Skip to main content
SpringerLink
Log in

MacORAMa: Optimal Oblivious RAM with Integrity

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14084))

Included in the following conference series:

Abstract

Oblivious RAM (ORAM), introduced by Goldreich and Ostrovsky (J. ACM ‘96), is a primitive that allows a client to perform RAM computations on an external database without revealing any information through the access pattern. For a database of size N, well-known lower bounds show that a multiplicative overhead of \(\varOmega (\log N)\) in the number of RAM queries is necessary assuming O(1) client storage. A long sequence of works culminated in the asymptotically optimal construction of Asharov, Komargodski, Lin, and Shi (CRYPTO ‘21) with \(O(\log N)\) worst-case overhead and O(1) client storage. However, this optimal ORAM is known to be secure only in the honest-but-curious setting, where an adversary is allowed to observe the access patterns but not modify the contents of the database. In the malicious setting, where an adversary is additionally allowed to tamper with the database, this construction and many others in fact become insecure.

In this work, we construct the first maliciously secure ORAM with worst-case \(O(\log N)\) overhead and O(1) client storage assuming one-way functions, which are also necessary. By the \(\varOmega (\log N)\) lower bound, our construction is asymptotically optimal. To attain this overhead, we develop techniques to intricately interleave online and offline memory checking for malicious security. Furthermore, we complement our positive result by showing the impossibility of a generic overhead-preserving compiler from honest-but-curious to malicious security, barring a breakthrough in memory checking.

The first author was supported in part by the Siebel Scholars program. The second author is supported in part by NSF fellowship DGE-2141064. This research was supported in part by DARPA under Agreement No. HR00112020023, an NSF grant CNS-2154149, a grant from the MIT-IBM Watson AI, a grant from Analog Devices, a Microsoft Trustworthy AI grant, and a Thornton Family Faculty Research Innovation Fellowship from MIT. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Bandwidth refers to the ratio of the number of physical bits accessed to the number of bits being requested. While [52] achieves \(O(\log N / \log \log N)\) overhead, its bandwidth is still \(O(\log N)\) because the logical and physical word sizes differ by more than a constant factor. In our setting, the logical and physical word sizes will always differ by at most a constant factor, so overhead and bandwidth are asymptotically equivalent.

  2. 2.

    See Sect. 2.4 for discussion about this choice of word size.

  3. 3.

    Technically, we consider a slightly different notion of memory checking that we show is both necessary and sufficient for compiling. See Sect. 5 for more details.

  4. 4.

    More formally, for the last request, the user \(\mathcal {C}\) must send some “last request” symbol along with its query to indicate to M that it is the final request. We omit this technicality for simplicity.

References

  1. Abraham, I., Fletcher, C.W., Nayak, K., Pinkas, B., Ren, L.: Asymptotically tight bounds for composing ORAM with PIR. In: Fehr, S. (ed.) PKC 2017, Part I. LNCS, vol. 10174, pp. 91–120. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54365-8_5

    Chapter  Google Scholar 

  2. Ajtai, M., Komlós, J., Szemerédi, E.: An \(O(n \log n)\) sorting network. In: Proceedings of the Fifteenth Annual ACM Symposium on Theory of Computing, pp. 1–9 (1983)

    Google Scholar 

  3. Apon, D., Katz, J., Shi, E., Thiruvengadam, A.: Verifiable oblivious storage. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 131–148. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_8

    Chapter  Google Scholar 

  4. Arasu, A., et al.: Concerto: a high concurrency key-value store with integrity. In: Proceedings of the 2017 ACM International Conference on Management of Data, pp. 251–266 (2017)

    Google Scholar 

  5. Asharov, G., Komargodski, I., Lin, W.K., Nayak, K., Peserico, E., Shi, E.: OptORAMa: optimal oblivious RAM. J. ACM 70(1) (2022). https://doi.org/10.1145/3566049

  6. Asharov, G., Komargodski, I., Lin, W.K., Shi, E.: Oblivious RAM with worst-case logarithmic overhead. J. Cryptol. 36(2), 7 (2023). https://doi.org/10.1007/s00145-023-09447-5

  7. Ateniese, G., et al.: Provable data possession at untrusted stores. In: Ning, P., De Capitani di Vimercati, S., Syverson, P.F. (eds.) ACM CCS 2007, pp. 598–609. ACM Press, October 2007. https://doi.org/10.1145/1315245.1315318

  8. Batcher, K.E.: Sorting networks and their applications. In: Proceedings of the April 30–May 2, 1968, Spring Joint Computer Conference. AFIPS 1968 (Spring), New York, NY, USA, pp. 307–314. Association for Computing Machinery (1968). https://doi.org/10.1145/1468075.1468121

  9. Bindschaedler, V., Naveed, M., Pan, X., Wang, X., Huang, Y.: Practicing oblivious access on cloud storage: the gap, the fallacy, and the new way forward. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 837–849. ACM Press, October 2015. https://doi.org/10.1145/2810103.2813649

  10. Blass, E.-O., Mayberry, T., Noubir, G.: Multi-client oblivious RAM secure against malicious servers. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 686–707. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_34

    Chapter  Google Scholar 

  11. Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: 32nd FOCS, pp. 90–99. IEEE Computer Society Press, October 1991. https://doi.org/10.1109/SFCS.1991.185352

  12. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 668–679. ACM Press, October 2015. https://doi.org/10.1145/2810103.2813700

  13. Chan, T.-H.H., Chung, K.-M., Shi, E.: On the depth of oblivious parallel RAM. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 567–597. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_20

    Chapter  Google Scholar 

  14. Chan, T.-H.H., Guo, Y., Lin, W.-K., Shi, E.: Oblivious hashing revisited, and applications to asymptotically efficient ORAM and OPRAM. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 660–690. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_23

    Chapter  Google Scholar 

  15. Chan, T.-H.H., Nayak, K., Shi, E.: Perfectly secure oblivious parallel RAM. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 636–668. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_23

    Chapter  Google Scholar 

  16. Chow, S.S.M., Fech, K., Lai, R.W.F., Malavolta, G.: Multi-client oblivious RAM with poly-logarithmic communication. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 160–190. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_6

    Chapter  Google Scholar 

  17. Clarke, D.E., Suh, G.E., Gassend, B., Sudan, A., van Dijk, M., Devadas, S.: Towards constant bandwidth overhead integrity checking of untrusted data. In: 2005 IEEE Symposium on Security and Privacy, pp. 139–153. IEEE Computer Society Press, May 2005. https://doi.org/10.1109/SP.2005.24

  18. Connell, G.: Technology deep dive: building a faster ORAM layer for enclaves (2022). https://signal.org/blog/building-faster-oram/

  19. Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive, Report 2016/086 (2016). https://eprint.iacr.org/2016/086

  20. Damgård, I., Meldgaard, S., Nielsen, J.B.: Perfectly secure oblivious RAM without random oracles. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 144–163. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_10

    Chapter  Google Scholar 

  21. Dauterman, E., Fang, V., Demertzis, I., Crooks, N., Popa, R.A.: Snoopy: Surpassing the scalability bottleneck of oblivious storage. In: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles, pp. 655–671 (2021)

    Google Scholar 

  22. Devadas, S., van Dijk, M., Fletcher, C.W., Ren, L., Shi, E., Wichs, D.: Onion ORAM: a constant bandwidth blowup oblivious RAM. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 145–174. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_6

    Chapter  Google Scholar 

  23. Dwork, C., Naor, M., Rothblum, G.N., Vaikuntanathan, V.: How efficient can memory checking be? In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 503–520. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_30

    Chapter  Google Scholar 

  24. Fletcher, C.W., Dijk, M.v., Devadas, S.: A secure processor architecture for encrypted computation on untrusted programs. In: Proceedings of the seventh ACM Workshop on Scalable Trusted Computing, pp. 3–8 (2012)

    Google Scholar 

  25. Fletcher, C.W., Ren, L., Kwon, A., van Dijk, M., Devadas, S.: Freecursive oram: [nearly] free recursion and integrity verification for position-based oblivious ram. In: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems. ASPLOS 2015, New York, NY, USA, pp. 103–116. Association for Computing Machinery (2015). https://doi.org/10.1145/2694344.2694353, https://doi.org/10.1145/2694344.2694353

  26. Franz, M., et al.: Oblivious outsourced storage with delegation. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 127–140. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_11

    Chapter  Google Scholar 

  27. Gentry, C., Halevi, S., Jutla, C., Raykova, M.: Private database access with HE-over-ORAM architecture. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 172–191. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_9

    Chapter  Google Scholar 

  28. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  29. Goodrich, M.T., Mitzenmacher, M.: Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 576–587. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22012-8_46

    Chapter  Google Scholar 

  30. Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX 2001, vol. 2, pp. 68–82. IEEE (2001)

    Google Scholar 

  31. Hall, W.E., Jutla, C.S.: Parallelizable authentication trees. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 95–109. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_7

    Chapter  Google Scholar 

  32. Hoang, T., Guajardo, J., Yavuz, A.A.: MACAO: a maliciously-secure and client-efficient active ORAM framework. In: NDSS 2020. The Internet Society, February 2020

    Google Scholar 

  33. Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In: NDSS 2012. The Internet Society, February 2020

    Google Scholar 

  34. Juels, A., Kaliski Jr., B.S.: PORS: proofs of retrievability for large files. In: Ning, P., De Capitani di Vimercati, S., Syverson, P.F. (eds.) ACM CCS 2007, pp. 584–597. ACM Press, October 2007. https://doi.org/10.1145/1315245.1315317

  35. Katz, J., Koo, C.Y.: On constructing universal one-way hash functions from arbitrary one-way functions. Cryptology ePrint Archive, Report 2005/328 (2005). https://eprint.iacr.org/2005/328

  36. Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp. 723–732. ACM Press, May 1992. https://doi.org/10.1145/129712.129782

  37. Komargodski, I., Lin, W.-K.: A logarithmic lower bound for oblivious RAM (for All Parameters). In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 579–609. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_20

    Chapter  Google Scholar 

  38. Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in)security of hash-based oblivious RAM and a new balancing scheme. In: Rabani, Y. (ed.) 23rd SODA, pp. 143–156. ACM-SIAM, January 2012

    Google Scholar 

  39. Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious RAM lower bound! In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_18

    Chapter  Google Scholar 

  40. Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: ObliVM: a programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, pp. 359–376. IEEE Computer Society Press, May 2015. https://doi.org/10.1109/SP.2015.29

  41. Lu, S., Ostrovsky, R.: Distributed oblivious RAM for secure two-party computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 377–396. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_22

    Chapter  Google Scholar 

  42. Maffei, M., Malavolta, G., Reinert, M., Schröder, D.: Privacy and access control for outsourced personal records. In: 2015 IEEE Symposium on Security and Privacy, pp. 341–358. IEEE Computer Society Press, May 2015. https://doi.org/10.1109/SP.2015.28

  43. Maffei, M., Malavolta, G., Reinert, M., Schröder, D.: Maliciously secure multi-client ORAM. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 645–664. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_32

    Chapter  Google Scholar 

  44. Mathialagan, S., Vafa, N.: MacORAMa: Optimal Oblivious RAM with Integrity. Cryptology ePrint Archive, Paper 2023/083 (2023). https://eprint.iacr.org/2023/083

  45. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_21

    Chapter  Google Scholar 

  46. Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: an efficient oblivious search index. In: 2018 IEEE Symposium on Security and Privacy, pp. 279–296. IEEE Computer Society Press, May 2018. https://doi.org/10.1109/SP.2018.00045

  47. Naor, M., Rothblum, G.N.: The complexity of online memory checking. J. ACM (JACM) 56(1), 1–46 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  48. Nissim, K., Naor, M.: Certificate revocation and certificate update. In: Rubin, A.D. (ed.) USENIX Security 98. USENIX Association, January 1998

    Google Scholar 

  49. Oprea, A., Reiter, M.K.: Integrity checking in cryptographic file systems with constant trusted storage. In: Provos, N. (ed.) USENIX Security 2007. USENIX Association, August 2007

    Google Scholar 

  50. Ostrovsky, R., Shoup, V.: Private information storage (extended abstract). In: 29th ACM STOC, pp. 294–303. ACM Press, May 1997. https://doi.org/10.1145/258533.258606

  51. Pagh, R., Rodler, F.F.: Cuckoo hashing. J. Algorithms 51(2), 122–144 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  52. Papamanthou, C., Tamassia, R.: Optimal and parallel online memory checking. Cryptology ePrint Archive, Report 2011/102 (2011). https://eprint.iacr.org/2011/102

  53. Patel, S., Persiano, G., Raykova, M., Yeo, K.: PanORAMa: oblivious RAM with logarithmic overhead. In: Thorup, M. (ed.) 59th FOCS, pp. 871–882. IEEE Computer Society Press, October 2018. https://doi.org/10.1109/FOCS.2018.00087

  54. Ren, L., Fletcher, C.W., Yu, X., van Dijk, M., Devadas, S.: Integrity verification for path oblivious-ram. In: 2013 IEEE High Performance Extreme Computing Conference (HPEC), pp. 1–6 (2013). https://doi.org/10.1109/HPEC.2013.6670339

  55. Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: 22nd ACM STOC, pp. 387–394. ACM Press, May 1990. https://doi.org/10.1145/100216.100269

  56. Shacham, H., Waters, B.: Compact proofs of retrievability. J. Cryptol. 26(3), 442–483 (2012). https://doi.org/10.1007/s00145-012-9129-2

    Article  MathSciNet  MATH  Google Scholar 

  57. Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_11

    Chapter  Google Scholar 

  58. Stefanov, E., et al.: Path ORAM: an extremely simple oblivious ram protocol. J. ACM 65(4) (2018). https://doi.org/10.1145/3177872

  59. Stefanov, E., Shi, E.: Multi-cloud oblivious storage. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 247–258. ACM Press, November 2013. https://doi.org/10.1145/2508859.2516673

  60. Wang, X.S., Huang, Y., Chan, T.H.H., Shelat, A., Shi, E.: SCORAM: oblivious RAM for secure computation. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 191–202. ACM Press, November 2014. https://doi.org/10.1145/2660267.2660365

  61. Zahur, S., Wang, X.S., Raykova, M., Gascón, A., Doerner, J., Evans, D., Katz, J.: Revisiting square-root ORAM: Efficient random access in multi-party computation. In: 2016 IEEE Symposium on Security and Privacy, pp. 218–234. IEEE Computer Society Press, May 2016. https://doi.org/10.1109/SP.2016.21

Download references

Acknowledgments

We are extremely grateful to Vinod Vaikuntanathan for suggesting this problem to us, engaging in many insightful discussions, and giving detailed feedback on our manuscript. We thank Ilan Komargodski for helpful discussions, especially about malicious security of Path ORAM. We thank Ran Canetti for helpful discussions about universal composability. We thank Moni Naor for helpful discussions about memory checking. We thank Alexandra Henzinger for giving valuable feedback on the manuscript. We also thank the anonymous reviewers for their many helpful comments.

Author information

Authors and Affiliations

  1. MIT, Cambridge, MA, 02139, USA

    Surya Mathialagan & Neekon Vafa

Authors
  1. Surya Mathialagan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Neekon Vafa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Surya Mathialagan .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mathialagan, S., Vafa, N. (2023). MacORAMa: Optimal Oblivious RAM with Integrity. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14084. Springer, Cham. https://doi.org/10.1007/978-3-031-38551-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38551-3_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38550-6

  • Online ISBN: 978-3-031-38551-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation