Upload File

oblivious data structures - crypto 2014 rump session€¦ · compared with path oram; data size...

  • Home
  • Documents
  • Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue
21
Oblivious Data Structures Xiao Shaun Wang, Kartik Nayak, Chang Liu, T-H. Hubert Chan, Elaine Shi, Emil Stefanov, Yan Huang

Upload: others

Post on 22-Jun-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Oblivious Data StructuresXiao Shaun Wang, Kart ik Nayak, Chang L iu , T-H. Hubert Chan, E la ine Sh i , Emi l Stefanov, Yan Huang

Page 2: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Hierarchical ORAMs

[Goldreich’87][GO’96][KLO’12]

Oblivious RAM is a cryptographic primitive for provably obfuscating access patterns to data.

Page 3: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Hierarchical ORAMs

[Goldreich’87][GO’96][KLO’12]

Bandwidth Overhead:=Data transferred in oblivious case

Data transferred in non-oblivious case

Page 4: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Hierarchical ORAMs

[Goldreich’87][GO’96][KLO’12]

Tree-based ORAM[SCSL’11]

[SDSCFRYD’13]

Bandwidth Overhead:=Data transferred in oblivious case

Data transferred in non-oblivious case

Page 5: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Can we do better?

Best known ORAM achievesO(log2 N/log log N) overhead [KLO’12]

Page 6: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Can we do better?

Best known ORAM achievesO(log2 N/log log N) overhead [KLO’12]

Path ORAM partially solves this problem

Page 7: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Can we do better?

Best known ORAM achievesO(log2 N/log log N) overhead [KLO’12]

Page 8: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Can we do better for

restricted access patterns?

Best known ORAM achievesO(log2 N/log log N) overhead [KLO’12]

Page 9: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

RAM

Page 10: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree trees

Access patterns with locality

RAM

Page 11: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree trees

Access patterns with locality

Can we do better for these

restricted access patterns?

Page 12: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree trees

Access patterns with locality

Can we do better for these

restricted access patterns?

YES

Page 13: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree tree

Stack / Queue

Page 14: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree tree

Stack / QueueMap (AVL

tree, B tree) Heap

Page 15: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree treeThe effective overhead is O(log N)

Stack / QueueMap (AVL

tree, B tree) Heap

Page 16: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree treeThe effective overhead is O(log N)

Stack / QueueMap (AVL

tree, B tree) Heap

ORAM: O(log2 N/log log N)

Page 17: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Bounded-degree treeThe effective overhead is O(log N)

Inspired by [GGHJRW’13]

Speedup

Bandwidth overhead 12x – 16x

Circuit size 10x – 14x

Compared with Path ORAM; data size 230

Stack / QueueMap (AVL

tree, B tree) Heap

Page 18: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Access patterns with locality

Page 19: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Access patterns with localityOverhead:

2-dimensional grid

O(log1.5 N)

Deque, doubly linked list

O(log N)

General graphs

O(12d log2-1/d N)d: doubling dimension of the graph

Page 20: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Access patterns with localityOverhead:

2-dimensional grid

O(log1.5 N)

Deque, doubly linked list

O(log N)

General graphs

O(12d log2-1/d N)d: doubling dimension of the graph

Bandwidth overhead speedup for deque, doubly linked list - 9x

Compared with Path ORAM; data size 230

Page 21: Oblivious Data Structures - Crypto 2014 rump session€¦ · Compared with Path ORAM; data size 230. Open source implementation on a garbled circuit backend coming soon Stack / Queue

Open source implementation

on a garbled circuit backend

coming soon

Stack / Queue

Map (AVL tree)

Heap

Deque

Doubly linked list

Oblivious Data Structures: [WNLCSSH’14]

Thank [email protected]


Witness Encryption from Garbled Circuit and Multikey Fully

Social Marketing presentatie ORAM

Garbled Circuits Checking Garbled Circuits More efficient and Secure Two-Party Computation

Practical Garbled Circuit Optimizations

Burst ORAM: Minimizing ORAM Response Times for Bursty Access

Rump : iOS patch diffing

ORAM: A Brief Overview

H-ORAM: A Cacheable ORAM Interface for Efficient I/O Accessesd-scholarship.pitt.edu/36374/7/liuliang_etdPitt2019.pdf · H-ORAM: A Cacheable ORAM Interface for Efficient I/O Accesses

SFE: Yao’s Garbled Circuit

LA GENOMIQUE - auriva-elevage.frauriva-elevage.fr/wp-content/uploads/2017/08/Abondance_2017.6.pdf · Slide depth Rump Rump lenght Hips width Trochanteurs width Rump anlge Feet & legs

Appsec rump reverse-i_os_machook

Techniques for Practical ORAM and ORAM in HardwareTechniques for Practical ORAM and ORAM in Hardware. Oblivious RAM 2 Client ORAM Algorithm Untrusted ... • Applications – Encrypted

Oram And Secure Computation

Tunably-Oblivious Memory: Generalizing ORAM to Enable ...ravi/Papers/DBConf/p313-dautrich.pdf · cal ORAM [22,23] requires log 2Nndwidth cost. Path ba ORAM [24] requires closer to

Foundations of Garbled Circuits - Cryptology ePrint Archive

Revisiting Square Root ORAM - DIMACSdimacs.rutgers.edu/Workshops/RAM/Slides/zahur.pdfBenchmarks Task Parameters Linear scan Circuit ORAM Square-root ORAM Binary search 210 searches

Ring ORAM: Closing the Gap Between Small and Large Client ......ORAM outperforms Path ORAM (which is given equal storage) by 4:5 and SSS ORAM, the prior-art scheme for large client

Rump attaque usb_caralinda_fabrice

Garbled text in email

Faster Secure Two-Party Computation Using Garbled Circuits

Prof. Dr. Jutta Rump

Antha Arabi Kadal Oram

Draft oram AJkh - perpus.menpan.go.id

Onde as pessoas oram

Garbled RAM, Revisited

GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University

Oram Plus - Buy Oram Plus - Buy 2 Get 1 Free

On the Rump 2011

ALBRECHT DURER - MAOS QUE ORAM

Practical Garbled Circuit Optimizationsweb.engr.oregonstate.edu/~rosulekm/pubs/gc-survey-talk.pdf · Practical Garbled Circuit Optimizations Mike Rosulek Collaborators: David Evans

A Gentle Introduction to Yao's Garbled Circuitsweb.mit.edu/sonka89/www/papers/2017ygc.pdf · A Gentle Introduction to Yao’s Garbled Circuits SophiaYakoubov BostonUniveristy Abstract

Reusable Garbled Circuit Implementation of AES to Avoid

Inter Rump i Das

Being jamie baker kelly oram

On The Rump 2012