Is There an Oblivious RAM Lower Bound for Online Reads?

被引:0
|
作者
Mor Weiss
Daniel Wichs
机构
[1] Faculty of Engineering,Department of Computer Science
[2] Bar-Ilan University,undefined
[3] Northeastern University,undefined
来源
Journal of Cryptology | 2021年 / 34卷
关键词
D O I
暂无
中图分类号
学科分类号
摘要
Oblivious RAM (ORAM), introduced by Goldreich (STOC 1987) and Ostrovsky (STOC 1990), can be used to read and write to memory in a way that hides which locations are being accessed. The best known ORAM schemes have an O(logn)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$O(\log n)$$\end{document} overhead per access, where n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$n$$\end{document} is the data size. The work of Goldreich and Ostrovsky (JACM 1996) gave a lower bound, showing that this is optimal for ORAM schemes that operate in a “balls and bins” model, where memory blocks can only be shuffled between different locations but not manipulated otherwise (and the server is used solely as remote storage). The lower bound even extends to weaker settings such as offline ORAM, where all of the accesses to be performed need to be specified ahead of time, and read-only ORAM, which only allows reads but not writes. But can we get lower bounds for general ORAM, beyond “balls and bins”? The work of Boyle and Naor (ITCS 2016) shows that this is unlikely in the offline setting. In particular, they construct an offline ORAM with o(logn)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$o(\log n)$$\end{document} overhead assuming the existence of small sorting circuits. Although we do not have instantiations of the latter, ruling them out would require proving new circuit lower bounds. On the other hand, the recent work of Larsen and Nielsen (CRYPTO 2018) shows that there indeed is an Ω(logn)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\Omega (\log n)$$\end{document} lower bound for general online ORAM. This still leaves the question open for online read-only ORAM or for read/write ORAM where we want very small overhead for the read operations. In this work, we show that a lower bound in these settings is also unlikely. In particular, our main result is a construction of online ORAM, in which the server is used solely as remote storage, where reads (but not writes) have an o(logn)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$o(\log n)$$\end{document} overhead, assuming the existence of small sorting circuits as well as very good locally decodable codes (LDCs). Although we do not have instantiations of either of these with the required parameters, ruling them out is beyond current lower bounds.
引用
收藏
相关论文
共 50 条
  • [1] Is There an Oblivious RAM Lower Bound for Online Reads?
    Weiss, Mor
    Wichs, Daniel
    [J]. JOURNAL OF CRYPTOLOGY, 2021, 34 (03)
  • [2] Is There an Oblivious RAM Lower Bound for Online Reads?
    Weiss, Mor
    Wichs, Daniel
    [J]. THEORY OF CRYPTOGRAPHY, TCC 2018, PT II, 2018, 11240 : 603 - 635
  • [3] Is There an Oblivious RAM Lower Bound?
    Boyle, Elette
    Naor, Moni
    [J]. ITCS'16: PROCEEDINGS OF THE 2016 ACM CONFERENCE ON INNOVATIONS IN THEORETICAL COMPUTER SCIENCE, 2016, : 357 - 368
  • [4] Yes, There is an Oblivious RAM Lower Bound!
    Larsen, Kasper Green
    Nielsen, Jesper Buus
    [J]. ADVANCES IN CRYPTOLOGY - CRYPTO 2018, PT II, 2018, 10992 : 523 - 542
  • [5] A Logarithmic Lower Bound for Oblivious RAM (for All Parameters)
    Komargodski, Ilan
    Lin, Wei-Kai
    [J]. ADVANCES IN CRYPTOLOGY - CRYPTO 2021, PT IV, 2021, 12828 : 579 - 609
  • [6] A Lower Bound for One-Round Oblivious RAM
    Cash, David
    Drucker, Andrew
    Hoover, Alexander
    [J]. THEORY OF CRYPTOGRAPHY, TCC 2020, PT I, 2020, 12550 : 457 - 485
  • [7] A Lower Bound for Oblivious Dimensional Routing
    Osterloh, Andre
    [J]. EURO-PAR 2009: PARALLEL PROCESSING, PROCEEDINGS, 2009, 5704 : 1003 - 1010
  • [8] Succinct Oblivious RAM
    Onodera, Taku
    Shibuya, Tetsuo
    [J]. 35TH SYMPOSIUM ON THEORETICAL ASPECTS OF COMPUTER SCIENCE (STACS 2018), 2018, 96
  • [9] Oblivious RAM Revisited
    Pinkas, Benny
    Reinman, Tzachy
    [J]. ADVANCES IN CRYPTOLOGY - CRYPTO 2010, 2010, 6223 : 502 - +
  • [10] Lower Bound Framework for Differentially Private and Oblivious Data Structures
    Persiano, Giuseppe
    Yeo, Kevin
    [J]. ADVANCES IN CRYPTOLOGY - EUROCRYPT 2023, PT I, 2023, 14004 : 487 - 517