M-ORAM Revisited: Security and Construction Updates

  • Karin SumongkayothinEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11125)


Oblivious Random Access Machine (ORAM) [4] was introduced in regard to secure the access patterns seen by a server when the data have been retrieved. Matrix based ORAM (M-ORAM) [5] is one of ORAM constructions. It has been introduced in the matrix data structure format and can achieve O(1) for both bandwidth overhead and computation complexity. With the impressive performance results; however, the given security proof is not well defined. We therefore revisit the paper to give a new proper proof method to construct the access sequence which is statically indistinguishable from random accesses. In addition according to our new security proof, M-ORAM has a security weakness in a specific circumstance. Hence, the improved M-ORAM construction which can solve the problem is also introduced.



This research project was partially supported by Faculty of Information and Communication Technology, Mahidol University.


  1. 1.
    How can we generate k unique random integers in the range [1...n] with equal probablity?. Accessed 30 May 2018
  2. 2.
    Boneh, D., Mazieres, D., Popa, R.A.: Remote oblivious storage: Making oblivious RAM practical. Technical report, MIT-CSAIL-TR-2011-018, Massachusetts Institute of Technology, March 2011.
  3. 3.
    Dautrich, J., Stefanov, E., Shi, E.: Burst ORAM: minimizing ORAM response times for bursty access patterns. In: Proceedings 23rd USENIX Security Symposium, San Diego, CA, pp. 749–764, August 2014Google Scholar
  4. 4.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Gordon, S., Miyaji, A., Su, C., Sumongkayothin, K.: A matrix based ORAM: design, implementation and experimental analysis. IEICE Trans. Inf. Syst. E99-D(8), 2044–2055 (2016)CrossRefGoogle Scholar
  6. 6.
    Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: Proceedings of 19th Annual Network and Distributed System Security Symposium, San Diego, CA, February 2012Google Scholar
  7. 7.
    Liu, C., Zhu, L., Wang, M., Tan, Y.: Search pattern leakage in searchable encryption: attacks and new construction. Inf. Sci.: Int. J. 265, 176–188 (2014)CrossRefGoogle Scholar
  8. 8.
    Moataz, T., Mayberry, T., Blass, E.-O., Chan, A.H.: Resizable tree-based oblivious RAM. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 147–167. Springer, Heidelberg (2015). Scholar
  9. 9.
    Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010). Scholar
  10. 10.
    Ren, L., Fletcher, C.W., Yu, X., Kwon, A., van Dijk, M., Devadas, S.: Unified oblivious-RAM: improving recursive ORAM with locality and pseudorandomness. Proceeding of IACR Cryptology ePrint Archive 2014/205 (2014)Google Scholar
  11. 11.
    Shi, E., Chan, T.H., Stefanov, E., Li, M.: Oblivious RAM with \({O}({log^{3}N})\) worst-case cost. In: Proceedings of 17th International Conference on the Theory and Application of Cryptology and Information Security, Seol, South Korea, pp. 197–214, December 2011Google Scholar
  12. 12.
    Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. In: Proceedings ACM SIGSAC Conference on Computer and Communications Security, Berlin, Germany, pp. 299–310, November 2013Google Scholar
  13. 13.
    Stefanov, E., Shi, E., Song, D.X.: Towards practical oblivious RAM. In: Proceedings of the 19th Annual Network Distributed System Security Symposium, The Internet Society, San Diego, CA, USA, February 2012Google Scholar
  14. 14.
    Zhang, J., Ma, Q., Zhang, W., Qiao, D.: KT-ORAM: a bandwidth-efficient ORAM built on K-ary tree of PIR nodes. Proceedings of IACR Cryptology ePrint Archive 2014/624 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Faculty of Infornation and Communication TechnologyMahidol University Nakhon PathomPhutthamonthonThailand

Personalised recommendations