AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
We created two variants of our Oblivious Random Access Memory, one using the basic construction described in Section 4, and the other using the CPRG method from Section 5
Scaling ORAM for Secure Computation.
CCS, (2017): 523-535
We design and implement a Distributed Oblivious Random Access Memory (DORAM) data structure that is optimized for use in two-party secure computation protocols. We improve upon the access time of previous constructions by a factor of up to ten, their memory overhead by a factor of one hundred or more, and their initialization time by a fa...More
PPT (Upload PPT)
- In spite of the substantial improvements to the efficiency of twoparty secure computation protocols, they still encounter major obstacles when evaluating many types of functions.
- Due to the heavy influence of the FSS scheme and the fact that the computation parties make local linear scans of the memory for each operation, the authors call the ORAM construction Function-secret-sharing Linear ORAM, or Floram.
- In spite of the substantial improvements to the efficiency of twoparty secure computation protocols, they still encounter major obstacles when evaluating many types of functions
- A data-dependent memory access is an access to an element within an array, at an index i that is computed from some secret input
- Though many variations of Multi-Party Computation have been developed in its thirtyplus year history, and it is likely possible to adapt our work to suit a significant subset of them, this paper focuses on Yao’s Garbled Circuits [51, 52]
- We made use of Obliv-C-based Square-root and Circuit Oblivious Random Access Memory implementations that were provided by the original authors of those works and are identical to the ones reported on previously by Zahur et al 
- We created two variants of our Oblivious Random Access Memory, one using the basic construction described in Section 4, and the other using the CPRG method from Section 5
- For ORAMS with element sizes greater than 128 bits, we perform an additional expansion and correction stage after the last layer of the function secret sharing in order to enlarge the blocks to the correct length
- Each access requires a single FSS Gen execution within the secure context, incurring O communication and secure computation, followed by the evaluation of the DPF at all points in its domain, incurring O (n) local computation by both parties.
- In previous Square-root ORAM constructions, stash scan and amortized refresh operations accounted for the vast majority of per-access cost; in having provided asymptotic improvements to both, the authors have made the new ORAM far more suitable than its predecessors for handling large data sizes.
- Circuit ORAMs could achieve initialization performance similar to that of Zahur et al.’s construction, at best.3 the local component of the ORAM is highly parallelizable, no equivalent parallelization scheme for the secure component is possible.
- The costliest single component of the scheme is the repeated evaluation of the PRG function within the secure computation of the FSS Gen algorithm.
- The authors present an optimization that can be used to achieve a significant constant-factor speed improvement relative to a naïve implementation by outsourcing the evaluations of the PRG in the FSS Gen algorithm to Alice and Bob. That is, instead of Alice and Bob performing a single secure computation which uses O PRG expansions to compute their shares of the FSS key, the authors instead divide Gen into m = log2 n iterative computations that compute the FSS key one part at a time.
- The use of ORAM for performing binary searches was first considered by Gordon et al , who reported that searching a database of 220 64-byte elements required roughly 1000 seconds.6 The authors' ORAM benchmark procedure is derived from that used by Square-root ORAM : first, the data is loaded from secure computation into an ORAM, and a number of searches are performed.
- Linear scan has a special advantage: because it touches each element in the memory, it requires only a single semantic access to perform a search.
- The authors' scheme achieves this due to the fact that, considering initialization and a single access, only two full scans of XOR shares are required, whereas in the context of Yao’s Garbled Circuits a linear scan requires iterating over wire labels that are at least eighty times larger than the equivalent secret-shared representation.
- Table1: Access and Initialization Complexities. Complexities include amortized refresh operations where relevant. Florom refers an instantiation of Floram with a stash size of zero (i.e. one which has recently been refreshed); due to the fact that only writes increase the stash size, refreshes can be forced before long sequences of reads to achieve these complexities
- Table2: Binary Search Benchmark Results. We measured the wallclock time required for s searches through n 16-byte data elements, including initialization. Figures are averages in seconds from 30 samples for databases of 215 elements, or 3 samples for larger databases. Linear scan figures are estimated from results in Section 6.1
- Table3: Roth-Peranson Benchmark Results. Our wall-clock time result for Square-root ORAM differs from that presented by Doerner et al [<a class="ref-link" id="c16" href="#r16">16</a>]; this is due to differences in benchmarking environments used
- 200Advanced Encryption Standard. (2001).
- Ittai Abraham, Christopher W. Fletcher, Kartik Nayak, Benny Pinkas, and Ling Ren. 2017. Asymptotically Tight Bounds for Composing ORAM with PIR. In PKC.
- Ken Batcher. 1968. Sorting Networks and Their Applications. In Spring Joint Computer Conference.
- Donald Beaver, Silvio Micali, and Phillip Rogaway. 1990. The Round Complexity of Secure Protocols. In ACM STOC.
- Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. 2013. Efficient Garbling from a Fixed-Key Blockcipher. In IEEE S&P.
- Marina Blanton, Aaron Steele, and Mehrdad Alisagari. 2013. Data-oblivious Graph Algorithms for Secure Computation and Outsourcing. In ACM Asia CCS.
- Dan Boneh, David Mazieres, and Raluca Ada Popa. 2011. Remote Oblivious Storage: Making Oblivious RAM practical. http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf. (2011).
- Joan Boyar and René Peralta. 2010. A New Combinational Logic Minimization Technique with Applications to Cryptology. In Lecture Notes in Computer Science.
- Joan Boyar and René Peralta. 2012. A Small Depth-16 Circuit for the AES S-Box.
- Elette Boyle, Kai-Min Chung, and Rafael Pass. 2016. Oblivious Parallel RAM and Applications. In TCC.
- Elette Boyle, Niv Gilboa, and Yuval Ishai. 2015. Function Secret Sharing. In EUROCRYPT.
- Elette Boyle, Niv Gilboa, and Yuval Ishai. 2016. Function Secret Sharing: Improvements and Extensions. In ACM CCS.
- Kai-Min Chung, Zhenming Liu, and Rafael Pass. 20Statistically-secure ORAM with O (log2 n) Overhead. arXiv preprint arXiv:1307.3699 (2013).
- Ivan Damgård, Sigurd Meldgaard, and Jesper Buus Nielsen. 2011. Perfectly Secure Oblivious RAM without Random Oracles. In TCC.
- Srinivas Devadas, Marten van Dijk, Christopher W. Fletcher, Ling Ren, Elaine Shi, and Daniel Wichs. 2016. Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM. In TCC.
- Jack Doerner, David Evans, and abhi shelat. 20Secure Stable Matching at Scale. In ACM CCS.
- Niv Gilboa and Yuval Ishai. 2014. Distributed Point Functions and Their Applications.
- Oded Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In ACM STOC.
- Oded Goldreich and Rafail Ostrovsky. 1996. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM 43, 3 (1996).
- Michael T. Goodrich and Michael Mitzenmacher. 2011. Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation. In ICALP.
- Michael T. Goodrich, Michael Mitzenmacher, Olga Ohrimenko, and Roberto Tamassia. 2011. Oblivious RAM Simulation with Efficient Worst-Case Access Overhead. In ACM CCSW.
- Michael T. Goodrich, Michael Mitzenmacher, Olga Ohrimenko, and Roberto Tamassia. 2012. Privacy-preserving group data access via stateless oblivious RAM simulation. In ACM-SIAM SODA.
- Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Fernando Krell, Tal Malkin, Mariana Raykova, and Yevgeniy Vahlis. 2012. Secure Two-party Computation in Sublinear (Amortized) Time. In ACM CCS.
- Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 2011. Faster Secure Two-party Computation Using Garbled Circuits. In USENIX Security Symposium.
- Jack Doerner and abhi shelat. 2017. Scaling ORAM for Secure Computation. Cryptology ePrint Archive, Report 2017/827. https://eprint.iacr.org/2017/827.pdf.
- Zahra Jafargholi and Daniel Wichs. 2016. Adaptive Security of Yao’s Garbled
- Marcel Keller and Peter Scholl. 2014.
- Vladimir Kolesnikov and Thomas Schneider. 2008. Improved Garbled Circuit: Free XOR Gates and Applications. In ICALP.
- Eyal Kushilevitz, Steve Lu, and Rafail Ostrovsky. 2012. On the (In)security of
- Yehuda Lindell and Benny Pinkas. 2009. A Proof of Security of Yao’s Protocol for Two-Party Computation. Journal of Cryptology 22, 2 (2009).
- Steve Lu and Rafail Ostrovsky. 2013. Distributed Oblivious RAM for Secure Two-Party Computation.
- Valeria Nikolaenko, Udi Weinsberg, Stratis Ioannidis, Marc Joye, Dan Boneh, and Nina Taft. 2013. Privacy-Preserving Ridge Regression on Hundreds of Millions of Records. In IEEE S&P.
- Rafail Ostrovsky. 1990. Efficient computation on oblivious RAMs. In ACM STOC.
- Rafail Ostrovsky and Victor Shoup. 1997. Private Information Storage (Extended Abstract). In ACM STOC.
- Benny Pinkas and Tzachy Reinman. 2010. Oblivious RAM revisited. In CRYPTO.
- Benny Pinkas, Thomas Schneider, Nigel P. Smart, and Stephen C. Williams. 2009. Secure Two-Party Computation Is Practical. In ASIACRYPT.
- Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (Nov. 1979).
- Elaine Shi, T.-H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O ((log N )3) Worst-Case Cost. In ASIACRYPT.
- Emil Stefanov, Marten Van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: an Extremely Simple Oblivious RAM Protocol. In ACM CCS.
- Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: an Extremely Simple Oblivious RAM Protocol. In ACM CCS.
- Abraham Waksman. 1968. A Permutation Network. Journal of the ACM 15, 1 (Jan. 1968).
- Xiao Wang, Hubert Chan, and Elaine Shi. 2015. Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. In ACM CCS.
- Xiao Wang, Yan Huang, Hubert Chan, Abhi Shelat, and Elaine Shi. 2014. SCORAM: Oblivious RAM for Secure Computation. In ACM CCS.
- Xiao Wang, Yan Huang, Yongan Zhao, Haixu Tang, XiaoFeng Wang, and Diyue Bu. 2015. Efficient Genome-Wide, Privacy-Preserving Similar Patient Query Based on Private Edit Distance. In ACM CCS.
- Peter Williams and Radu Sion. 2008. Usable PIR. In NDSS.
- Peter Williams and Radu Sion. 2012. Round-Optimal Access Privacy on Outsourced Storage. In ACM CCS.
- Peter Williams, Radu Sion, and Bogdan Carbunar. 2008. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In ACM CCS.
- R. S. Winternitz. 1984. A Secure One-Way Hash Function Built from DES. In IEEE S&P.
- Johannes Wolkerstorfer, Elisabeth Oswald, and Mario Lamberger. 2002. An ASIC Implementation of the AES SBoxes. In RSA Conference on Topics in Cryptology.
- David Woodruff and Sergey Yekhanin. 2005. A Geometric Approach to Information-Theoretic Private Information Retrieval. In Proceedings of the 20th Annual IEEE Conference on Computational Complexity.
- Andrew Chi-Chih Yao. 1982. Protocols for Secure Computations. In IEEE FOCS.
- Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets (Extended Abstract). In IEEE FOCS.
- Samee Zahur and David Evans. 2015. Obliv-C: A Lightweight Compiler for Data-Oblivious Computation. Cryptology ePrint Archive, Report 2015/11http://oblivc.org. (2015).
- Samee Zahur, Mike Rosulek, and David Evans. 2015. Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits Using Half Gates. In EUROCRYPT.
- Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, and Jonathan Katz. 2016. Revisiting Square Root ORAM: Efficient Random Access in Multi-Party Computation. In IEEE S&P.