824 research outputs found
Sub-logarithmic Distributed Oblivious RAM with Small Block Size
Oblivious RAM (ORAM) is a cryptographic primitive that allows a client to
securely execute RAM programs over data that is stored in an untrusted server.
Distributed Oblivious RAM is a variant of ORAM, where the data is stored in
servers. Extensive research over the last few decades have succeeded to
reduce the bandwidth overhead of ORAM schemes, both in the single-server and
the multi-server setting, from to . However, all known
protocols that achieve a sub-logarithmic overhead either require heavy
server-side computation (e.g. homomorphic encryption), or a large block size of
at least .
In this paper, we present a family of distributed ORAM constructions that
follow the hierarchical approach of Goldreich and Ostrovsky [GO96]. We enhance
known techniques, and develop new ones, to take better advantage of the
existence of multiple servers. By plugging efficient known hashing schemes in
our constructions, we get the following results:
1. For any , we show an -server ORAM scheme with overhead, and block size . This scheme is
private even against an -server collusion. 2. A 3-server ORAM
construction with overhead and a block size
almost logarithmic, i.e. .
We also investigate a model where the servers are allowed to perform a linear
amount of light local computations, and show that constant overhead is
achievable in this model, through a simple four-server ORAM protocol
MPC for MPC: Secure Computation on a Massively Parallel Computing Architecture
Massively Parallel Computation (MPC) is a model of computation widely believed to best capture realistic parallel computing architectures such as large-scale MapReduce and Hadoop clusters. Motivated by the fact that many data analytics tasks performed on these platforms involve sensitive user data, we initiate the theoretical exploration of how to leverage MPC architectures to enable efficient, privacy-preserving computation over massive data. Clearly if a computation task does not lend itself to an efficient implementation on MPC even without security, then we cannot hope to compute it efficiently on MPC with security. We show, on the other hand, that any task that can be efficiently computed on MPC can also be securely computed with comparable efficiency. Specifically, we show the following results:
- any MPC algorithm can be compiled to a communication-oblivious counterpart while asymptotically preserving its round and space complexity, where communication-obliviousness ensures that any network intermediary observing the communication patterns learn no information about the secret inputs;
- assuming the existence of Fully Homomorphic Encryption with a suitable notion of compactness and other standard cryptographic assumptions, any MPC algorithm can be compiled to a secure counterpart that defends against an adversary who controls not only intermediate network routers but additionally up to 1/3 - ? fraction of machines (for an arbitrarily small constant ?) - moreover, this compilation preserves the round complexity tightly, and preserves the space complexity upto a multiplicative security parameter related blowup.
As an initial exploration of this important direction, our work suggests new definitions and proposes novel protocols that blend algorithmic and cryptographic techniques
More is Less: Perfectly Secure Oblivious Algorithms in the Multi-Server Setting
The problem of Oblivious RAM (ORAM) has traditionally been studied in a
single-server setting, but more recently the multi-server setting has also been
considered. Yet it is still unclear whether the multi-server setting has any
inherent advantages, e.g., whether the multi-server setting can be used to
achieve stronger security goals or provably better efficiency than is possible
in the single-server case.
In this work, we construct a perfectly secure 3-server ORAM scheme that
outperforms the best known single-server scheme by a logarithmic factor. In the
process, we also show, for the first time, that there exist specific algorithms
for which multiple servers can overcome known lower bounds in the single-server
setting.Comment: 36 pages, Accepted in Asiacrypt 201
Towards Practical Oblivious RAM
We take an important step forward in making Oblivious RAM (O-RAM) practical.
We propose an O-RAM construction achieving an amortized overhead of 20X-35X
(for an O-RAM roughly 1 terabyte in size), about 63 times faster than the best
existing scheme. On the theoretic front, we propose a fundamentally novel
technique for constructing Oblivious RAMs: specifically, we partition a bigger
O-RAM into smaller O-RAMs, and employ a background eviction technique to
obliviously evict blocks from the client-side cache into a randomly assigned
server-side partition. This novel technique is the key to achieving the gains
in practical performance
Communication Complexity and Secure Function Evaluation
We suggest two new methodologies for the design of efficient secure
protocols, that differ with respect to their underlying computational models.
In one methodology we utilize the communication complexity tree (or branching
for f and transform it into a secure protocol. In other words, "any function f
that can be computed using communication complexity c can be can be computed
securely using communication complexity that is polynomial in c and a security
parameter". The second methodology uses the circuit computing f, enhanced with
look-up tables as its underlying computational model. It is possible to
simulate any RAM machine in this model with polylogarithmic blowup. Hence it is
possible to start with a computation of f on a RAM machine and transform it
into a secure protocol.
We show many applications of these new methodologies resulting in protocols
efficient either in communication or in computation. In particular, we
exemplify a protocol for the "millionaires problem", where two participants
want to compare their values but reveal no other information. Our protocol is
more efficient than previously known ones in either communication or
computation
The Cost of Address Translation
Modern computers are not random access machines (RAMs). They have a memory
hierarchy, multiple cores, and virtual memory. In this paper, we address the
computational cost of address translation in virtual memory. Starting point for
our work is the observation that the analysis of some simple algorithms (random
scan of an array, binary search, heapsort) in either the RAM model or the EM
model (external memory model) does not correctly predict growth rates of actual
running times. We propose the VAT model (virtual address translation) to
account for the cost of address translations and analyze the algorithms
mentioned above and others in the model. The predictions agree with the
measurements. We also analyze the VAT-cost of cache-oblivious algorithms.Comment: A extended abstract of this paper was published in the proceedings of
ALENEX13, New Orleans, US
Deterministic, Stash-Free Write-Only ORAM
Write-Only Oblivious RAM (WoORAM) protocols provide privacy by encrypting the
contents of data and also hiding the pattern of write operations over that
data. WoORAMs provide better privacy than plain encryption and better
performance than more general ORAM schemes (which hide both writing and reading
access patterns), and the write-oblivious setting has been applied to important
applications of cloud storage synchronization and encrypted hidden volumes. In
this paper, we introduce an entirely new technique for Write-Only ORAM, called
DetWoORAM. Unlike previous solutions, DetWoORAM uses a deterministic,
sequential writing pattern without the need for any "stashing" of blocks in
local state when writes fail. Our protocol, while conceptually simple, provides
substantial improvement over prior solutions, both asymptotically and
experimentally. In particular, under typical settings the DetWoORAM writes only
2 blocks (sequentially) to backend memory for each block written to the device,
which is optimal. We have implemented our solution using the BUSE (block device
in user-space) module and tested DetWoORAM against both an encryption only
baseline of dm-crypt and prior, randomized WoORAM solutions, measuring only a
3x-14x slowdown compared to an encryption-only baseline and around 6x-19x
speedup compared to prior work
- …