research-article

Path ORAM: An Extremely Simple Oblivious RAM Protocol

Authors:
Emil Stefanov

UC Berkeley, CA, USA

UC Berkeley, CA, USA
View Profile

,
Marten Van Dijk

University of Connecticut, CT, USA

University of Connecticut, CT, USA
View Profile

,
Elaine Shi

Cornell University, NY, USA

Cornell University, NY, USA
View Profile

,
T.-H. Hubert Chan

University of Hong Kong, Pokfulam Road, Hong Kong

University of Hong Kong, Pokfulam Road, Hong Kong
View Profile

,
Christopher Fletcher

University of Illinois at Urbana-Champaign, IL, USA

University of Illinois at Urbana-Champaign, IL, USA
View Profile

,
Ling Ren

MIT CSAIL, MA, USA

MIT CSAIL, MA, USA
View Profile

,
Xiangyao Yu

MIT CSAIL, MA, USA

MIT CSAIL, MA, USA
View Profile

,
Srinivas Devadas

MIT CSAIL, MA, USA

MIT CSAIL, MA, USA
View Profile

Authors Info & Claims

Journal of the ACM Volume 65 Issue 4Article No.: 18pp 1–26https://doi.org/10.1145/3177872

Published:12 April 2018Publication History

Journal of the ACM

Abstract

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM has a O(log N) bandwidth cost for blocks of size B = Ω (log² N) bits. For such block sizes, Path ORAM is asymptotically better than the best-known ORAM schemes with small client storage. Due to its practicality, Path ORAM has been adopted in the design of secure processors since its proposal.

References

Miklós Ajtai. 2010. Oblivious RAMs without cryptogrpahic assumptions. In Proceedings of the 42nd ACM Symposium on Theory of Computing (STOC’10). ACM, 181--190. Google ScholarDigital Library
Vincent Bindschaedler, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, and Yan Huang. 2015. Practicing oblivious access on cloud storage: The gap, the fallacy, and the new way forward. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 837--849. Google ScholarDigital Library
Dan Boneh, David Mazieres, and Raluca Ada Popa. 2011. Remote Oblivious Storage: Making Oblivious RAM practical. Manuscript. Retrieved from http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf.Google Scholar
Elette Boyle, Kai-Min Chung, and Rafael Pass. 2015. Large-scale secure computation: Multi-party computation for (parallel) RAM programs. In Advances in Cryptology - Proceedings of the 35th Annual Cryptology Conference (CRYPTO’15), Part II. Springer, 742--762.Google ScholarCross Ref
Elette Boyle, Kai-Min Chung, and Rafael Pass. 2016. Oblivious parallel RAM and applications. In Theory of Cryptography Conference. Springer, 175--204.Google ScholarCross Ref
Elette Boyle and Moni Naor. 2016. Is there an oblivious RAM lower bound? In Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science. ACM, 357--368. Google ScholarDigital Library
Ran Canetti, Yilei Chen, Justin Holmgren, and Mariana Raykova. 2016. Adaptive succinct garbled RAM or: How to delegate your database. In Theory of Cryptography Conference. Springer, 61--90. Google ScholarDigital Library
Ran Canetti and Justin Holmgren. 2016. Fully succinct garbled RAM. In Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science (ITCS’16). ACM. Google ScholarDigital Library
Ran Canetti, Justin Holmgren, Abhishek Jain, and Vinod Vaikuntanathan. 2015. Succinct garbling and indistinguishability obfuscation for RAM programs. In Proceedings of the 47th Annual ACM Symposium on Theory of Computing (STOC’15). ACM, 429--437. Google ScholarDigital Library
David Cash, Alptekin Küpçü, and Daniel Wichs. 2013. Dynamic proofs of retrievability via oblivious RAM. In Advances in Cryptology (EUROCRYPT’13). Springer, 279--295.Google Scholar
Binyi Chen, Huijia Lin, and Stefano Tessaro. 2016. Oblivious parallel ram: Improved efficiency and generic constructions. In Theory of Cryptography Conference. Springer, 205--234.Google ScholarCross Ref
Benny Chor and Niv Gilboa. 1997. Computationally private information retrieval (extended abstract). In Proceedings of the 29th Annual ACM Symposium on Theory of Computing (STOC’97). ACM, 304--313. Google ScholarDigital Library
Benny Chor, Eyal Kushilevitz, Oded Goldreich, and Madhu Sudan. 1998. Private information retrieval. Journal of the ACM (JACM) 45, 6 (1998), 965--981. Google ScholarDigital Library
Kai-Min Chung, Zhenming Liu, and Rafael Pass. 2013. Statistically-secure ORAM with Õ(log2 n) Overhead. Retrieved from http://arxiv.org/abs/1307.3699.Google Scholar
Kai-Min Chung and Rafael Pass. 2013. A Simple ORAM. Retrieved from https://eprint.iacr.org/2013/243.pdf.Google Scholar
Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky. 2006. Searchable symmetric encryption: Improved definitions and efficient constructions. In Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, 79--88. Google ScholarDigital Library
Ivan Damgård, Sigurd Meldgaard, and Jesper Buus Nielsen. 2011. Perfectly secure oblivious RAM without random oracles. In Proceedings of the 8th Conference on Theory of Cryptography (TCC’11). Springer-Verlag, Berlin, 144--163. Google ScholarDigital Library
Jonathan Dautrich, Emil Stefanov, and Elaine Shi. 2014. Burst ORAM: Minimizing ORAM response times for bursty access patterns. In 23rd USENIX Security Symposium. USENIX Association, 749--764. Google ScholarDigital Library
Srinivas Devadas, Marten van Dijk, Christopher W. Fletcher, Ling Ren, Elaine Shi, and Daniel Wichs. 2016. Onion ORAM: A constant bandwidth blowup oblivious ORAM. In Theory of Cryptography. Springer, 145--174.Google Scholar
Devdatt P. Dubhashi and Desh Ranjan. 1998. Balls and bins: A study in negative dependence. Random Structures and Algorithms 13, 2 (1998), 99--124. Google ScholarDigital Library
Christopher W. Fletcher, Marten van Dijk, and Srinivas Devadas. 2012. A secure processor architecture for encrypted computation on untrusted programs. In Proceedings of the 7th ACM Workshop on Scalable Trusted Computing. ACM, 3--8. Google ScholarDigital Library
Christopher W. Fletcher, Muhammad Naveed, Ling Ren, Elaine Shi, and Emil Stefanov. 2015a. Bucket ORAM: Single online roundtrip, constant bandwidth oblivious RAM. IACR Cryptology ePrint Archive (2015), 1065.Google Scholar
Christopher W. Fletcher, Ling Ren, Albert Kwon, Marten van Dijk, and Srinivas Devadas. 2015b. Freecursive oram: {Nearly} free recursion and integrity verification for position-based oblivious RAM. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 103--116. Google ScholarDigital Library
Christopher W. Fletcher, Ling Ren, Albert Kwon, Marten van Dijk, Emil Stefanov, Dimitrios Serpanos, and Srinivas Devadas. 2015c. A low-latency, low-area hardware oblivious RAM controller. In 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM’15). IEEE, 215--222. Google ScholarDigital Library
Sanjam Garg, Steve Lu, and Rafail Ostrovsky. 2015a. Black-box garbled RAM. In 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS’15). IEEE, 210--229. Google ScholarDigital Library
Sanjam Garg, Steve Lu, Rafail Ostrovsky, and Alessandra Scafuro. 2015b. Garbled RAM from one-way functions. In Proceedings of the 47th Annual ACM on Symposium on Theory of Computing. ACM, 449--458. Google ScholarDigital Library
Sanjam Garg, Payman Mohassel, and Charalampos Papamanthou. 2016. TWORAM: Efficient oblivious RAM in two rounds with applications to searchable encryption. In Annual Cryptology Conference. Springer, 563--592. Google ScholarDigital Library
Craig Gentry, Kenny A. Goldman, Shai Halevi, Charanjit Julta, Mariana Raykova, and Daniel Wichs. 2013. Optimizing ORAM and using it efficiently for secure computation. In Privacy Enhancing Technologies. Springer, 1--18.Google Scholar
Craig Gentry, Shai Halevi, Steve Lu, Rafail Ostrovsky, Mariana Raykova, and Daniel Wichs. 2014. Garbled RAM revisited. In Advances in Cryptology - EUROCRYPT - International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 405--422.Google ScholarCross Ref
Oded Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In STOC. ACM, 182--194. Google ScholarDigital Library
Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM) 43 (1996), 431--473. Google ScholarDigital Library
Michael T. Goodrich and Michael Mitzenmacher. 2011. Privacy-preserving access of outsourced data via oblivious RAM simulation. In Automata, Languages and Programming. Springer, 576--587. Google ScholarDigital Library
Michael T. Goodrich, Michael Mitzenmacher, Olga Ohrimenko, and Roberto Tamassia. 2012. Privacy-preserving group data access via stateless oblivious RAM simulation. In SODA. SIAM, 157--167. Google ScholarDigital Library
S. Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Fernando Krell, Tal Malkin, Mariana Raykova, and Yevgeniy Vahlis. 2012. Secure two-party computation in sublinear (amortized) time. In ACM Conference on Computer and Communications Security (CCS’12). ACM. Google ScholarDigital Library
Mor Harchol-Balter. 2013. Performance Modeling and Design of Computer Systems: Queueing Theory in Action. Cambridge University Press. Google ScholarDigital Library
Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS, Vol. 20, 12.Google Scholar
Marcel Keller and Peter Scholl. 2014. Efficient, oblivious data structures for MPC. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 506--525.Google ScholarCross Ref
Eyal Kushilevitz, Steve Lu, and Rafail Ostrovsky. 2012. On the (in) security of hash-based oblivious RAM and a new balancing scheme. In Proceedings of the 23rd Annual ACM-SIAM Symposium on Discrete Algorithms. SIAM, 143--156. Google ScholarDigital Library
Chang Liu, Austin Harris, Martin Maas, Michael Hicks, Mohit Tiwari, and Elaine Shi. 2015. GhostRider: A hardware-software system for memory trace oblivious computation. SIGPLAN Notices 50, 4 (March 2015), 87--101. Google ScholarDigital Library
Jacob R. Lorch, Bryan Parno, James W. Mickens, Mariana Raykova, and Joshua Schiffman. 2013. Shroud: Ensuring private access to large-scale data in the data center. FAST (2013), 199--213. Google ScholarDigital Library
Steve Lu and Rafail Ostrovsky. 2013. How to garble RAM programs. In EUROCRYPT. Springer.Google Scholar
Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. 2013. PHANTOM: Practical oblivious computation in a secure processor. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM. Google ScholarDigital Library
John C. Mitchell and Joe Zimmerman. 2014. Data-oblivious data structures. In Theoretical Aspects of Computer Science (STACS’14).Google Scholar
Muhammad Naveed, Manoj Prabhakaran, and Carl A. Gunter. 2014. Dynamic searchable encryption via blind storage. In IEEE Symposium on Security and Privacy (SP’14). IEEE, 639--654. Google ScholarDigital Library
Rafail Ostrovsky. 1990. Efficient computation on oblivious RAMs. In STOC. ACM, 514--523. Google ScholarDigital Library
Rafail Ostrovsky and Victor Shoup. 1997. Private information storage. In STOC. ACM, 294--303. Google ScholarDigital Library
Rafail Ostrovsky and William E. Skeith, III.2007. A survey of single-database private information retrieval: Techniques and applications. In Proceedings of the 10th International Conference on Practice and Theory in Public-Key Cryptography (PKC’07). Springer-Verlag, 393--411. Google ScholarDigital Library
Benny Pinkas and Tzachy Reinman. 2010. Oblivious RAM revisited. In Advances in Cryptology (CRYPTO’10). Springer, 502--519. Google ScholarDigital Library
Ling Ren, Christopher Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten van Dijk, and Srinivas Devadas. 2015. Constants count: Practical improvements to oblivious RAM. In 24th USENIX Security Symposium (USENIX Security’15). USENIX Association, 415--430. Google ScholarDigital Library
Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, and Srinivas Devadas. 2017. Design and implementation of the ascend secure processor. IEEE Transactions on Dependable and Secure Computing PP, 99 (2017).Google Scholar
Ling Ren, Christopher W. Fletcher, Xiangyao Yu, Marius van Dijk, and Srinivas Devadas. 2013a. Integrity verification for path oblivious-RAM. In HPEC. IEEE, 1--6.Google Scholar
Ling Ren, Xiangyao Yu, Christopher W. Fletcher, Marten Van Dijk, and Srinivas Devadas. 2013b. Design space exploration and optimization of path oblivious RAM in secure processors. In ACM SIGARCH Computer Architecture News, Vol. 41. ACM, 571--582. Google ScholarDigital Library
Cetin Sahin, Victor Zakhary, Amr El Abbadi, Huijia Rachel Lin, and Stefano Tessaro. 2016. TaoStore: Overcoming asynchronicity in oblivious data storage. In IEEE Symposium on Security and Privacy (SP’16).Google ScholarCross Ref
Elaine Shi, T.-H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O((log N)3) worst-case cost. In ASIACRYPT. Springer, 197--214. Google ScholarDigital Library
Elaine Shi, Emil Stefanov, and Charalampos Papamanthou. 2013. Practical dynamic proofs of retrievability. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. ACM, 325--336. Google ScholarDigital Library
Emil Stefanov and Elaine Shi. 2012. Path O-RAM: An extremely simple oblivious RAM protocol. CoRR abs/1202.5150 (2012).Google Scholar
Emil Stefanov and Elaine Shi. 2013a. Multi-cloud oblivious storage. In ACM Conference on Computer and Communications Security (CCS’13). ACM. Google ScholarDigital Library
Emil Stefanov and Elaine Shi. 2013b. ObliviStore: High performance oblivious cloud storage. In 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 253--267. Google ScholarDigital Library
Emil Stefanov, Elaine Shi, and Dawn Song. 2012. Towards practical oblivious RAM. In NDSS.Google Scholar
Xiao Wang, Hubert Chan, and Elaine Shi. 2015. Circuit ORAM: On tightness of the Goldreich-Ostrovsky lower bound. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 850--861. Google ScholarDigital Library
Xiao Shaun Wang, Kartik Nayak, Chang Liu, T. H. Chan, Elaine Shi, Emil Stefanov, and Yan Huang. 2014. Oblivious data structures. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 215--226. Google ScholarDigital Library
Peter Williams and Radu Sion. 2008. Usable PIR. In NDSS.Google Scholar
Peter Williams and Radu Sion. 2012. Single round access privacy on outsourced storage. In CCS. ACM, 293--304. Google ScholarDigital Library
Peter Williams, Radu Sion, and Bogdan Carbunar. 2008. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In CCS. ACM, 139--148. Google ScholarDigital Library
Peter Williams, Radu Sion, and Alin Tomescu. 2012. Privatefs: A parallel oblivious file system. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, 977--988. Google ScholarDigital Library

Index Terms

Path ORAM: An Extremely Simple Oblivious RAM Protocol
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Path ORAM: an extremely simple oblivious RAM protocol
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM ...
Read More
Three-Party ORAM for Secure Computation
Proceedings, Part I, of the 21st International Conference on Advances in Cryptology -- ASIACRYPT 2015 - Volume 9452

An Oblivious RAM ORAM protocol [13] allows a client to retrieve $${\mathrm {N}}$$-th element of a data array $${\mathsf {D}}$$ stored by the server s.t. the server learns no information about $${\mathrm {N}}$$. A related notion is that of an ORAM for ...
Read More
Deterministic, Stash-Free Write-Only ORAM
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Write-Only Oblivious RAM (WoORAM) protocols provide privacy by encrypting the contents of data and also hiding the pattern of write operations over that data. WoORAMs provide better privacy than plain encryption and better performance than more general ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Journal of the ACM Volume 65, Issue 4
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and Databases
August 2018
307 pages
ISSN:0004-5411
EISSN:1557-735X
DOI:10.1145/3208081
Editor:
Éva Tardos
Cornell University
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 12 April 2018
- Accepted: 1 January 2018
- Revised: 1 August 2017
- Received: 1 April 2014
Published in jacm Volume 65, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ORAM
Oblivious RAM
Path ORAM
access pattern
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 72
  Total Citations
  View Citations
- 1,666
  Total Downloads
- Downloads (Last 12 months)394
- Downloads (Last 6 weeks)37
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Path ORAM: An Extremely Simple Oblivious RAM Protocol

Journal of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Path ORAM: an extremely simple oblivious RAM protocol

Three-Party ORAM for Secure Computation

Deterministic, Stash-Free Write-Only ORAM