Succinct Adaptive Garbled RAM

We show how to garble a large persistent database and then garble, one by one, a sequence of adaptively and adversarially chosen RAM programs that query and modify the database in arbitrary ways. Still, it is guaranteed that the garbled database and programs reveal only the outputs of the programs when run in sequence on the database. The runtime, space requirements and description size of the garbled programs are proportional only to those of the plaintext programs and the security parameter. We assume indistinguishability obfuscation for circuits and poly-to-one collision-resistant hash functions. The latter can be constructed based on standard algebraic assumptions such as the hardness of discrete log or factoring. In contrast, all previous garbling schemes with persistent data were shown secure only in the static setting where all the programs are known in advance. As an immediate application, our scheme is the first to provide a way to outsource large databases to untrusted servers, and later query and update the database over time in a private and verifiable way, with complexity and description size proportional to those of the unprotected queries. Our scheme extends the non-adaptive RAM garbling scheme of Canetti and Holmgren [ITCS 2016]. We also define and use a new primitive, called adaptive accumulators, which is an adaptive alternative to the positional accumulators of Koppula et al [STOC 2015] and somewhere statistical binding hashing of Hubáček and Wichs [ITCS 2015]. This primitive might well be useful elsewhere. ∗Tel-Aviv University and Boston University, [email protected]. Supported by the Check Point Institute for Information Security, ISF grant 1523/14, and NSF Frontier CNS1413920 and 1218461 grants. †Boston University, [email protected]. Supported by NSF grants CNS-1012798, CNS-1012910, CNS1413920 and AF-1218461. Research conducted while at SRI International funded by NSF grant CNS-1421102. ‡MIT, [email protected]. Supported by NSF Frontier CNS1413920. §Yale University, SRI, [email protected]. Supported by NSF grant CNS-1421102 and DARPA SafeWare.