sort: a simple deterministic data-oblivious sorting algorithm running in \(O(n \log n)\) time. In: STOC (2014)Google Scholar
  27. 27.
    Goodrich, M.T., Mitzenmacher, M.: Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 576–587. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22012-8_46CrossRefGoogle Scholar
  28. 28.
    Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 258–274. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39884-1_22CrossRefGoogle Scholar
  29. 29.
    Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Generic attacks on secure outsourced databases. In: ACM CCS, pp. 1329–1340 (2016)Google Scholar
  30. 30.
    Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Accessing data while preserving privacy. CoRR abs/1706.01552 (2017). http://arxiv.org/abs/1706.01552
  31. 31.
    Kurosawa, K., Ohtaki, Y.: How to update documents verifiably in searchable symmetric encryption. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 309–328. Springer, Cham (2013).  https://doi.org/10.1007/978-3-319-02937-5_17CrossRefGoogle Scholar
  32. 32.
    Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in)security of hash-based oblivious RAM and a new balancing scheme. In: SODA (2012)Google Scholar
  33. 33.
    Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious RAM lower bound!. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96881-0_18CrossRefGoogle Scholar
  34. 34.
    Patel, S., Persiano, G., Raykova, M., Yeo, K.: Panorama: oblivious RAM with logarithmic overhead. In: FOCS (2018)Google Scholar
  35. 35.
    Ruemmler, C., Wilkes, J.: An introduction to disk drive modeling. IEEE Comput. 27(3), 17–28 (1994)CrossRefGoogle Scholar
  36. 36.
    Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((log N)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_11CrossRefGoogle Scholar
  37. 37.
    Stefanov, E., et al.: Path ORAM - an extremely simple oblivious RAM protocol. In: CCS (2013)Google Scholar
  38. 38.
    van Liesdonk, P., Sedghi, S., Doumen, J., Hartel, P., Jonker, W.: Computationally efficient searchable symmetric encryption. In: Jonker, W., Petković, M. (eds.) SDM 2010. LNCS, vol. 6358, pp. 87–100. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15546-8_7CrossRefGoogle Scholar
  39. 39.
    Vitter, J.S.: External memory algorithms and data structures. ACM Comput. Surv. 33(2), 209–271 (2001)CrossRefGoogle Scholar
  40. 40.
    Vitter, J.S.: Algorithms and data structures for external memory. Found. Trends Theor. Comput. Sci. 2(4), 305–474 (2006)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Wang, X., Chan, T.H., Shi, E.: Circuit ORAM: on tightness of the Goldreich-Ostrovsky lower bound. In: ACM Conference on Computer and Communications Security, pp. 850–861. ACM (2015)Google Scholar
  42. 42.
    Wang, X.S., Huang, Y., Chan, T.H.H., Shelat, A., Shi, E.: SCORAM: oblivious RAM for secure computation. In: CCS (2014)Google Scholar
  43. 43.
    Williams, P., Sion, R.: Usable PIR. In: Network and Distributed System Security Symposium (NDSS) (2008)Google Scholar
  44. 44.
    Williams, P., Sion, R.: Round-optimal access privacy on outsourced storage. In: ACM Conference on Computer and Communication Security (CCS) (2012)Google Scholar
  45. 45.
    Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: CCS, pp. 139–148 (2008)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Gilad Asharov
    • 1
    Email author
  • T.-H. Hubert Chan
    • 2
  • Kartik Nayak
    • 3
  • Rafael Pass
    • 1
  • Ling Ren
    • 4
  • Elaine Shi
    • 1
  1. 1.Cornell/Cornell TechNew YorkUSA
  2. 2.The University of Hong KongPok Fu LamHong Kong
  3. 3.University of MarylandCollege ParkUSA
  4. 4.MITCambridgeUSA

Personalised recommendations