307 research outputs found
Lower Bounds for Multi-Server Oblivious RAMs
In this work, we consider the construction of oblivious RAMs (ORAM) in a setting
with multiple servers and the adversary may corrupt a subset of the servers.
We present an overhead lower bound for any -server
ORAM that limits any PPT adversary to distinguishing advantage at most when
only one server is corrupted. In other words, if one insists on
negligible distinguishing advantage, then multi-server ORAMs cannot
be faster than single-server ORAMs even with polynomially many servers
of which only one unknown server is corrupted.
Our results apply to ORAMs that may err with probability at most
as well as scenarios where the adversary corrupts larger subsets of servers.
We also extend our lower bounds to other important data structures
including oblivious stacks, queues, deques, priority queues and search trees
What Storage Access Privacy is Achievable with Small Overhead?
Oblivious RAM (ORAM) and private information retrieval (PIR) are classic
cryptographic primitives used to hide the access pattern to data whose storage
has been outsourced to an untrusted server. Unfortunately, both primitives
require considerable overhead compared to plaintext access. For large-scale
storage infrastructure with highly frequent access requests, the degradation in
response time and the exorbitant increase in resource costs incurred by either
ORAM or PIR prevent their usage. In an ideal scenario, a privacy-preserving
storage protocols with small overhead would be implemented for these heavily
trafficked storage systems to avoid negatively impacting either performance
and/or costs. In this work, we study the problem of the best $\mathit{storage\
access\ privacy}\mathit{small\ overhead}\mathit{differential\ privacy\ access}\mathit{oblivious\ access}\epsilon = \Omega(\log n)\epsilon = \Theta(\log n)O(1)\epsilon = \Theta(\log n)O(\log\log n)$
overhead. This construction uses a new oblivious, two-choice hashing scheme
that may be of independent interest.Comment: To appear at PODS'1
More is Less: Perfectly Secure Oblivious Algorithms in the Multi-Server Setting
The problem of Oblivious RAM (ORAM) has traditionally been studied in a
single-server setting, but more recently the multi-server setting has also been
considered. Yet it is still unclear whether the multi-server setting has any
inherent advantages, e.g., whether the multi-server setting can be used to
achieve stronger security goals or provably better efficiency than is possible
in the single-server case.
In this work, we construct a perfectly secure 3-server ORAM scheme that
outperforms the best known single-server scheme by a logarithmic factor. In the
process, we also show, for the first time, that there exist specific algorithms
for which multiple servers can overcome known lower bounds in the single-server
setting.Comment: 36 pages, Accepted in Asiacrypt 201
Lower Bound Framework for Differentially Private and Oblivious Data Structures
In recent years, there has been significant work in studying data structures that provide privacy for the operations that are executed. These primitives aim to guarantee that observable access patterns to physical memory do not reveal substantial information about the queries and updates executed on the data structure. Multiple recent works, including Larsen and Nielsen [Crypto\u2718], Persiano and Yeo [Eurocrypt\u2719], Hubáček et al. [TCC\u2719] and Komargodski and Lin [Crypto\u2721], have shown that logarithmic overhead is required to support even basic RAM (array) operations for various privacy notions including obliviousness and differential privacy as well as different choices of sizes for RAM blocks and memory cells .
We continue along this line of work and present the first logarithmic lower bounds for differentially private RAMs (DPRAMs) that apply regardless of the sizes of blocks and cells . This is the first logarithmic lower bounds for DPRAMs when blocks are significantly smaller than cells, that is . Furthermore, we present new logarithmic lower bounds for differentially private variants of classical data structure problems including sets, predecessor (successor) and disjoint sets (union-find) for which sub-logarithmic plaintext constructions are known. All our lower bounds extend to the multiple non-colluding servers setting.
We also address an unfortunate issue with this rich line of work where the lower bound techniques are difficult to use and require customization for each new result. To make the techniques more accessible, we generalize our proofs into a framework that reduces proving logarithmic lower bounds to showing that a specific problem satisfies two simple, minimal conditions. We show our framework is easy-to-use as all the lower bounds in our paper utilize the framework and hope our framework will spur more usage of these lower bound techniques
Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency
Recently, several practical attacks raised serious concerns over the security
of searchable encryption. The attacks have brought emphasis on forward privacy,
which is the key concept behind solutions to the adaptive leakage-exploiting
attacks, and will very likely to become mandatory in the design of new
searchable encryption schemes. For a long time, forward privacy implies
inefficiency and thus most existing searchable encryption schemes do not
support it. Very recently, Bost (CCS 2016) showed that forward privacy can be
obtained without inducing a large communication overhead. However, Bost's
scheme is constructed with a relatively inefficient public key cryptographic
primitive, and has a poor I/O performance. Both of the deficiencies
significantly hinder the practical efficiency of the scheme, and prevent it
from scaling to large data settings. To address the problems, we first present
FAST, which achieves forward privacy and the same communication efficiency as
Bost's scheme, but uses only symmetric cryptographic primitives. We then
present FASTIO, which retains all good properties of FAST, and further improves
I/O efficiency. We implemented the two schemes and compared their performance
with Bost's scheme. The experiment results show that both our schemes are
highly efficient, and FASTIO achieves a much better scalability due to its
optimized I/O
- …