Asymptotically tight bounds for composing ORAM with PIR

Ittai Abraham; Christopher W. Fletcher; Kartik Nayak; Benny Pinkas; Ling Ren

doi:10.1007/978-3-662-54365-8_5

Asymptotically tight bounds for composing ORAM with PIR

Ittai Abraham
, Christopher W. Fletcher
, Kartik Nayak
, Benny Pinkas
, Ling Ren

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

27 Scopus citations

Abstract

Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted client to outsource storage to an untrusted server while hiding the client’s memory access patterns to the server. The last three decades of research on ORAMs have reduced the bandwidth blowup of ORAM schemes from O(√N) to O(1). However, all schemes that achieve a bandwidth blowup smaller than O(logN) use expensive computations such as homomorphic encryptions. In this paper, we achieve a sub-logarithmic bandwidth blowup of O(log_d N) (where d is a free parameter) without using expensive computation. We do so by using a d-ary tree and a two server private information retrieval (PIR) protocol based on inexpensive XOR operations at the servers. We also show a Ω(log_cD N) lower bound on bandwidth blowup in the modified model involving PIR operations. Here, c is the number of blocks stored by the client and D is the number blocks on which PIR operations are performed. Our construction matches this lower bound implying that the lower bound is tight for certain parameter ranges. Finally, we show that C-ORAM (CCS 15) and CHf-ORAM violate the lower bound. Combined with concrete attacks on C-ORAM/CHf-ORAM, we claim that there exist security flaws in these constructions.

Original language	English
Title of host publication	Public-Key Cryptography - PKC 2019 - 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
Editors	Serge Fehr
Publisher	Springer Verlag
Pages	91-120
Number of pages	30
ISBN (Print)	9783662543641
DOIs	https://doi.org/10.1007/978-3-662-54365-8_5
State	Published - 2017
Event	20th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2017 - Amsterdam, Netherlands Duration: 28 Mar 2017 → 31 Mar 2017

Publication series

Name	Lecture Notes in Computer Science
Volume	10174 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	20th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2017
Country/Territory	Netherlands
City	Amsterdam
Period	28/03/17 → 31/03/17

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2017.

Funding

We would like to thank authors of C-ORAM (Tarik Moataz, Travis Mayberry and Erik-Oliver Blass) for discussions and inputs on algorithmic details of C-ORAM. We would like to thank Dahlia Malkhi, Jonathan Katz, Elaine Shi, Hubert Chan and Xiao Wang for helpful discussions on this work. This work is funded in part by NSF awards #1111599, #1563722 and a Google Ph.D. Fellowship award.

Funders	Funder number
National Science Foundation	1563722, 1111599
Google

Access to Document

10.1007/978-3-662-54365-8_5

Cite this

Abraham, I., Fletcher, C. W., Nayak, K., Pinkas, B., & Ren, L. (2017). Asymptotically tight bounds for composing ORAM with PIR. In S. Fehr (Ed.), Public-Key Cryptography - PKC 2019 - 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings (pp. 91-120). (Lecture Notes in Computer Science; Vol. 10174 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-662-54365-8_5

@inproceedings{dd795d71ab784c2eae45e457bca63ce5,

title = "Asymptotically tight bounds for composing ORAM with PIR",

abstract = "Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted client to outsource storage to an untrusted server while hiding the client{\textquoteright}s memory access patterns to the server. The last three decades of research on ORAMs have reduced the bandwidth blowup of ORAM schemes from O(√N) to O(1). However, all schemes that achieve a bandwidth blowup smaller than O(logN) use expensive computations such as homomorphic encryptions. In this paper, we achieve a sub-logarithmic bandwidth blowup of O(logd N) (where d is a free parameter) without using expensive computation. We do so by using a d-ary tree and a two server private information retrieval (PIR) protocol based on inexpensive XOR operations at the servers. We also show a Ω(logcD N) lower bound on bandwidth blowup in the modified model involving PIR operations. Here, c is the number of blocks stored by the client and D is the number blocks on which PIR operations are performed. Our construction matches this lower bound implying that the lower bound is tight for certain parameter ranges. Finally, we show that C-ORAM (CCS 15) and CHf-ORAM violate the lower bound. Combined with concrete attacks on C-ORAM/CHf-ORAM, we claim that there exist security flaws in these constructions.",

author = "Ittai Abraham and Fletcher, \{Christopher W.\} and Kartik Nayak and Benny Pinkas and Ling Ren",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2017.; 20th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2017 ; Conference date: 28-03-2017 Through 31-03-2017",

year = "2017",

doi = "10.1007/978-3-662-54365-8\_5",

language = "אנגלית",

isbn = "9783662543641",

series = "Lecture Notes in Computer Science",

publisher = "Springer Verlag",

pages = "91--120",

editor = "Serge Fehr",

booktitle = "Public-Key Cryptography - PKC 2019 - 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings",

address = "גרמניה",

}

Abraham, I, Fletcher, CW, Nayak, K, Pinkas, B & Ren, L 2017, Asymptotically tight bounds for composing ORAM with PIR. in S Fehr (ed.), Public-Key Cryptography - PKC 2019 - 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Lecture Notes in Computer Science, vol. 10174 LNCS, Springer Verlag, pp. 91-120, 20th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2017, Amsterdam, Netherlands, 28/03/17. https://doi.org/10.1007/978-3-662-54365-8_5

Asymptotically tight bounds for composing ORAM with PIR. / Abraham, Ittai; Fletcher, Christopher W.; Nayak, Kartik et al.
Public-Key Cryptography - PKC 2019 - 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. ed. / Serge Fehr. Springer Verlag, 2017. p. 91-120 (Lecture Notes in Computer Science; Vol. 10174 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Asymptotically tight bounds for composing ORAM with PIR

AU - Abraham, Ittai

AU - Fletcher, Christopher W.

AU - Nayak, Kartik

AU - Pinkas, Benny

AU - Ren, Ling

PY - 2017

Y1 - 2017

N2 - Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted client to outsource storage to an untrusted server while hiding the client’s memory access patterns to the server. The last three decades of research on ORAMs have reduced the bandwidth blowup of ORAM schemes from O(√N) to O(1). However, all schemes that achieve a bandwidth blowup smaller than O(logN) use expensive computations such as homomorphic encryptions. In this paper, we achieve a sub-logarithmic bandwidth blowup of O(logd N) (where d is a free parameter) without using expensive computation. We do so by using a d-ary tree and a two server private information retrieval (PIR) protocol based on inexpensive XOR operations at the servers. We also show a Ω(logcD N) lower bound on bandwidth blowup in the modified model involving PIR operations. Here, c is the number of blocks stored by the client and D is the number blocks on which PIR operations are performed. Our construction matches this lower bound implying that the lower bound is tight for certain parameter ranges. Finally, we show that C-ORAM (CCS 15) and CHf-ORAM violate the lower bound. Combined with concrete attacks on C-ORAM/CHf-ORAM, we claim that there exist security flaws in these constructions.

AB - Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted client to outsource storage to an untrusted server while hiding the client’s memory access patterns to the server. The last three decades of research on ORAMs have reduced the bandwidth blowup of ORAM schemes from O(√N) to O(1). However, all schemes that achieve a bandwidth blowup smaller than O(logN) use expensive computations such as homomorphic encryptions. In this paper, we achieve a sub-logarithmic bandwidth blowup of O(logd N) (where d is a free parameter) without using expensive computation. We do so by using a d-ary tree and a two server private information retrieval (PIR) protocol based on inexpensive XOR operations at the servers. We also show a Ω(logcD N) lower bound on bandwidth blowup in the modified model involving PIR operations. Here, c is the number of blocks stored by the client and D is the number blocks on which PIR operations are performed. Our construction matches this lower bound implying that the lower bound is tight for certain parameter ranges. Finally, we show that C-ORAM (CCS 15) and CHf-ORAM violate the lower bound. Combined with concrete attacks on C-ORAM/CHf-ORAM, we claim that there exist security flaws in these constructions.

UR - https://www.scopus.com/pages/publications/85014479389

U2 - 10.1007/978-3-662-54365-8_5

DO - 10.1007/978-3-662-54365-8_5

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85014479389

SN - 9783662543641

T3 - Lecture Notes in Computer Science

SP - 91

EP - 120

BT - Public-Key Cryptography - PKC 2019 - 22nd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings

A2 - Fehr, Serge

PB - Springer Verlag

T2 - 20th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2017

Y2 - 28 March 2017 through 31 March 2017

ER -

Asymptotically tight bounds for composing ORAM with PIR

Abstract

Publication series

Conference

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this