Top

Journal of Cryptology

Published in:

09-08-2018

Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness

Authors: Dana Dachman-Soled, Chang Liu, Charalampos Papamanthou, Elaine Shi, Uzi Vishkin

Published in: Journal of Cryptology | Issue 3/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted CPU to securely access untrusted memory, such that the access patterns reveal nothing about sensitive data. ORAM is known to have broad applications in secure processor design and secure multiparty computation for big data. Unfortunately, due to a logarithmic lower bound by Goldreich and Ostrovsky (J ACM 43(3):431–473, 1996), ORAM is bound to incur a moderate cost in practice. In particular, with the latest developments in ORAM constructions, we are quickly approaching this limit, and the room for performance improvement is small. In this paper, we consider new models of computation in which the cost of obliviousness can be fundamentally reduced in comparison with the standard ORAM model. We propose the oblivious network RAM model of computation, where a CPU communicates with multiple memory banks, such that the adversary observes only which bank the CPU is communicating with, but not the address offset within each memory bank. In other words, obliviousness within each bank comes for free—either because the architecture prevents a malicious party from observing the address accessed within a bank, or because another solution is used to obfuscate memory accesses within each bank—and hence we only need to obfuscate communication patterns between the CPU and the memory banks. We present new constructions for obliviously simulating general or parallel programs in the network RAM model. We describe applications of our new model in distributed storage applications with a network adversary.

previous article Beyond Conventional Security in Sponge-Based Authenticated Encryption Modes

next article Efficient Fully Structure-Preserving Signatures and Shrinking Commitments

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Every memory word must be large enough to store the logical memory address.

In fact, it is possible to use here a k-wise independent hash function, instead of a PRF, as long as k is sufficiently large. In particular, we must choose k so that the k-wise independent hash function “fools” Chernoff bounds. As shown in the seminal work of [40], this can be achieved by setting \(k := k(N)\) for any function such that \(k(N) \in \omega (\log N)\). In fact, “almost” k-wise independent hash functions [1] can also be used for load-balancing. Leveraging the analysis from [36], it can be shown that such hash function can be constructed such that every invocation is \({{\mathrm{poly}}}(\log \log N)\) cost per evaluation. In this paper, our model assumes that the cost to evaluate the hash is a unit cost.

Our setting does not require all properties of a fully deamortized Cuckoo hash table. First, we require only static hashing and second, since we execute all insertions/lookups in batches of size P, we require only that any batch of P insertions/lookups (for an arbitrary set of keys that may include duplicates), takes time O(P) with all but negligible probability.

N. Alon, O. Goldreich, Y. Mansour. Almost k-wise independence versus k-wise independence. Inf. Process. Lett. 88(3), 107–110 (2003)

Y. Arbitman, M. Naor, G. Segev. De-amortized cuckoo hashing: provable worst-case performance and experimental results, in Automata, Languages and Programming, 36th International Colloquium, ICALP 2009, Rhodes, Greece, July 5–12, 2009, Proceedings, Part I (2009), pp. 107–118

S. Bajaj, R. Sion. Trusteddb: a trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng. 26(3), 752–765 (2014)CrossRef

H. Bast, T. Hagerup. Fast parallel space allocation, estimation, and integer sorting. Inf. Comput. 123(1), 72–110 (1995)

H. Bast, T. Hagerup. Fast and reliable parallel hashing, in SPAA (1991), pp. 50–61

D. Boneh, D. Mazieres, R.A. Popa. Remote oblivious storage: making oblivious RAM practical (2011). http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf

E. Boyle, K.-M. Chung, R. Pass. Oblivious parallel ram. https://eprint.iacr.org/2014/594.pdf

K.-M. Chung, Z. Liu, R. Pass. Statistically-secure oram with \(\tilde{O}(\log ^2 n)\) overhead. CoRR. arXiv:1307.3699 (2013)

C.W. Fletcher, M. van Dijk, S. Devadas. A secure processor architecture for encrypted computation on untrusted programs, in STC (2012)

10.

C.W. Fletcher, L. Ren, A. Kwon, M. Van Dijk, E. Stefanov, D.N. Serpanos, S. Devadas. A low-latency, low-area hardware oblivious RAM controller, in 23rd IEEE Annual International Symposium on Field-Programmable Custom Computing Machines, FCCM 2015, Vancouver, BC, Canada, May 2–6 (2015), pp. 215–222. https://doi.org/10.1109/FCCM.2015.58

11.

C.W. Fletcher, L. Ren, A. Kwon, M. van Dijk, E. Stefanov, S. Devadas. RAW path ORAM: a low-latency, low-area hardware ORAM controller with integrity verification, in IACR Cryptology ePrint Archive, vol. 431 (2014)

12.

C.W. Fletcher, L. Ren, X. Yu, M. van Dijk, O. Khan, S. Devadas. Suppressing the oblivious RAM timing channel while making information leakage and program efficiency trade-offs, in HPCA (2014), pp. 213–224

13.

C. Gentry, K.A. Goldman, S. Halevi, C.S. Jutla, M. Raykova, D. Wichs. Optimizing ORAM and using it efficiently for secure computation, in Privacy Enhancing Technologies Symposium (PETS) (2013)

14.

C. Gentry, S. Halevi, S. Lu, R. Ostrovsky, M. Raykova, D. Wichs. Garbled ram revisited, in Advances in Cryptology—EUROCRYPT 2014, vol. 8441 (2014), pp. 405–422

15.

C. Gentry, S. Halevi, M. Raykova, D. Wichs. Garbled ram revisited, part i. Cryptology ePrint Archive, Report 2014/082, 2014. http://eprint.iacr.org/

16.

C. Gentry, S. Halevi, M. Raykova, D. Wichs. Outsourcing private ram computation. IACR Cryptology ePrint Archive, vol. 148 (2014)

17.

F. Ghanim, U. Vishkin, R. Barua. Easy PRAM-based high-performance parallel programming with ICE. IEEE Trans. Parallel Distrib. Syst. 29(2), 377–390 (2018). https://doi.org/10.1109/TPDS.2017.2754376 CrossRef

18.

J. Gil, Y. Matias, U. Vishkin. Towards a theory of nearly constant time parallel algorithms, in 32nd Annual Symposium on Foundations of Computer Science (FOCS) (1991), pp. 698–710

19.

O. Goldreich. Towards a theory of software protection and simulation by oblivious RAMs, in ACM Symposium on Theory of Computing (STOC) (1987)

20.

O. Goldreich, R. Ostrovsky. Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)

21.

M.T. Goodrich, D.S. Hirschberg, M. Mitzenmacher, J. Thaler. Fully de-amortized cuckoo hashing for cache-oblivious dictionaries and multimaps. CoRR. arXiv:1107.4378 (2011)

22.

M.T. Goodrich, D.S. Hirschberg, M. Mitzenmacher, J. Thaler. Cache-oblivious dictionaries and multimaps with negligible failure probability, in G. Even, D. Rawitz, editors, Design and Analysis of Algorithms—First Mediterranean Conference on Algorithms, MedAlg 2012, Kibbutz Ein Gedi, Israel, December 3–5, 2012. Proceedings. LNCS, vol. 7659 (Springer, 2012), pp. 203–218

23.

M.T. Goodrich, M. Mitzenmacher. Privacy-preserving access of outsourced data via oblivious RAM simulation, in ICALP (2011)

24.

M.T. Goodrich, M. Mitzenmacher, O. Ohrimenko, R. Tamassia. Practical oblivious storage, in ACM Conference on Data and Application Security and Privacy (CODASPY) (2012)

25.

M.T. Goodrich, M. Mitzenmacher, O. Ohrimenko, R. Tamassia. Privacy-preserving group data access via stateless oblivious RAM simulation, in SODA (2012)

26.

S.D. Gordon, J. Katz, V. Kolesnikov, F. Krell, T. Malkin, M. Raykova, Y. Vahlis. Secure two-party computation in sublinear (amortized) time, in ACM CCS (2012)

27.

T. Hagerup. The log-star revolution, in STACS 92, 9th Annual Symposium on Theoretical Aspects of Computer Science, Cachan, France, February 13–15, 1992, Proceedings (1992), pp. 259–278

28.

A. Kirsch, M. Mitzenmacher, U. Wieder. More robust hashing: cuckoo hashing with a stash, in Algorithms—ESA 2008, 16th Annual European Symposium, Karlsruhe, Germany, September 15–17, 2008. Proceedings (2008), pp. 611–622.

29.

E. Kushilevitz, S. Lu, R. Ostrovsky. On the (in)security of hash-based oblivious RAM and a new balancing scheme, in SODA (2012)

30.

C. Liu, Y. Huang, E. Shi, J. Katz, M. Hicks. Automating efficient ram-model secure computation, in IEEE S & P (IEEE Computer Society, 2014)

31.

S. Lu, R. Ostrovsky. Distributed oblivious RAM for secure two-party computation, in Theory of Cryptography Conference (TCC) (2013)

32.

S. Lu, R. Ostrovsky. How to garble ram programs, in EUROCRYPT (2013), pp. 719–734

33.

S. Lu, R. Ostrovsky. Garbled ram revisited, part ii. Cryptology ePrint Archive, Report 2014/083, 2014. http://eprint.iacr.org/

34.

M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, D. Song. Phantom: practical oblivious computation in a secure processor, in CCS (2013)

35.

M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, D. Song. A high-performance oblivious RAM controller on the convey hc-2ex heterogeneous computing platform, in Workshop on the Intersections of Computer Architecture and Reconfigurable Logic (CARL) (2013)

36.

R. Meka, O. Reingold, G.N. Rothblum, R.D. Rothblum. Fast pseudorandomness for independence and load balancing—(extended abstract), in Automata, Languages, and Programming - 41st International Colloquium, ICALP 2014, Copenhagen, Denmark, July 8–11, 2014, Proceedings, Part I (2014), pp. 859–870

37.

R. Ostrovsky, V. Shoup. Private information storage (extended abstract), in ACM Symposium on Theory of Computing (STOC) (1997)

38.

R. Pagh, F.F. Rodler. Cuckoo hashing. J. Algorithms 51(2), 122–144 (2004)

39.

L. Ren, X. Yu, C.W. Fletcher, M. van Dijk, S. Devadas. Design space exploration and optimization of path oblivious RAM in secure processors, in ISCA (2013), pp. 571–582

40.

J.P. Schmidt, A. Siegel, A. Srinivasan. Chernoff-hoeffding bounds for applications with limited independence. SIAM J. Discrete Math. 8(2), 223–250 (1995)MathSciNetCrossRefMATH

41.

E. Shi, T.-H. Hubert Chan, E. Stefanov, M. Li. Oblivious RAM with \(O((\log N)^3)\) worst-case cost, in ASIACRYPT (2011)

42.

E. Stefanov, E. Shi. Oblivistore: high performance oblivious cloud storage, in IEEE Symposium on Security and Privacy (S & P) (2013)

43.

E. Stefanov, E. Shi, D. Song. Towards practical oblivious RAM, in NDSS (2012)

44.

E. Stefanov, M. van Dijk, E. Shi, T.-H.H. Chan, C. Fletcher, L. Ren, X. Yu, S. Devadas. Path ORAM: an extremely simple oblivious ram protocol, in ACM CCS (2013)

45.

U. Vishkin. Can parallel algorithms enhance seriel implementation? Commun. ACM 39(9), 88–91 (1996)CrossRef

46.

U. Vishkin. Using simple abstraction to reinvent computing for parallelism. Commun. ACM 54(1), 75–85 (2011)CrossRef

47.

X.S. Wang, T.-H.H. Chan, E. Shi. Circuit ORAM: on tightness of the Goldreich–Ostrovksy lower bound. http://eprint.iacr.org/2014/672.pdf

48.

X.S. Wang, Y. Huang, T.-H.H. Chan, A. Shelat, E. Shi. Scoram: oblivious ram for secure computation. http://eprint.iacr.org/2014/671.pdf

49.

P. Williams, R. Sion. Usable PIR, in Network and Distributed System Security Symposium (NDSS) (2008)

50.

P. Williams, R. Sion. SR-ORAM: single round-trip oblivious ram, in ACM Conference on Computer and Communications Security (CCS) (2012)

51.

P. Williams, R. Sion, B. Carbunar. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage, in CCS (2008)

52.

P. Williams, R. Sion, A. Tomescu. PrivateFS: A parallel oblivious file system, in CCS (2012)

53.

X. Yu, S.K. Haider, L. Ren, C.W. Fletcher, A. Kwon, M. van Dijk, S. Devadas. Program: dynamic prefetcher for oblivious RAM, in Proceedings of the 42nd Annual International Symposium on Computer Architecture, Portland, OR, USA, June 13–17, 2015 (2015), pp. 616–628

Title: Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness
Authors: Dana Dachman-Soled
Chang Liu
Charalampos Papamanthou
Elaine Shi
Uzi Vishkin
Publication date: 09-08-2018
Publisher: Springer US
Published in: Journal of Cryptology / Issue 3/2019
Print ISSN: 0933-2790
Electronic ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-018-9301-4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2019

The Magic of ELFs

On Black-Box Complexity of Universally Composable Security in the CRS Model

Efficient Fully Structure-Preserving Signatures and Shrinking Commitments

Koblitz Curves over Quadratic Fields

Probabilistic Termination and Composability of Cryptographic Protocols

Leakage Resilience from Program Obfuscation

Premium Partner