Article

A Lower Bound for One-Round Oblivious RAM

Authors:

Andrew Drucker,

Alexander HooverAuthors Info & Claims

Theory of Cryptography: 18th International Conference, TCC 2020, Durham, NC, USA, November 16–19, 2020, Proceedings, Part I

Pages 457 - 485

https://doi.org/10.1007/978-3-030-64375-1_16

Published: 16 November 2020 Publication History

Abstract

We initiate a fine-grained study of the round complexity of Oblivious RAM (ORAM). We prove that any one-round balls-in-bins ORAM that does not duplicate balls must have either

Ω (\sqrt{N})

bandwidth or

Ω (\sqrt{N})

client memory, where N is the number of memory slots being simulated. This shows that such schemes are strictly weaker than general (multi-round) ORAMs or those with server computation, and in particular implies that a one-round version of the original square-root ORAM of Goldreich and Ostrovksy (J. ACM 1996) is optimal. We prove this bound via new techniques that differ from those of Goldreich and Ostrovksy, and of Larsen and Nielsen (CRYPTO 2018), which achieved an

Ω (log N)

bound for balls-in-bins and general multi-round ORAMs respectively. Finally we give a weaker extension of our bound that allows for limited duplication of balls, and also show that our bound extends to multiple-round ORAMs of a restricted form that include the best known constructions.

References

[1]

Asharov G, Komargodski I, Lin W-K, Nayak K, Peserico E, and Shi E Canteaut A and Ishai Y OptORAMa: optimal oblivious RAM Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 403-432

[2]

Boyle, E., Naor, M.: Is there an oblivious RAM lower bound? In: Sudan, M., (ed.) ITCS 2016: 7th Conference on Innovations in Theoretical Computer Science, pp. 357–368, Association for Computing Machinery, Cambridge, 14–16 January 2016

[3]

Chan T-HH, Chung K-M, and Shi E Takagi T and Peyrin T On the depth of oblivious parallel RAM Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 567-597

[4]

Dautrich Jr., J.L., Stefanov, E., Shi, E.: Burst ORAM: minimizing ORAM response times for bursty access patterns. In: Fu, K., Jung, J. (eds.) USENIX Security 2014: 23rd USENIX Security Symposium, pp. 749–764, USENIX Association, San Diego, 20–22 August 2014

[5]

Devadas S, van Dijk M, Fletcher CW, Ren L, Shi E, and Wichs D Kushilevitz E and Malkin T Onion ORAM: a constant bandwidth blowup oblivious RAM Theory of Cryptography 2016 Heidelberg Springer 145-174

[6]

Fletcher, C., Naveed, M., Ren, L., Shi, E., Stefanov, E.: Bucket ORAM: single online roundtrip, constant bandwidth oblivious RAM. Cryptology ePrint Archive, Report 2015/1065 (2015). http://eprint.iacr.org/2015/1065

[7]

Garg, S., Lu, S., Ostrovsky, R.: Black-box garbled RAM. Cryptology ePrint Archive, Report 2015/307 (2015). http://eprint.iacr.org/2015/307

[8]

Garg, S., Lu, S., Ostrovsky, R., Scafuro, A.: Garbled RAM from one-way functions. In: Servedio, R.A., Rubinfeld, R. (eds.) 47th Annual ACM Symposium on Theory of Computing, pp. 449–458. ACM Press. Portland, 14–17 June 2015

[9]

Garg, S., Mohassel, P., Papamanthou, C.: TWORAM: Efficient oblivious RAM in two rounds with applications to searchable encryption. In: Robshaw, M., Katz, J. (eds.) Advances in Cryptology, CRYPTO 2016, Part III, LNCS, vol. 9816, pp. 563–592, Santa Barbara, 14–18 August 2016. Springer, Heidelberg (2016).

[10]

Gentry C, Halevi S, Lu S, Ostrovsky R, Raykova M, and Wichs D Nguyen PQ and Oswald E Garbled RAM revisited Advances in Cryptology – EUROCRYPT 2014 2014 Heidelberg Springer 405-422

[11]

Goldreich O and Ostrovsky R Software protection and simulation on oblivious RAMs J. ACM 1996 43 3 431-473

[12]

Goodrich MT and Mitzenmacher M Aceto L, Henzinger M, and Sgall J Privacy-preserving access of outsourced data via oblivious RAM simulation Automata, Languages and Programming 2011 Heidelberg Springer 576-587

[13]

Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Practical oblivious storage. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 13–24, Association for Computing Machinery, New York (2012)

[14]

Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious RAM simulation. In: Rabani, Y. (ed.) 23rd Annual ACM-SIAM Symposium on Discrete Algorithms, ACM-SIAM, pp. 157–167, Kyoto, 17–19 January 2012

[15]

Hubáček P, Koucký M, Král K, and Slívová V Hofheinz D and Rosen A Stronger lower bounds for online ORAM Theory of Cryptography 2019 Cham Springer 264-284

[16]

Jacob, R., Larsen, K.G., Nielsen, J.B.: Lower bounds for oblivious data structures. In: Chan, T.M. (ed.) 30th Annual ACM-SIAM Symposium on Discrete Algorithms, ACM-SIAM, pp. 2439–2447, San Diego, 6–9 January 2019

[17]

Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in)security of hash-based oblivious RAM and a new balancing scheme. In: Rabani, Y. (ed.) 23rd Annual ACM-SIAM Symposium on Discrete Algorithms, ACM-SIAM, pp. 143–156, Kyoto, 17–19 January 2012

[18]

Larsen KG and Nielsen JB Shacham H and Boldyreva A Yes, there is an oblivious RAM lower bound! Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 523-542

[19]

Lu S and Ostrovsky R Sahai A Distributed oblivious RAM for secure two-party computation Theory of Cryptography 2013 Heidelberg Springer 377-396

[20]

Lu S and Ostrovsky R Johansson T and Nguyen PQ How to garble RAM programs? Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 719-734

[21]

Moataz, T., Mayberry, T., Blass, E.-O.: Constant communication ORAM with small blocksize. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015: 22nd Conference on Computer and Communications Security, pp. 862–873. ACM Press, Denver, 12–16 October 2015

[22]

Patel, S., Persiano, G., Raykova, M., Yeo, K.: PanORAMa: oblivious RAM with logarithmic overhead. In: Thorup, M. (ed.) 59th Annual Symposium on Foundations of Computer Science, pp. 871–882, IEEE Computer Society Press, Paris, 7–9 October 2018

[23]

Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with

O ({(log N)}^{3})

worst-case cost. In: Lee, D.H., Wang, X., (eds.) Advances in Cryptology - ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214, Seoul, South, Springer, Heidelberg, 4–8 December 2011.

[24]

Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. In: Sadeghi, A.-R., Gligor, V.D., Yung, M., (eds.) ACM CCS 2013: 20th Conference on Computer and Communications Security, pp. 299–310. ACM Press, Berlin, 4–8 November 2013

[25]

Wang, X., Chan, T.-H.H., Shi, E.: Circuit ORAM: on tightness of the Goldreich-Ostrovsky lower bound. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015: 22nd Conference on Computer and Communications Security, pp. 850–861. ACM Press, Denver 12–16 October 2015

[26]

Williams, P., Sion, R., Single round access privacy on outsourced storage. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012: 19th Conference on Computer and Communications Security, pp. 293–304. ACM Press, Raleigh, 16–18 October 2012

Cited By

Boyle EKomargodski IVafa NMohar BShinkar IO'Donnell R(2024)Memory Checking Requires Logarithmic OverheadProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649686(1712-1723)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649686
Maiyya SVemula SAgrawal DEl Abbadi AKerschbaum F(2023)Waffle: An Online Oblivious Datastore for Protecting Data Access PatternsProceedings of the ACM on Management of Data10.1145/36267601:4(1-25)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3626760
Persiano GYeo K(2023)Limits of Breach-Resistant and Snapshot-Oblivious RAMsAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_6(161-196)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38551-3_6
Show More Cited By

Index Terms

A Lower Bound for One-Round Oblivious RAM
1. Theory of computation
  1. Computational complexity and cryptography
    1. Complexity classes
  2. Design and analysis of algorithms

Index terms have been assigned to the content through auto-classification.

Recommendations

Yes, There is an Oblivious RAM Lower Bound!
Advances in Cryptology – CRYPTO 2018
Abstract
An Oblivious RAM (ORAM) introduced by Goldreich and Ostrovsky [JACM’96] is a (possibly randomized) RAM, for which the memory access pattern reveals no information about the operations performed. The main performance metric of an ORAM is the ...
Is There an Oblivious RAM Lower Bound for Online Reads?
Theory of Cryptography
Abstract
Oblivious RAM (ORAM), introduced by Goldreich and Ostrovsky (JACM 1996), can be used to read and write to memory in a way that hides which locations are being accessed. The best known ORAM schemes have an overhead per access, where is the data ...
Is There an Oblivious RAM Lower Bound?
ITCS '16: Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science

An Oblivious RAM (ORAM), introduced by Goldreich and Ostrovsky (JACM 1996), is a (probabilistic) RAM that hides its access pattern, i.e. for every input the observed locations accessed are similarly distributed. Great progress has been made in recent ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Theory of Cryptography: 18th International Conference, TCC 2020, Durham, NC, USA, November 16–19, 2020, Proceedings, Part I

Nov 2020

721 pages

ISBN:978-3-030-64374-4

DOI:10.1007/978-3-030-64375-1

Editors:
Rafael Pass
Cornell Tech, New York, NY, USA
,
Krzysztof Pietrzak
Institute of Science and Technology Austria, Klosterneuburg, Austria

© International Association for Cryptologic Research 2020.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 16 November 2020

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Boyle EKomargodski IVafa NMohar BShinkar IO'Donnell R(2024)Memory Checking Requires Logarithmic OverheadProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649686(1712-1723)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649686
Maiyya SVemula SAgrawal DEl Abbadi AKerschbaum F(2023)Waffle: An Online Oblivious Datastore for Protecting Data Access PatternsProceedings of the ACM on Management of Data10.1145/36267601:4(1-25)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3626760
Persiano GYeo K(2023)Limits of Breach-Resistant and Snapshot-Oblivious RAMsAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_6(161-196)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38551-3_6
Persiano GYeo K(2023)Lower Bound Framework for Differentially Private and Oblivious Data StructuresAdvances in Cryptology – EUROCRYPT 202310.1007/978-3-031-30545-0_17(487-517)Online publication date: 23-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30545-0_17
Gong YGao FLi WZhang HJin ZWen Q(2022)LPS-ORAMSecurity and Communication Networks10.1155/2022/90328282022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9032828
Komargodski ILin W(2021)A Logarithmic Lower Bound for Oblivious RAM (for All Parameters)Advances in Cryptology – CRYPTO 202110.1007/978-3-030-84259-8_20(579-609)Online publication date: 16-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-84259-8_20

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents