Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [oblivious-ram]

Oblivious RAM (O-RAM) is a useful primitive that allows a client to hide its data access patterns from an untrusted server in storage outsourcing applications.

Oblivious RAM (O-RAM) is a useful primitive that allows a client to hide its data access patterns from an untrusted server in storage outsourcing applications.

Roughly speaking, the adversary model for Oblivious RAM is as follows: an adversary can not distinguish between equal length sequence of queries made by the client to the server. Early solutions required the server to store $O(N*log(N))$ data items and each access to a data item actually required $O(log^3(N))$ data requests. Later work of Pinkas & Reinman brought this down to $O(N)$ storage and $O(log^2(N))$ requests, but their solution was insecure but an improvement later made this secure. Interestingly there is a theoretical lower bound on the number of requests of $log(N)$ because essentially, the overhead arises out of which data oblivious sorting algorithm one chooses.

17 questions
10
votes
0 answers

Is anyone using ORAM in practice?

Oblivious RAM has been around in theory for about 30 years at this point. Is anyone using it in practice? Has it made its way into industry? (Including any variants such as MPC ORAM or ORAM that uses trusted hardware for the client.)
Daniel-耶稣活着
  • 399
  • 3
  • 11
6
votes
2 answers

Efficiency of oblivious algorithms vs non-oblivious algorithms?

Recently, plenty of researchers are looking at designing efficient data-oblivious algorithms. Roughly speaking, an algorithm is said to be data-oblivious if its data access patterns are independednt of the input i.e. the data access pattern of the…
sun
  • 540
  • 2
  • 12
6
votes
2 answers

Are any of the practical implementations of ORAM being used in a real world system?

The concept of Oblivious RAM (ORAM) was first introduced by Oded Goldreich and Rafail Ostrovsky in 1996. However, in the past 5-10 years there has been a surge in the amount of research that looks into various realizations, optimizations and…
sun
  • 540
  • 2
  • 12
5
votes
2 answers

ORAM over Third Party DB

Oblivious Ram (ORAM) is a cryptographic technique that is used for secure DB querying without leakage on the access patterns. There are several schemes for ORAM, amongst the most popular ones, there is Path ORAM. However, and as far as I understand…
DaWNFoRCe
  • 892
  • 7
  • 17
5
votes
2 answers

Which concrete applications benefit from Oblivious RAM constructions?

The main motivation for Oblivious RAM (ORAM) is that, for instance, in the "cloud" setting a client outsources his data to a server in the form of encrypted blocks. Later on, he wants to perform read and write operation on these encrypted blocks,…
Cryptonaut
  • 1,106
  • 7
  • 19
3
votes
1 answer

Optimal bandwidth cost for Oblivious RAM

Goldreich and Ostrovsky show that any ORAM algorithm must have bandwidth cost $\Omega(logN)$, where $N$ is the total number of blocks outsourced. This is in Theorem C of this paper. But they didn't give any proof for this Theorem. Is there other…
Jan Leo
  • 925
  • 6
  • 14
2
votes
0 answers

Computationally secure ORAMs with O(lg n)-bit words: shouldn't they fail with $n^{-O(1)}$ probability?

Virtually all "hierarchical" Oblivious RAMs use "cryptographically secure" hash functions to determine the position of an item at a given level; and implicitly assume (as can be evinced from the cost analysis in the respective papers) that these…
Anonymous
  • 21
  • 2
2
votes
1 answer

Path ORAM asymptotics for arbitrary block sizes

The Path-ORAM construction assumes that the data outsourced into the ORAM scheme is split into blocks of size $\Omega(\log^2{n})$. With respect to this assumption the authors state that their storage overhead is $20N$ and their bandwidth overhead is…
Cryptonaut
  • 1,106
  • 7
  • 19
2
votes
1 answer

How is the re-encryption done in Path ORAM?

Path ORAM block headers store nonce that is used to re-encrypt the data on access. Every time a block is accessed, the nonce is updated. If the header itself is encrypted, how's the decryption done when the block is fetched next time? If the header…
sherlock
  • 559
  • 6
  • 11
2
votes
1 answer

About ORAM initalization and running out of space

I have two questions about ORAM Since at the beginning,the server allocates unused storage for ORAM cient,there are no user's data in the storage.if now client access the storage the server will know that client is writing data except that the…
D.V.
  • 151
  • 9
2
votes
0 answers

PathORAM with read path eviction

I am currently trying to implement the pathORAM algorithm as describe in this paper: https://eprint.iacr.org/2013/280.pdf The paper states that with high probability, the stash size will be bounded by some R. Is there a way to know what this R will…
Iliketoproveit
  • 151
  • 3
1
vote
0 answers

Is it possible to Publicly Query Privately Held Data with proof of Correctness?

We can secretly query inputs from a public DBs using what we call in the literature PIR. We can secretly query inputs from a privately held DB by means of Private Set Intersection (PSI). We can also secretly read/write from a private DB, using ORAM.…
DaWNFoRCe
  • 892
  • 7
  • 17
1
vote
0 answers

How is an oblivious stack integrated in garbled circuits?

I read a paper in which a tree search algorithm (specifically a DPLL SAT solver) is implemented with garbled circuits. In this tree search algorithm, we have (obviously) the typical 'forward' steps and 'backward' steps one would expect to find in a…
evilquestion
  • 83
  • 5
1
vote
0 answers

What exactly is the RAM program runtime?

In my previous understanding, if a RAM program requires $T$ read/write operations to memory during its execution, then the runtime of this RAM program is $T$. However, as I have read some literature, I have realized that my understanding may not be…
Emison Lu
  • 112
  • 5
0
votes
0 answers

Privacy-preserving source to destination shortest path algorithms with real-time querying

I'm looking for implementations of privacy-preserving shortest path algorithms that offer real-time or near real-time query performance, where both the source and destination nodes are kept secret. I've explored a few options but haven't found…
captain
  • 101
  • 1
1
2