Multi-client Oblivious RAM Secure Against Malicious Servers

  • Erik-Oliver Blass
  • Travis MayberryEmail author
  • Guevara Noubir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)


This paper tackles the open problem whether an Oblivious RAM can be shared among multiple clients in the presence of a fully malicious server. Current ORAM constructions rely on clients knowing the ORAM state to not reveal information about their access pattern. With multiple clients, a straightforward approach requires clients exchanging updated state to maintain security. However, clients on the internet usually cannot directly communicate with each other due to NAT and firewall settings. Storing state on the server is the only option, but a malicious server can arbitrarily tamper with that information.

We first extend the classical square-root ORAM by Goldreich and the hierarchical one by Goldreich and Ostrovsky to add multi-client security. We accomplish this by separating the critical portions of the access, which depend on the state of the ORAM, from the non-critical parts (cache access) that can be executed securely in any state. Our second contribution is a secure multi-client variant of Path ORAM. To enable secure meta-data update during evictions in Path ORAM, we employ our first result, small multi-client secure classical ORAMs, as a building block. Depending on the block size, the communication complexity of our multi-client secure construction reaches a low \(O(\log N)\) communication complexity per client, similar to state-of-the-art single-client ORAMs.


  1. 1.
    Blass, E.-O., Mayberry, T., Noubir, G.: Multi-client oblivious ram secure against malicious servers. Cryptology ePrint Archive, Report 2015/121 (2015).
  2. 2.
    Boyle, E., Chung, K.-M., Pass, R.: Oblivious parallel RAM and applications. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 175–204. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49099-0_7 CrossRefGoogle Scholar
  3. 3.
    Cash, D., Küpçü, A., Wichs, D.: Dynamic proofs of retrievability via oblivious RAM. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 279–295. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_17 CrossRefGoogle Scholar
  4. 4.
    Chan, T.-H.H., Shi, E.: Circuit OPRAM: a (somewhat) tight oblivious parallel RAM. Cryptology ePrint Archive, Report 2016/1084 (2016).
  5. 5.
    Costan, V., Devadas, S.: Intel SGX explained. Technical report, Cryptology ePrint Archive, Report 2016/086 (2016).
  6. 6.
    Fletcher, C.W., Ren, L., Kwon, A., Van Dijk, M., Stefanov, E., Devadas, S., Tiny, O.: A Low-Latency, Low-Area Hardware ORAM Controller. Cryptology ePrint Archive, Report 2014/431 (2014).
  7. 7.
    Franz, M., Williams, P., Carbunar, B., Katzenbeisser, S., Peter, A., Sion, R., Sotakova, M.: Oblivious outsourced storage with delegation. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 127–140. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-27576-0_11 CrossRefGoogle Scholar
  8. 8.
    Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: Symposium on Theory of Computing, pp. 182–194, New York, USA (1987)Google Scholar
  9. 9.
    Goldreich, O., Ostrovsky, R.: Software protection, simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996). ISSN 0004–5411MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Goodrich, M.T.: Zig-zag sort: a simple deterministic data-oblivious sorting algorithm running in o(n log n) time. In: Proceedings of the 46th Annual ACM Symposium on Theory of Computing, STOC 2014, pp. 684–693 (2014). ISBN 978-1-4503-2710-7Google Scholar
  11. 11.
    Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Oblivious RAM simulation with efficient worst-case access overhead. In: Proceedings of Workshop on Cloud Computing Security Workshop, pp. 95–100, Chicago, USA (2011)Google Scholar
  12. 12.
    Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious RAM simulation. In: Proceedings of the Twenty-Third Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 157–167 (2012)Google Scholar
  13. 13.
    Iliev, A., Smith, S.W.: Protecting client privacy with trusted computing at the server. IEEE Secur. Priv. 3(2), 20–28 (2005)CrossRefGoogle Scholar
  14. 14.
    Knuth, D.E.: The Art of Computer Programming, Seminumerical Algorithms, 2nd edn., vol. 2, chap. 3.4.2, pp. 139–140. Addison Wesley 1981. ISBN 978-0201896848Google Scholar
  15. 15.
    Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in) security of hash-based oblivious RAM and a new balancing scheme. In: Proceedings of Symposium on Discrete Algorithms, pp. 143–156, Kyoto, Japan (2012)Google Scholar
  16. 16.
    Li, J., Krohn, M.N., Mazières, D., Shasha, D.: Secure untrusted data repository (SUNDR). In: Proceedings of Operating System Design and Implementation, pp. 121–136, San Francisco, USA (2004)Google Scholar
  17. 17.
    Lorch, J.R., Parno, B., Mickens, J., Raykova, M., Schiffman, J.: Shroud: ensuring private access to large-scale data in the data center. In: USENIX Conference on File and Storage Technologies, pp. 199–213 (2013)Google Scholar
  18. 18.
    Maffei, M., Malavolta, G., Reinert, M., Schröder, D.: Privacy and access control for outsourced personal records. In: IEEE Symposium on Security and Privacy, pp. 341–358. IEEE (2015)Google Scholar
  19. 19.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). doi: 10.1007/3-540-48184-2_32 Google Scholar
  20. 20.
    Nayak, K., Katz, J.: An oblivious parallel RAM with \(o(\log ^2 n)\) parallel runtime blowup. Cryptology ePrint Archive, Report 2016/1141 (2016).
  21. 21.
    Ostrovsky, R., Shoup, V.: Private information storage. In: Proceedings of Symposium on Theory of Computing, pp. 294–303. ACM (1997)Google Scholar
  22. 22.
    Ren, L., Fletcher, C.W., Yu, X., van Dijk, M., Devadas, S.: Integrity verification for path oblivious-RAM. In: Proceedings of High Performance Extreme Computing Conference, pp. 1–6, Waltham, USA (2013)Google Scholar
  23. 23.
    Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25385-0_11 CrossRefGoogle Scholar
  24. 24.
    SpiderOak. Semaphor (2016).
  25. 25.
    Stefanov, E., van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., Devadas, S., Path, O.: An extremely simple oblivious RAM protocol. In: Proceedings of Conference on Computer & Communications Security, pp. 299–310, Berlin, Germany (2013). ISBN 978-1-4503-2477-9Google Scholar
  26. 26.
    WhatsApp. Whatsapp encryption overview (2016).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Erik-Oliver Blass
    • 1
  • Travis Mayberry
    • 2
    Email author
  • Guevara Noubir
    • 3
  1. 1.Airbus Group InnovationsMunichGermany
  2. 2.US Naval AcademyAnnapolisUSA
  3. 3.Northeastern UniversityBostonUSA

Personalised recommendations