Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM
نویسندگان
چکیده
We present Onion ORAM, an Oblivious RAM (ORAM) with constant worst-case bandwidthblowup that leverages poly-logarithmic server computation to circumvent the logarithmic lowerbound on ORAM bandwidth blowup. Our construction does not require fully homomorphicencryption, but employs an additively homomorphic encryption scheme such as the Damg̊ard-Jurik cryptosystem, or alternatively a BGV-style somewhat homomorphic encryption schemewithout bootstrapping. At the core of our construction is an ORAM scheme that has “shallowcircuit depth” over the entire history of ORAM accesses. We also propose novel techniques toachieve security against a malicious server, without resorting to expensive and non-standardtechniques such as SNARKs. To the best of our knowledge, Onion ORAM is the first concreteinstantiation of a constant bandwidth blowup ORAM under standard assumptions (even for thesemi-honest setting).
منابع مشابه
Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM
Known Oblivious RAM (ORAM) constructions achieve either optimal bandwidth blowup or optimal latency (as measured by online roundtrips), but not both. We are the first to demonstrate an ORAM scheme, called Bucket ORAM, which attains the best of both worlds. Bucket ORAM simultaneously achieves a single online roundtrip as well as constant overall bandwidth blowup.
متن کاملSORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing∗
Oblivious Random Access Machine (ORAM) enables a client to access her data without leaking her access patterns. Existing client-efficient ORAMs either achieve O(logN) client-server communication blowup without heavy computation, or O(1) blowup but with expensive homomorphic encryptions. It has been shown that O(logN) bandwidth blowup might not be practical for certain applications, while scheme...
متن کاملAsymptotically Tight Bounds for Composing ORAM with PIR
Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted client to outsource storage to an untrusted server while hiding the client’s memory access patterns to the server. The last three decades of research on ORAMs have reduced the bandwidth blowup of ORAM schemes from O( √ N) to O(1). However, all schemes that achieve a bandwidth blowup smaller than O(logN) use expensive comput...
متن کاملAn Oblivious Parallel RAM with O(log2 N) Parallel Runtime Blowup
Oblivious RAM (ORAM) is a cryptographic primitive that allows a client to access memory locations from a server without revealing its access patterns. Oblivious Parallel RAM (OPRAM) is a PRAM counterpart of Oblivious RAM, i.e., it allows m clients that trust each other to simultaneously access data from a server without revealing their access patterns. The best known OPRAM scheme [2, 3] achieve...
متن کاملAn Oblivious Parallel RAM with O(logN) Parallel Runtime
Oblivious RAM (ORAM) is a cryptographic primitive that allows a client to access memory locations from a server without revealing its access patterns. Oblivious Parallel RAM (OPRAM) is a PRAM counterpart of Oblivious RAM, i.e., it allows m clients that trust each other to simultaneously access data from a server without revealing their access patterns. The best known OPRAM scheme [1, 2] achieve...
متن کامل