Lower Bounds for Differentially Private RAMs

  • Giuseppe Persiano
  • Kevin YeoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11476)


In this work, we study privacy-preserving storage primitives that are suitable for use in data analysis on outsourced databases within the differential privacy framework. The goal in differentially private data analysis is to disclose global properties of a group without compromising any individual’s privacy. Typically, differentially private adversaries only ever learn global properties. For the case of outsourced databases, the adversary also views the patterns of access to data. Oblivious RAM (ORAM) can be used to hide access patterns but ORAM might be excessive as in some settings it could be sufficient to be compatible with differential privacy and only protect the privacy of individual accesses.

We consider \((\epsilon ,\delta )\)-Differentially Private RAM, a weakening of ORAM that only protects individual operations and seems better suited for use in data analysis on outsourced databases. As differentially private RAM has weaker security than ORAM, there is hope that we can bypass the \(\varOmega (\log (nb/c))\) bandwidth lower bounds for ORAM by Larsen and Nielsen [CRYPTO ’18] for storing an array of n b-bit entries and a client with c bits of memory. We answer in the negative and present an \(\varOmega (\log (nb/c))\) bandwidth lower bound for privacy budgets of \(\epsilon = O(1)\) and \(\delta \le 1/3\).

The information transfer technique used for ORAM lower bounds does not seem adaptable for use with the weaker security guarantees of differential privacy. Instead, we prove our lower bounds by adapting the chronogram technique to our setting. To our knowledge, this is the first work that uses the chronogram technique for lower bounds on privacy-preserving storage primitives.


  1. 1.
    Asharov, G., Komargodski, I., Lin, W.-K., Nayak, K., Peserico, E., Shi, E.: OptORAMa: Optimal oblivious RAM. ePrint Report 2018/892Google Scholar
  2. 2.
    Boyle, E., Chung, K.-M., Pass, R.: Oblivious parallel RAM and applications. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 175–204. Springer, Heidelberg (2016). Scholar
  3. 3.
    Boyle, E., Naor, M.: Is there an oblivious RAM lower bound? In: ITCS 2016, pp. 357–368 (2016)Google Scholar
  4. 4.
    Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: CCS 2015, pp. 668–679 (2015)Google Scholar
  5. 5.
    Chan, T.-H.H., Guo, Y., Lin, W.-K., Shi, E.: Oblivious hashing revisited, and applications to asymptotically efficient ORAM and OPRAM. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 660–690. Springer, Cham (2017). Scholar
  6. 6.
    Chen, B., Lin, H., Tessaro, S.: Oblivious parallel RAM: improved efficiency and generic constructions. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 205–234. Springer, Heidelberg (2016). Scholar
  7. 7.
    Chung, K.-M., Liu, Z., Pass, R.: Statistically-secure ORAM with \(\tilde{O}(\log ^2 n)\) overhead. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 62–81. Springer, Heidelberg (2014). Scholar
  8. 8.
    Damgård, I., Meldgaard, S., Nielsen, J.B.: Perfectly secure oblivious RAM without random oracles. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 144–163. Springer, Heidelberg (2011). Scholar
  9. 9.
    Devadas, S., van Dijk, M., Fletcher, C.W., Ren, L., Shi, E., Wichs, D.: Onion ORAM: a constant bandwidth blowup oblivious RAM. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 145–174. Springer, Heidelberg (2016). Scholar
  10. 10.
    Dwork, C.: A firm foundation for private data analysis. Commun. ACM 54(1), 86–95 (2011)CrossRefGoogle Scholar
  11. 11.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). Scholar
  12. 12.
    Dwork, C., Roth, A., et al.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9, 211–407 (2014)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Fredman, M., Saks, M.: The cell probe complexity of dynamic data structures. In: STOC 1989, pp. 345–354 (1989)Google Scholar
  14. 14.
    Garg, S., Lu, S., Ostrovsky, R., Scafuro, A.: Garbled RAM from one-way functions. In: STOC 2015, pp. 449–458 (2015)Google Scholar
  15. 15.
    Gentry, C., Halevi, S., Lu, S., Ostrovsky, R., Raykova, M., Wichs, D.: Garbled RAM revisited. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 405–422. Springer, Heidelberg (2014). Scholar
  16. 16.
    Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: STOC 1987, pp. 182–194 (1987)Google Scholar
  17. 17.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. JACM 43(3), 431–473 (1996)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Goodrich, M.T., Mitzenmacher, M.: Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 576–587. Springer, Heidelberg (2011). Scholar
  19. 19.
    Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious RAM simulation. In: SODA 2012, pp. 157–167 (2012)Google Scholar
  20. 20.
    Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: NDSS 2012 (2012)Google Scholar
  21. 21.
    Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in) security of hash-based oblivious RAM and a new balancing scheme. In: SODA 2012, pp. 143–156 (2012)Google Scholar
  22. 22.
    Larsen, K.G.: The cell probe complexity of dynamic range counting. In: STOC 2012, pp. 85–94 (2012)Google Scholar
  23. 23.
    Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious RAM lower bound!. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018). Scholar
  24. 24.
    Larsen, K.G., Weinstein, O., Yu, H.: Crossing the logarithmic barrier for dynamic boolean data structure lower bounds. In: STOC 2018, pp. 978–989 (2018)Google Scholar
  25. 25.
    Lu, S., Ostrovsky, R.: Black-Box parallel garbled RAM. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 66–92. Springer, Cham (2017). Scholar
  26. 26.
    Mironov, I., Pandey, O., Reingold, O., Vadhan, S.: Computational differential privacy. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 126–142. Springer, Heidelberg (2009). Scholar
  27. 27.
    Patel, S., Persiano, G., Raykova, M., Yeo, K.: PanORAMa: oblivious RAM with logarithmic overhead. In: FOCS 2018, pp. 871–882 (2018)Google Scholar
  28. 28.
    Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010). Scholar
  29. 29.
    Pǎtraşcu, M.: Lower bound techniques for data structures. Ph.D. thesis. MIT (2008)Google Scholar
  30. 30.
    Pǎtraşcu, M., Demaine, E.D.: Logarithmic lower bounds in the cell-probe model. SIAM J. Comput. 35(4), 932–963 (2006)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Stefanov, E., Shi, E., Song, D.: Towards practical oblivious RAM. arXiv:1106.3652 (2011)
  32. 32.
    Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. In: CCS 2013, pp. 299–310 (2013)Google Scholar
  33. 33.
    Toledo, R.R., Danezis, G., Goldberg, I.: Lower-cost \(\epsilon \)-private information retrieval. Proc. Priv. Enhancing Technol. 2016(4), 184–201 (2016)CrossRefGoogle Scholar
  34. 34.
    Wagh, S., Cuff, P., Mittal, P.: Root ORAM: a tunable differentially private oblivious RAM. arXiv:1601.03378 (2016)
  35. 35.
    Wang, X.S., et al.: Oblivious data structures. In: CCS 2014, pp. 215–226 (2014)Google Scholar
  36. 36.
    Weiss, M., Wichs, D.: Is there an Oblivious RAM lower bound for online reads? ePrint report 2018/619Google Scholar
  37. 37.
    Yao, A.C.-C.: Should tables be sorted? JACM 28(3), 615–628 (1981)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Google LLCMountain ViewUSA
  2. 2.Università di SalernoSalernoItaly

Personalised recommendations