Resizable Tree-Based Oblivious RAM

  • Tarik MoatazEmail author
  • Travis Mayberry
  • Erik-Oliver Blass
  • Agnes Hui Chan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8975)


Although newly proposed, tree-based Oblivious RAM schemes are drastically more efficient than older techniques, they come with a significant drawback: an inherent dependence on a fixed-size database. Yet, a flexible storage is vital for real-world use of Oblivious RAM since one of its most promising deployment scenarios is for cloud storage, where scalability and elasticity are crucial. We revisit the original construction by Shi et al. [17] and propose several ways to support both increasing and decreasing the ORAM’s size with sublinear communication. We show that increasing the capacity can be accomplished by adding leaf nodes to the tree, but that it must be done carefully in order to preserve the probabilistic integrity of data structures. We also provide new, tighter bounds for the size of interior and leaf nodes in the scheme, saving bandwidth and storage over previous constructions. Finally, we define an oblivious pruning technique for removing leaf nodes and decreasing the size of the tree. We show that this pruning method is both secure and efficient.


Leaf Node Communication Complexity Storage Cost Cloud Storage Security Parameter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was partially supported by NSF grant 1218197.


  1. 1.
    Amazon: Amazon s3 pricing (2014).
  2. 2.
    Boneh, D., Mazieres, D., Popa, R.A.: Remote oblivious storage: Making oblivious RAM practical, March 2011.
  3. 3.
    Chung, K.-M., Pass, R.: A Simple ORAM. IACR Cryptology ePrint Archive, Report 2013/243 (2013)Google Scholar
  4. 4.
    Damgård, I., Meldgaard, S., Nielsen, J.B.: Perfectly secure oblivious RAM without random oracles. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 144–163. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  5. 5.
    Fletcher, C.W., Ren, L., Kwon, A., van Dijk, M., Stefanov, E., Devadas, S.: RAW Path ORAM: A Low-Latency, Low-Area Hardware ORAM Controller with Integrity Verification. IACR Cryptology ePrint Archive, Report 2014/431 (2014)Google Scholar
  6. 6.
    Gentry, C., Goldman, K.A., Halevi, S., Julta, C., Raykova, M., Wichs, D.: Optimizing ORAM and using it efficiently for secure computation. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 1–18. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  7. 7.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: Proceedings of Symposium on Theory of Computing, New York, USA, pp. 182–194 (1987)Google Scholar
  9. 9.
    Goodrich, M.T., Mitzenmacher, M.: Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 576–587. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  10. 10.
    Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Oblivious RAM simulation with efficient worst-case access overhead. In: Proceedings of Cloud Computing Security Workshop, Chicago, USA, pp. 95–100 (2011)Google Scholar
  11. 11.
    Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious RAM simulation. In: Proceedings of the Symposium on Discrete Algorithms, Kyoto, Japan, pp. 157–167 (2012)Google Scholar
  12. 12.
    Hsu, J., Burke, P.: Behavior of tandem buffers with geometric input and Markovian output. IEEE Trans. Commun. 24(3), 358–361 (1976)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in)security of hash-based oblivious RAM and a new balancing scheme. In: Proceedings of Symposium on Discrete Algorithms, Kyoto, Japan, pp. 143–156 (2012)Google Scholar
  14. 14.
    Mayberry, T., Blass, E.-O., Chan, A.H.: Path-PIR: lower worst-case bounds by combining ORAM and PIR. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, USA (2014)Google Scholar
  15. 15.
    Ostrovsky, R., Shoup, V.: Private information storage (extended abstract). In: Proceedings of the Symposium on Theory of Computing, El Paso, USA, pp. 294–303 (1997)Google Scholar
  16. 16.
    Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  17. 17.
    Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)\(^\text{3 }\)) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  18. 18.
    Stefanov, E., van Dijk, M., Shi, E., Fletcher, C.W., Ren, L., Yu, X., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: Conference on Computer and Communications Security, pp. 299–310 (2013)Google Scholar
  19. 19.
    Williams, P., Sion, R.: Usable PIR. In: Proceedings of Network and Distributed System Security Symposium, San Diego, USA (2008)Google Scholar
  20. 20.
    Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: Conference on Computer and Communications Security, Alexandra, USA, pp. 139–148 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Tarik Moataz
    • 1
    • 2
    Email author
  • Travis Mayberry
    • 3
  • Erik-Oliver Blass
    • 4
  • Agnes Hui Chan
    • 3
  1. 1.Department of Computer ScienceColorado State UniversityFort CollinsUSA
  2. 2.IMTTelecom BretagnePlouzanéFrance
  3. 3.College of Computer and Information ScienceNortheastern UniversityBostonUSA
  4. 4.Airbus Group InnovationsMunichGermany

Personalised recommendations