Skip to main content
SpringerLink
Log in

Resizable Tree-Based Oblivious RAM

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8975))

Included in the following conference series:

Abstract

Although newly proposed, tree-based Oblivious RAM schemes are drastically more efficient than older techniques, they come with a significant drawback: an inherent dependence on a fixed-size database. Yet, a flexible storage is vital for real-world use of Oblivious RAM since one of its most promising deployment scenarios is for cloud storage, where scalability and elasticity are crucial. We revisit the original construction by Shi et al. [17] and propose several ways to support both increasing and decreasing the ORAM’s size with sublinear communication. We show that increasing the capacity can be accomplished by adding leaf nodes to the tree, but that it must be done carefully in order to preserve the probabilistic integrity of data structures. We also provide new, tighter bounds for the size of interior and leaf nodes in the scheme, saving bandwidth and storage over previous constructions. Finally, we define an oblivious pruning technique for removing leaf nodes and decreasing the size of the tree. We show that this pruning method is both secure and efficient.

T. Moataz—Work done while at Northeastern University.

T. Moataz and T. Mayberry—Both are first authors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Amazon: Amazon s3 pricing (2014). http://aws.amazon.com/s3/pricing/

  2. Boneh, D., Mazieres, D., Popa, R.A.: Remote oblivious storage: Making oblivious RAM practical, March 2011. http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf

  3. Chung, K.-M., Pass, R.: A Simple ORAM. IACR Cryptology ePrint Archive, Report 2013/243 (2013)

    Google Scholar 

  4. Damgård, I., Meldgaard, S., Nielsen, J.B.: Perfectly secure oblivious RAM without random oracles. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 144–163. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Fletcher, C.W., Ren, L., Kwon, A., van Dijk, M., Stefanov, E., Devadas, S.: RAW Path ORAM: A Low-Latency, Low-Area Hardware ORAM Controller with Integrity Verification. IACR Cryptology ePrint Archive, Report 2014/431 (2014)

    Google Scholar 

  6. Gentry, C., Goldman, K.A., Halevi, S., Julta, C., Raykova, M., Wichs, D.: Optimizing ORAM and using it efficiently for secure computation. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 1–18. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  7. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)

    Article  MathSciNet  Google Scholar 

  8. Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: Proceedings of Symposium on Theory of Computing, New York, USA, pp. 182–194 (1987)

    Google Scholar 

  9. Goodrich, M.T., Mitzenmacher, M.: Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 576–587. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Oblivious RAM simulation with efficient worst-case access overhead. In: Proceedings of Cloud Computing Security Workshop, Chicago, USA, pp. 95–100 (2011)

    Google Scholar 

  11. Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious RAM simulation. In: Proceedings of the Symposium on Discrete Algorithms, Kyoto, Japan, pp. 157–167 (2012)

    Google Scholar 

  12. Hsu, J., Burke, P.: Behavior of tandem buffers with geometric input and Markovian output. IEEE Trans. Commun. 24(3), 358–361 (1976)

    Article  MathSciNet  Google Scholar 

  13. Kushilevitz, E., Lu, S., Ostrovsky, R.: On the (in)security of hash-based oblivious RAM and a new balancing scheme. In: Proceedings of Symposium on Discrete Algorithms, Kyoto, Japan, pp. 143–156 (2012)

    Google Scholar 

  14. Mayberry, T., Blass, E.-O., Chan, A.H.: Path-PIR: lower worst-case bounds by combining ORAM and PIR. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, USA (2014)

    Google Scholar 

  15. Ostrovsky, R., Shoup, V.: Private information storage (extended abstract). In: Proceedings of the Symposium on Theory of Computing, El Paso, USA, pp. 294–303 (1997)

    Google Scholar 

  16. Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)\(^\text{3 }\)) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  18. Stefanov, E., van Dijk, M., Shi, E., Fletcher, C.W., Ren, L., Yu, X., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: Conference on Computer and Communications Security, pp. 299–310 (2013)

    Google Scholar 

  19. Williams, P., Sion, R.: Usable PIR. In: Proceedings of Network and Distributed System Security Symposium, San Diego, USA (2008)

    Google Scholar 

  20. Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: Conference on Computer and Communications Security, Alexandra, USA, pp. 139–148 (2008)

    Google Scholar 

Download references

Acknowledgments

This work was partially supported by NSF grant 1218197.

Author information

Authors and Affiliations

  1. Department of Computer Science, Colorado State University, Fort Collins, CO, USA

    Tarik Moataz

  2. IMT, Telecom Bretagne, Plouzané, France

    Tarik Moataz

  3. College of Computer and Information Science, Northeastern University, Boston, MA, USA

    Travis Mayberry & Agnes Hui Chan

  4. Airbus Group Innovations, 81663, Munich, Germany

    Erik-Oliver Blass

Authors
  1. Tarik Moataz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Travis Mayberry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Erik-Oliver Blass
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Agnes Hui Chan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tarik Moataz .

Editor information

Editors and Affiliations

  1. University of Innsbruck, Innsbruck, Austria

    Rainer Böhme

  2. NTT Laboratories, Tokyo, Japan

    Tatsuaki Okamoto

A Proof: Oblivious Permute-and-Merge

A Proof: Oblivious Permute-and-Merge

Lemma A1

Given two buckets with maximum size k and load m and n respectively, over the random configurations of those buckets, Algorithm 1 will output a uniformly random permutation which is independent of m and n.

Proof

We can determine the probability of a particular permutation \(\pi \) being chosen, given m and n, with a counting argument. It will be equal to

$$\begin{aligned} \dfrac{\#\text { of configurations for which } \pi \text { is a valid permutation}}{\text {total }\# \text {of configurations } \times \#\text { of valid permutations for a given configuration}} \end{aligned}$$

The number of configurations for which \(\pi \) is a valid permutation depends on m and n, but not on \(\pi \) itself. This can be seen if you consider that applying the permutation to a fixed configuration of the bucket simply creates another, equally likely configuration. The number of configurations for the sibling bucket that will “match” with that bucket are exactly the same no matter what the actual configuration of the first bucket is. Knowing this, combined with the fact that the probabilities must sum to one, tells us immediately that every permutation is equally likely. However, we can continue and express the total quantity for our first expression as

$$\begin{aligned} {k \atopwithdelims ()m}{k - m \atopwithdelims ()n} \end{aligned}$$

This can be thought of as choosing the m full slots for one bucket freely and then choosing the n full slots in the second bucket to line up with the free slots in the already chosen first bucket. The number of valid permutations per configuration can equally be determined via a counting argument as

$$\begin{aligned} {k - m \atopwithdelims ()n} \cdot (k-n)! \cdot n! \end{aligned}$$

That is, choosing free slots for the n elements in the second bucket and then all permutations of those elements times the permutations of the free blocks. That gives us a final expression for the probability of choosing permutation \(\pi \) of

$$\begin{aligned} \dfrac{{k \atopwithdelims ()m}{k - m \atopwithdelims ()n}}{{k \atopwithdelims ()m}{k \atopwithdelims ()n}{k - m \atopwithdelims ()n}\cdot (k-n)! \cdot n!} \end{aligned}$$
(7)

With some algebraic computations, we can show that the Eq. 7 can be simplified to \(\frac{1}{k!}\). That is, this shows that the number of permutations, for any random distribution of load in a bucket, is independent of the current load. Again, since this does not depend on \(\pi \) (but only on the size of the bucket), every permutation must be equally likely over the random configurations of the buckets.    \(\square \)

Corollary A1

A permutation \(\pi \) chosen by Algorithm 1 gives no information about the load of the buckets being merged.

Proof

By our above lemma, independent of the load each permutation is chosen uniformly over the configurations of the two buckets. Therefore the permutation cannot reveal any information about the load.    \(\square \)

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Moataz, T., Mayberry, T., Blass, EO., Chan, A.H. (2015). Resizable Tree-Based Oblivious RAM. In: Böhme, R., Okamoto, T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47854-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-47854-7_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-47853-0

  • Online ISBN: 978-3-662-47854-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation