AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We created two variants of our Oblivious Random Access Memory, one using the basic construction described in Section 4, and the other using the CPRG method from Section 5

Scaling ORAM for Secure Computation.

CCS, (2017): 523-535

Cited by: 90|Views285
EI

Abstract

We design and implement a Distributed Oblivious Random Access Memory (DORAM) data structure that is optimized for use in two-party secure computation protocols. We improve upon the access time of previous constructions by a factor of up to ten, their memory overhead by a factor of one hundred or more, and their initialization time by a fa...More

Code:

Data:

Introduction
  • In spite of the substantial improvements to the efficiency of twoparty secure computation protocols, they still encounter major obstacles when evaluating many types of functions.
  • Due to the heavy influence of the FSS scheme and the fact that the computation parties make local linear scans of the memory for each operation, the authors call the ORAM construction Function-secret-sharing Linear ORAM, or Floram.
Highlights
  • In spite of the substantial improvements to the efficiency of twoparty secure computation protocols, they still encounter major obstacles when evaluating many types of functions
  • A data-dependent memory access is an access to an element within an array, at an index i that is computed from some secret input
  • Though many variations of Multi-Party Computation have been developed in its thirtyplus year history, and it is likely possible to adapt our work to suit a significant subset of them, this paper focuses on Yao’s Garbled Circuits [51, 52]
  • We made use of Obliv-C-based Square-root and Circuit Oblivious Random Access Memory implementations that were provided by the original authors of those works and are identical to the ones reported on previously by Zahur et al [55]
  • We created two variants of our Oblivious Random Access Memory, one using the basic construction described in Section 4, and the other using the CPRG method from Section 5
  • For ORAMS with element sizes greater than 128 bits, we perform an additional expansion and correction stage after the last layer of the function secret sharing in order to enlarge the blocks to the correct length
Results
  • Each access requires a single FSS Gen execution within the secure context, incurring O communication and secure computation, followed by the evaluation of the DPF at all points in its domain, incurring O (n) local computation by both parties.
  • In previous Square-root ORAM constructions, stash scan and amortized refresh operations accounted for the vast majority of per-access cost; in having provided asymptotic improvements to both, the authors have made the new ORAM far more suitable than its predecessors for handling large data sizes.
  • Circuit ORAMs could achieve initialization performance similar to that of Zahur et al.’s construction, at best.3 the local component of the ORAM is highly parallelizable, no equivalent parallelization scheme for the secure component is possible.
  • The costliest single component of the scheme is the repeated evaluation of the PRG function within the secure computation of the FSS Gen algorithm.
  • The authors present an optimization that can be used to achieve a significant constant-factor speed improvement relative to a naïve implementation by outsourcing the evaluations of the PRG in the FSS Gen algorithm to Alice and Bob. That is, instead of Alice and Bob performing a single secure computation which uses O PRG expansions to compute their shares of the FSS key, the authors instead divide Gen into m = log2 n iterative computations that compute the FSS key one part at a time.
  • The use of ORAM for performing binary searches was first considered by Gordon et al [23], who reported that searching a database of 220 64-byte elements required roughly 1000 seconds.6 The authors' ORAM benchmark procedure is derived from that used by Square-root ORAM [55]: first, the data is loaded from secure computation into an ORAM, and a number of searches are performed.
Conclusion
  • Linear scan has a special advantage: because it touches each element in the memory, it requires only a single semantic access to perform a search.
  • The authors' scheme achieves this due to the fact that, considering initialization and a single access, only two full scans of XOR shares are required, whereas in the context of Yao’s Garbled Circuits a linear scan requires iterating over wire labels that are at least eighty times larger than the equivalent secret-shared representation.
Tables
  • Table1: Access and Initialization Complexities. Complexities include amortized refresh operations where relevant. Florom refers an instantiation of Floram with a stash size of zero (i.e. one which has recently been refreshed); due to the fact that only writes increase the stash size, refreshes can be forced before long sequences of reads to achieve these complexities
  • Table2: Binary Search Benchmark Results. We measured the wallclock time required for s searches through n 16-byte data elements, including initialization. Figures are averages in seconds from 30 samples for databases of 215 elements, or 3 samples for larger databases. Linear scan figures are estimated from results in Section 6.1
  • Table3: Roth-Peranson Benchmark Results. Our wall-clock time result for Square-root ORAM differs from that presented by Doerner et al [<a class="ref-link" id="c16" href="#r16">16</a>]; this is due to differences in benchmarking environments used
Download tables as Excel
Reference
  • 200Advanced Encryption Standard. (2001).
    Google ScholarFindings
  • Ittai Abraham, Christopher W. Fletcher, Kartik Nayak, Benny Pinkas, and Ling Ren. 2017. Asymptotically Tight Bounds for Composing ORAM with PIR. In PKC.
    Google ScholarFindings
  • Ken Batcher. 1968. Sorting Networks and Their Applications. In Spring Joint Computer Conference.
    Google ScholarLocate open access versionFindings
  • Donald Beaver, Silvio Micali, and Phillip Rogaway. 1990. The Round Complexity of Secure Protocols. In ACM STOC.
    Google ScholarLocate open access versionFindings
  • Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway. 2013. Efficient Garbling from a Fixed-Key Blockcipher. In IEEE S&P.
    Google ScholarLocate open access versionFindings
  • Marina Blanton, Aaron Steele, and Mehrdad Alisagari. 2013. Data-oblivious Graph Algorithms for Secure Computation and Outsourcing. In ACM Asia CCS.
    Google ScholarLocate open access versionFindings
  • Dan Boneh, David Mazieres, and Raluca Ada Popa. 2011. Remote Oblivious Storage: Making Oblivious RAM practical. http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf. (2011).
    Findings
  • Joan Boyar and René Peralta. 2010. A New Combinational Logic Minimization Technique with Applications to Cryptology. In Lecture Notes in Computer Science.
    Google ScholarLocate open access versionFindings
  • Joan Boyar and René Peralta. 2012. A Small Depth-16 Circuit for the AES S-Box.
    Google ScholarFindings
  • Elette Boyle, Kai-Min Chung, and Rafael Pass. 2016. Oblivious Parallel RAM and Applications. In TCC.
    Google ScholarFindings
  • Elette Boyle, Niv Gilboa, and Yuval Ishai. 2015. Function Secret Sharing. In EUROCRYPT.
    Google ScholarFindings
  • Elette Boyle, Niv Gilboa, and Yuval Ishai. 2016. Function Secret Sharing: Improvements and Extensions. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Kai-Min Chung, Zhenming Liu, and Rafael Pass. 20Statistically-secure ORAM with O (log2 n) Overhead. arXiv preprint arXiv:1307.3699 (2013).
    Findings
  • Ivan Damgård, Sigurd Meldgaard, and Jesper Buus Nielsen. 2011. Perfectly Secure Oblivious RAM without Random Oracles. In TCC.
    Google ScholarFindings
  • Srinivas Devadas, Marten van Dijk, Christopher W. Fletcher, Ling Ren, Elaine Shi, and Daniel Wichs. 2016. Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM. In TCC.
    Google ScholarFindings
  • Jack Doerner, David Evans, and abhi shelat. 20Secure Stable Matching at Scale. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Niv Gilboa and Yuval Ishai. 2014. Distributed Point Functions and Their Applications.
    Google ScholarFindings
  • Oded Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In ACM STOC.
    Google ScholarLocate open access versionFindings
  • Oded Goldreich and Rafail Ostrovsky. 1996. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM 43, 3 (1996).
    Google ScholarLocate open access versionFindings
  • Michael T. Goodrich and Michael Mitzenmacher. 2011. Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation. In ICALP.
    Google ScholarFindings
  • Michael T. Goodrich, Michael Mitzenmacher, Olga Ohrimenko, and Roberto Tamassia. 2011. Oblivious RAM Simulation with Efficient Worst-Case Access Overhead. In ACM CCSW.
    Google ScholarLocate open access versionFindings
  • Michael T. Goodrich, Michael Mitzenmacher, Olga Ohrimenko, and Roberto Tamassia. 2012. Privacy-preserving group data access via stateless oblivious RAM simulation. In ACM-SIAM SODA.
    Google ScholarFindings
  • Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Fernando Krell, Tal Malkin, Mariana Raykova, and Yevgeniy Vahlis. 2012. Secure Two-party Computation in Sublinear (Amortized) Time. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Yan Huang, David Evans, Jonathan Katz, and Lior Malka. 2011. Faster Secure Two-party Computation Using Garbled Circuits. In USENIX Security Symposium.
    Google ScholarLocate open access versionFindings
  • Jack Doerner and abhi shelat. 2017. Scaling ORAM for Secure Computation. Cryptology ePrint Archive, Report 2017/827. https://eprint.iacr.org/2017/827.pdf.
    Findings
  • Zahra Jafargholi and Daniel Wichs. 2016. Adaptive Security of Yao’s Garbled
    Google ScholarFindings
  • Marcel Keller and Peter Scholl. 2014.
    Google ScholarFindings
  • Vladimir Kolesnikov and Thomas Schneider. 2008. Improved Garbled Circuit: Free XOR Gates and Applications. In ICALP.
    Google ScholarFindings
  • Eyal Kushilevitz, Steve Lu, and Rafail Ostrovsky. 2012. On the (In)security of
    Google ScholarFindings
  • Yehuda Lindell and Benny Pinkas. 2009. A Proof of Security of Yao’s Protocol for Two-Party Computation. Journal of Cryptology 22, 2 (2009).
    Google ScholarLocate open access versionFindings
  • Steve Lu and Rafail Ostrovsky. 2013. Distributed Oblivious RAM for Secure Two-Party Computation.
    Google ScholarFindings
  • Valeria Nikolaenko, Udi Weinsberg, Stratis Ioannidis, Marc Joye, Dan Boneh, and Nina Taft. 2013. Privacy-Preserving Ridge Regression on Hundreds of Millions of Records. In IEEE S&P.
    Google ScholarLocate open access versionFindings
  • Rafail Ostrovsky. 1990. Efficient computation on oblivious RAMs. In ACM STOC.
    Google ScholarLocate open access versionFindings
  • Rafail Ostrovsky and Victor Shoup. 1997. Private Information Storage (Extended Abstract). In ACM STOC.
    Google ScholarLocate open access versionFindings
  • Benny Pinkas and Tzachy Reinman. 2010. Oblivious RAM revisited. In CRYPTO.
    Google ScholarLocate open access versionFindings
  • Benny Pinkas, Thomas Schneider, Nigel P. Smart, and Stephen C. Williams. 2009. Secure Two-Party Computation Is Practical. In ASIACRYPT.
    Google ScholarLocate open access versionFindings
  • Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (Nov. 1979).
    Google ScholarLocate open access versionFindings
  • Elaine Shi, T.-H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O ((log N )3) Worst-Case Cost. In ASIACRYPT.
    Google ScholarFindings
  • Emil Stefanov, Marten Van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: an Extremely Simple Oblivious RAM Protocol. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: an Extremely Simple Oblivious RAM Protocol. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Abraham Waksman. 1968. A Permutation Network. Journal of the ACM 15, 1 (Jan. 1968).
    Google ScholarLocate open access versionFindings
  • Xiao Wang, Hubert Chan, and Elaine Shi. 2015. Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. In ACM CCS.
    Google ScholarFindings
  • Xiao Wang, Yan Huang, Hubert Chan, Abhi Shelat, and Elaine Shi. 2014. SCORAM: Oblivious RAM for Secure Computation. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Xiao Wang, Yan Huang, Yongan Zhao, Haixu Tang, XiaoFeng Wang, and Diyue Bu. 2015. Efficient Genome-Wide, Privacy-Preserving Similar Patient Query Based on Private Edit Distance. In ACM CCS.
    Google ScholarFindings
  • Peter Williams and Radu Sion. 2008. Usable PIR. In NDSS.
    Google ScholarFindings
  • Peter Williams and Radu Sion. 2012. Round-Optimal Access Privacy on Outsourced Storage. In ACM CCS.
    Google ScholarLocate open access versionFindings
  • Peter Williams, Radu Sion, and Bogdan Carbunar. 2008. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In ACM CCS.
    Google ScholarFindings
  • R. S. Winternitz. 1984. A Secure One-Way Hash Function Built from DES. In IEEE S&P.
    Google ScholarLocate open access versionFindings
  • Johannes Wolkerstorfer, Elisabeth Oswald, and Mario Lamberger. 2002. An ASIC Implementation of the AES SBoxes. In RSA Conference on Topics in Cryptology.
    Google ScholarLocate open access versionFindings
  • David Woodruff and Sergey Yekhanin. 2005. A Geometric Approach to Information-Theoretic Private Information Retrieval. In Proceedings of the 20th Annual IEEE Conference on Computational Complexity.
    Google ScholarLocate open access versionFindings
  • Andrew Chi-Chih Yao. 1982. Protocols for Secure Computations. In IEEE FOCS.
    Google ScholarLocate open access versionFindings
  • Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets (Extended Abstract). In IEEE FOCS.
    Google ScholarLocate open access versionFindings
  • Samee Zahur and David Evans. 2015. Obliv-C: A Lightweight Compiler for Data-Oblivious Computation. Cryptology ePrint Archive, Report 2015/11http://oblivc.org. (2015).
    Findings
  • Samee Zahur, Mike Rosulek, and David Evans. 2015. Two Halves Make a Whole: Reducing Data Transfer in Garbled Circuits Using Half Gates. In EUROCRYPT.
    Google ScholarFindings
  • Samee Zahur, Xiao Wang, Mariana Raykova, Adrià Gascón, Jack Doerner, David Evans, and Jonathan Katz. 2016. Revisiting Square Root ORAM: Efficient Random Access in Multi-Party Computation. In IEEE S&P.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科