Perfectly Oblivious (Parallel) RAM Revisited, and Improved Constructions

T-H. Hubert Chan, E. Shi, Wei-Kai Lin, Kartik Nayak
{"title":"Perfectly Oblivious (Parallel) RAM Revisited, and Improved Constructions","authors":"T-H. Hubert Chan, E. Shi, Wei-Kai Lin, Kartik Nayak","doi":"10.4230/LIPIcs.ITC.2021.8","DOIUrl":null,"url":null,"abstract":"Oblivious RAM (ORAM) is a technique for compiling any RAM program to an oblivious counterpart, i.e., one whose access patterns do not leak information about the secret inputs. Similarly, Oblivious Parallel RAM (OPRAM) compiles a parallel RAM program to an oblivious counterpart. In this paper, we care about ORAM/OPRAM with perfect security, i.e., the access patterns must be identically distributed no matter what the program’s memory request sequence is. In the past, two types of perfect ORAMs/OPRAMs have been considered: constructions whose performance bounds hold in expectation (but may occasionally run more slowly); and constructions whose performance bounds hold deterministically (even though the algorithms themselves are randomized). In this paper, we revisit the performance metrics for perfect ORAM/OPRAM, and show novel constructions that achieve asymptotical improvements for all performance metrics. Our first result is a new perfectly secure OPRAM scheme with O(logN/ log logN) expected overhead. In comparison, prior literature has been stuck at O(logN) for more than a decade. Next, we show how to construct a perfect ORAM with O(logN/ log logN) deterministic simulation overhead. We further show how to make the scheme parallel, resulting in an perfect OPRAM with O(logN/ log logN) deterministic simulation overhead. For perfect ORAMs/OPRAMs with deterministic performance bounds, our results achieve subexponential improvement over the state-of-the-art. Specifically, the best known prior scheme incurs more than √ N deterministic simulation overhead (Raskin and Simkin, Asiacrypt’19); moreover, their scheme works only for the sequential setting and is not amenable to parallelization. Finally, we additionally consider perfect ORAMs/OPRAMs whose performance bounds hold with high probability. For this new performance metric, we show new constructions whose simulation overhead is upper bounded by O(log / log logN) except with negligible in N probability, i.e., we prove high-probability performance bounds that match the expected bounds mentioned earlier. Author ordering is randomized. T-H. Hubert Chan was partially supported by the Hong Kong RGC under the grants 17200418 and 17201220. Elaine Shi was partially supported by NSF CNS-1601879, an ONR YIP award, and a Packard Fellowship. Wei-Kai Lin was supported by a DARPA Brandeis award. Kartik Nayak was partially supported by NSF Award 2016393.","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":"79 1","pages":"8:1-8:23"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Test Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.ITC.2021.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Oblivious RAM (ORAM) is a technique for compiling any RAM program to an oblivious counterpart, i.e., one whose access patterns do not leak information about the secret inputs. Similarly, Oblivious Parallel RAM (OPRAM) compiles a parallel RAM program to an oblivious counterpart. In this paper, we care about ORAM/OPRAM with perfect security, i.e., the access patterns must be identically distributed no matter what the program’s memory request sequence is. In the past, two types of perfect ORAMs/OPRAMs have been considered: constructions whose performance bounds hold in expectation (but may occasionally run more slowly); and constructions whose performance bounds hold deterministically (even though the algorithms themselves are randomized). In this paper, we revisit the performance metrics for perfect ORAM/OPRAM, and show novel constructions that achieve asymptotical improvements for all performance metrics. Our first result is a new perfectly secure OPRAM scheme with O(logN/ log logN) expected overhead. In comparison, prior literature has been stuck at O(logN) for more than a decade. Next, we show how to construct a perfect ORAM with O(logN/ log logN) deterministic simulation overhead. We further show how to make the scheme parallel, resulting in an perfect OPRAM with O(logN/ log logN) deterministic simulation overhead. For perfect ORAMs/OPRAMs with deterministic performance bounds, our results achieve subexponential improvement over the state-of-the-art. Specifically, the best known prior scheme incurs more than √ N deterministic simulation overhead (Raskin and Simkin, Asiacrypt’19); moreover, their scheme works only for the sequential setting and is not amenable to parallelization. Finally, we additionally consider perfect ORAMs/OPRAMs whose performance bounds hold with high probability. For this new performance metric, we show new constructions whose simulation overhead is upper bounded by O(log / log logN) except with negligible in N probability, i.e., we prove high-probability performance bounds that match the expected bounds mentioned earlier. Author ordering is randomized. T-H. Hubert Chan was partially supported by the Hong Kong RGC under the grants 17200418 and 17201220. Elaine Shi was partially supported by NSF CNS-1601879, an ONR YIP award, and a Packard Fellowship. Wei-Kai Lin was supported by a DARPA Brandeis award. Kartik Nayak was partially supported by NSF Award 2016393.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
完全遗忘(平行)RAM重新访问和改进结构
无关RAM (ORAM)是一种将任何RAM程序编译为无关的对应程序的技术,即其访问模式不会泄露有关秘密输入的信息。类似地,遗忘并行RAM (OPRAM)将并行RAM程序编译为遗忘对应程序。本文关注具有完美安全性的ORAM/OPRAM,即无论程序的内存请求顺序如何,访问模式必须是相同分布的。过去,人们考虑了两种类型的完美oram / opram:性能边界符合预期的结构(但偶尔可能运行得更慢);以及性能界限具有确定性的结构(即使算法本身是随机的)。在本文中,我们重新审视了完美ORAM/OPRAM的性能指标,并展示了实现所有性能指标渐近改进的新结构。我们的第一个结果是一个新的完全安全的OPRAM方案,预期开销为0 (logN/ log logN)。相比之下,之前的文献已经停留在0 (logN)超过十年。接下来,我们将展示如何构建一个具有O(logN/ log logN)确定性仿真开销的完美ORAM。我们进一步展示了如何使该方案并行,从而得到一个具有0 (logN/ log logN)确定性仿真开销的完美OPRAM。对于具有确定性性能界限的完美oram / opram,我们的结果比最先进的技术实现了次指数级的改进。具体来说,最著名的先验方案会导致超过√N的确定性模拟开销(Raskin和Simkin, Asiacrypt ' 19);此外,他们的方案只适用于顺序设置,不适合并行化。最后,我们还考虑了性能边界保持高概率的完美oram / opram。对于这个新的性能度量,我们展示了新的结构,其模拟开销的上限是0 (log / log logN),除了N概率可以忽略不计,也就是说,我们证明了高概率性能界限与前面提到的预期界限相匹配。作者排序是随机的。张茵。陈教授获得香港研资局拨款17200418及17201220的部分资助。Elaine Shi得到了NSF CNS-1601879、ONR YIP奖和帕卡德奖学金的部分支持。林伟凯获得了DARPA布兰迪斯奖的支持。Kartik Nayak获得了NSF Award 2016393的部分资助。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Csirmaz's Duality Conjecture and Threshold Secret Sharing Online Mergers and Applications to Registration-Based Encryption and Accumulators Exponential Correlated Randomness Is Necessary in Communication-Optimal Perfectly Secure Two-Party Computation The Cost of Statistical Security in Proofs for Repeated Squaring Tight Estimate of the Local Leakage Resilience of the Additive Secret-Sharing Scheme & Its Consequences
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1