9 research outputs found
Short reachability networks
We investigate a generalisation of permutation networks. We say a sequence
of transpositions in forms a -reachability
network if for every choice of distinct points , there is a subsequence of whose composition maps to
for every . When , any permutation in can be
created and is a permutation network. Waksman [JACM, 1968] showed that the
shortest permutation networks have length about . In this paper, we
investigate the shortest -reachability networks. Our main result settles the
case of : the shortest -reachability network has length . For fixed , we give a simple randomised construction which
shows there exist -reachability networks using transpositions.
We also study the case where all transpositions are of the form ,
separating 2-reachability from the related probabilistic variant of
2-uniformity. Many interesting questions are left open.Comment: 13 pages, 1 figur
Perfectly Oblivious (Parallel) RAM Revisited, and Improved Constructions
Oblivious RAM (ORAM)
is a technique for compiling any RAM program to an oblivious counterpart, i.e.,
one whose access patterns do not leak information about the secret inputs.
Similarly, Oblivious Parallel RAM (OPRAM) compiles a
{\it parallel} RAM program to an oblivious counterpart.
In this paper, we care about ORAM/OPRAM with {\it perfect security}, i.e.,
the access patterns must be {\it identically distributed}
no matter what the program\u27s memory request sequence is.
In the past, two types of perfect ORAMs/OPRAMs
have been considered:
constructions whose performance bounds hold {\it in expectation} (but may occasionally
run more slowly);
and constructions whose performance bounds hold {\it deterministically} (even though
the algorithms themselves are randomized).
In this paper, we revisit the performance metrics for perfect
ORAM/OPRAM, and
show novel constructions that achieve asymptotical improvements
for all performance metrics.
Our first result
is a new perfectly secure OPRAM
scheme with {\it expected} overhead.
In comparison, prior literature
has been stuck at for more than a decade.
Next, we show how to construct a perfect ORAM
with
{\it deterministic} simulation overhead. We further show how
to make the scheme parallel, resulting in an perfect OPRAM
with
{\it deterministic} simulation overhead.
For perfect ORAMs/OPRAMs
with deterministic performance bounds, our results achieve
{\it subexponential} improvement over the state-of-the-art.
Specifically, the best known prior scheme
incurs more than deterministic simulation overhead
(Raskin and Simkin, Asiacrypt\u2719); moreover, their scheme works
only for the sequential setting and is {\it not} amenable to parallelization.
Finally, we additionally consider perfect ORAMs/OPRAMs
whose performance bounds hold with high probability.
For this new performance metric, we show new constructions
whose simulation overhead is upper bounded by
except with negligible in probability, i.e., we prove
high-probability performance bounds that match the expected
bounds mentioned earlier
Low-Memory Algorithms for Online and W-Streaming Edge Coloring
For edge coloring, the online and the W-streaming models seem somewhat
orthogonal: the former needs edges to be assigned colors immediately after
insertion, typically without any space restrictions, while the latter limits
memory to sublinear in the input size but allows an edge's color to be
announced any time after its insertion. We aim for the best of both worlds by
designing small-space online algorithms for edge-coloring. We study the problem
under both (adversarial) edge arrivals and vertex arrivals. Our results
significantly improve upon the memory used by prior online algorithms while
achieving an -competitive ratio. In particular, for -node graphs with
maximum vertex-degree under edge arrivals, we obtain an online
-coloring in space. This is also the
first W-streaming edge-coloring algorithm for -coloring in sublinear
memory. All prior works either used linear memory or colors.
We also achieve a smooth color-space tradeoff: for any , we get an
-coloring in space,
improving upon the state of the art that used space for
the same number of colors. The improvements stem from extensive use of random
permutations that enable us to avoid previously used colors. Most of our
algorithms can be derandomized and extended to multigraphs, where edge coloring
is known to be considerably harder than for simple graphs.Comment: 32 pages, 1 figur
Reverse Cycle Walking and Its Applications
We study the problem of constructing a block-cipher on a possibly-strange set using a block-cipher on a larger set . Such constructions are useful in format-preserving encryption, where for example the set might contain valid 9-digit social security numbers while might be the set of 30-bit strings. Previous work has solved this problem using a technique called cycle walking, first formally analyzed by Black and Rogaway. Assuming the size of is a constant fraction of the size of , cycle walking allows one to encipher a point by applying the block-cipher on a small /expected/ number of times and times
in the worst case, where , without any degradation in security. We introduce an alternative to cycle walking that we call /reverse cycle walking/, which lowers the worst-case number of times we must apply the block-cipher on from to . Additionally, when the underlying block-cipher on is secure against adversarial queries, we show that applying reverse cycle walking gives us a cipher on secure even if the adversary is allowed to query all of the domain points. Such fully-secure ciphers have been the the target of numerous recent papers
Distributed & Scalable Oblivious Sorting and Shuffling
Existing oblivious systems offer robust security by concealing memory access patterns, but they encounter significant scalability and performance challenges. Recent efforts to enhance the practicality of these systems involve embedding oblivious computation, e.g., oblivious sorting and shuffling, within Trusted Execution Environments (TEEs). For instance, oblivious sort has been heavily utilized: in Oblix (S&P\u2718), when oblivious indexes are created and accessed; in Snoopy\u27s high-throughput oblivious key-value (SOSP\u2721) during initialization and when the input requests are deduplicated and prepared for delivery; in Opaque (NSDI\u2717) for all the proposed oblivious SQL operators; in the state-of-the-art non-foreign key oblivious join approach (PVLDB\u2720). Additionally, oblivious sort/shuffle find applications in Signal\u27s commercial solution for contact discovery, anonymous Google\u27s Key Transparency, Searchable Encryption, software monitoring, and differentially private federated learning with user privacy.
In this work, we address the scalability bottleneck of oblivious sort and shuffle by re-designing these approaches to achieve high efficiency in distributed multi-enclave environments. First, we propose a multi-threaded bitonic sort optimized for the distributed setting, making it the most performant oblivious sort for small number of enclaves (up to 4). For larger numbers of enclaves, we propose a novel oblivious bucket sort, which improves data locality and network consumption and outperforms our optimized distributed bitonic-sort by up to 5-6x. To the best of our knowledge, these are the first distributed oblivious TEE-based sorting solutions. For reference, we are able to sort 2 GiB of data in 1 second and 128 GiB in 53.4 seconds in a multi-enclave test. A fundamental building block of our oblivious bucket-sort is an oblivious shuffle that improves the prior state-of-the-art result (CCS\u2722) by up to 9.5x in the distributed multi-enclave setting---interestingly it is better by 10% even in the single-enclave/multi-thread setting
Fast Fully Oblivious Compaction and Shuffling
Several privacy-preserving analytics frameworks have been proposed that use trusted execution environments (TEEs) like Intel SGX. Such frameworks often use compaction and shuffling as core primitives. However, due to advances in TEE side-channel attacks, these primitives, and the applications that use them, should be _fully oblivious_; that is, perform instruction sequences and memory accesses that do not depend on the secret inputs. Such obliviousness would eliminate the threat of leaking private information through memory or timing side channels, but achieving it naively can result in a significant performance cost.
In this work, we present fast, fully oblivious algorithms for compaction and shuffling. We implement and evaluate our designs to show that they are practical and outperform the state of the art. Our oblivious compaction algorithm, ORCompact, is always faster than the best alternative and can yield up to a 5x performance improvement. For oblivious shuffling, we provide two novel algorithms: ORShuffle and BORPStream. ORShuffle outperforms prior fully oblivious shuffles in all experiments, and it provides the largest speed increases—up to 1.8x—when shuffling a large number of small items. BORPStream outperforms all other algorithms when shuffling a large number of large items, with a speedup of up to 1.4x in such cases. It can obtain even larger performance improvements in application settings where the items to shuffle arrive incrementally over time, obtaining a speedup of as much as 4.2x. We additionally give parallel versions of all of our algorithms, prove that they have low parallel step complexity, and experimentally show a 5–6x speedup on an 8-core processor.
Finally, ours is the first work with the explicit goal of ensuring full obliviousness of complex functionalities down to the implementation level. To this end, we design Fully Oblivious Assembly Verifier (FOAV), a tool that verifies the binary has no secret-dependent conditional branches
Random permutations using switching networks
We consider the problem of designing a simple, oblivious scheme to generate (almost) random permutations. We use the concept of switching networks and show that almost every switching network of logarithmic depth can be used to almost randomly permute any set of (1-ε) n elements with any ε > 0 (that is, gives an almost (1-ε) n$-wise independent permutation). Furthermore, we show that the result still holds for every switching network of logarithmic depth that has some special expansion properties, leading to an explicit construction of such networks. Our result can be also extended to an explicit construction of a switching network of depth O(log2n) and with O(n log n) switches that almost randomly permutes any set of n elements. We also discuss basic applications of these results in cryptography. Our results are obtained using a non-trivial coupling approach to study mixing times of Markov chains which allows us to reduce the problem to some random walk-like problem on expanders