panorama oblivious ram with logarithmic overhead
play

PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel, - PowerPoint PPT Presentation

Oct 02, 2023 •274 likes •1.13k views

PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel, Giuseppe Persiano, Mariana Raykova, Kevin Yeo Most frequently used file Bob knows what files I am accessing Bandwidth is expensive Retrieve the whole database Oblivious RAM

  1. PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel, Giuseppe Persiano, Mariana Raykova, Kevin Yeo

  5. Most frequently used file Bob knows what files I am accessing

  6. Bandwidth is expensive Retrieve the whole database

  7. Oblivious RAM [GO’96] Access pattern hiding ORAM polylogarithmic overhead (amortized)

  8. How Efficient Can an ORAM Construction be?

  9. ORAM Lower Bound

  10. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound O(log C N) blocks for database of N blocks and client memory of C blocks ○

  11. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound O(log C N) blocks for database of N blocks and client memory of C blocks ○ Caveats: ○ Server only moves and retrieves blocks (does not do any computation) ■ Constructions with statistical security ■ Constructions that work for any block size ■ The client can have oracle access to a private random function ■

  12. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound Ω (log C N) blocks for database of N blocks and client memory of C blocks ○ Caveats: ○ Server only moves and retrieves blocks (does not do any computation) ■ Constructions with statistical security ■ Constructions that work for any block size ■ The client can have oracle access to a private random function ■ Boyle-Naor’16 ● Formalized the “balls and bins” model ○ Evidence for the hardness of extending the lower bound beyond the ball and bins model ○ Reduction from sorting circuits to ORAM ■

  13. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound Ω (log C N) blocks for database of N blocks and client memory of C blocks ○ Caveats: ○ Server only moves and retrieves blocks (does not do any computation) ■ Constructions with statistical security ■ Constructions that work for any block size ■ The client can have oracle access to a private random function ■ Boyle-Naor’16 ● Formalized the “balls and bins” model ○ Evidence for the hardness of extending the lower bound beyond the ball and bins model ○ Reduction from sorting circuits to ORAM ■ Larsen-Nielsen’18 ● Lower bound extended to computational online ORAM model (only block uploads/downloads) ○

  14. PanORAMa:

  15. New Oblivious RAM Construction ● Improved asymptotic communication ○ O(log N . log log N) blocks ■ Block size Ω (log N) ○ PanORAMa: Can be instantiated in the balls and bins model ○ Follows the hierarchical paradigm ○

  16. New Oblivious RAM Construction ● Improved asymptotic communication ○ O(log N . log log N) blocks ■ Block size Ω (log N) ○ PanORAMa: Can be instantiated in the balls and bins model ○ Follows the hierarchical paradigm ○ New Oblivious Hash Table Construction ● Obliviousness for non-repeating queries ○ Efficient initialization from random array ○ Amortized query communication complexity ○ O(log N + poly(log log ƛ )) ■

  17. New Oblivious RAM Construction ● Improved asymptotic communication ○ O(log N . log log N) blocks ■ Block size Ω (log N) ○ PanORAMa: Can be instantiated in the balls and bins model ○ Follows the hierarchical paradigm ○ New Oblivious Hash Table Construction ● Obliviousness for non-repeating queries ○ Efficient initialization from random array ○ Amortized query communication complexity ○ O(log N + poly(log log ƛ )) ■ New Multi-Array Shuffle Algorithm ● Efficient shuffle for input with entropy ○ Shuffle multiple sorted arrays ○ O(N log log ƛ + N log N log ƛ ) ■ Not too many very small arrays ■

  18. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption

  19. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption Accessed item Shuffle Shuffled items Accessed once

  20. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption Lookup path Stored recursively PMAP = {item, path} {all items}

  21. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption

  22. Timeline and Complexity Path ORAM: evict on a path O(log 2 N) blocks of size Ω ( log N) First Tree ORAM: O(log 3 N) Square Root ORAM Unified framework for O(log N) blocks of size Ω ( log 2 N) Hierarchical ORAM: O(log 3 N) Eviction: two nodes per level all hierarchical ORAM Cuckoo Hash + level partition Fixed Cuckoo Hash approach Best Complexity: Balls & Bins, Any Circuit ORAM, matches O(log 3 N) block size: O(log 2 N / log log N) Path ORAM for circuit Binary tree per level complexity in MPC Only Comp. assump.: Cuckoo Hashing Encryption; O(log 3 N) Homomorphic encryption Security issue Deterministic Eviction Onion-ORAM: Schedule: O(log 3 N/ log log N) Offline ORAM: O(1) blocks of size Ω ( log 6 N) O(log n log log n) GO’96 PR’10 GM’11 DMN’11 SCSL’11 KLO’11 GGHJRW’13 SDSFRYD’13 MZ’14 WCS’15 DDFRSW’15 CGLS’17

  23. The Hierarchical ORAM Paradigm

  24. Hierarchical Construction Level 1 Level i has capacity for all items assigned to 2 levels 1 to i at any moment (2 i items) i log N - 1 log N

  25. Hierarchical Construction: Search Level 1 Linear scan 2 i log N - 1 log N

  26. Hierarchical Construction: Search Level 1 Linear scan 2 Look up searched item Item found ✔ i Look up searched item log N - 1 log N

  27. Hierarchical Construction: Search Level 1 Linear scan 2 Look up searched item Item found ✔ i Look up searched item Look up random item log N - 1 log N

  28. Hierarchical Construction: Search Level 1 Linear scan Move Item 2 Look up searched item Item found ✔ i Look up searched item Look up random item log N - 1 log N

  29. Hierarchical Construction Level 1 Deterministic schedule shuffle: 2 Shuffle all items residing in level 1 to i and place them in level i, obliviously! i log N - 1 log N

  30. Oblivious Hash Table [CGLS’17] Level 1 Efficiency costs: Instantiate each level with 2 ● Query cost oblivious hash table (OHT) ● Oblivious initialization ● Access pattern hiding for ○ During shuffle non-repeating queries i log N - 1 log N

  31. Existing Oblivious Hash Table Constructions

  32. Existing Oblivious Hash Table Constructions GO’96: ● Use pseudo-random function to match items log n to level buckets ● Query: retrieve item bucket O(log n) ● Oblivious initializations: several oblivious PRF(item) sorts O(n log n)

  33. Existing Oblivious Hash Table Constructions GO’96: ● Use pseudo-random function to match items log n to level buckets ● Query: retrieve item bucket O(log n) ● Oblivious initializations: several oblivious PRF(item) sorts O(n log n) GM’11: ● Cuckoo hash table T1 ● Query: O(1) ● Oblivious initialization: oblivious sort O(n log n) T2 Cuckoo Hash: h1(item) or h2(item)

  34. Existing Oblivious Hash Table Constructions KLO’12: ● Level size n: log n Cuckoo hash tables; each shuffle creates a new one ● Query all Cuckoo tables: O(log n) ● Oblivious initialization: log n oblivious sorts on n/log n items per n queries: log N Cuckoo hash tables O(log n)

  35. Oblivious Two Tier Hash Table [CGLS’17]

  36. Oblivious Two Tier Hash Table [CGLS’17] Tier 1 log n : number of bins B = n/log ε ƛ Use PRF1 to assign items into bins

  37. Oblivious Two Tier Hash Table [CGLS’17] Tier 1 Overflow buffer of size 288.Be -Z/6 log n Z=log ε ƛ : number of bins B = n/log ε ƛ Use PRF1 to assign items into bins

  38. Oblivious Two Tier Hash Table [CGLS’17] I n i t i a O l i z b a l Tier 1 i v t i o i o n u : s s Overflow buffer o r t ! of size 288.Be -Z/6 log n Z=log ε ƛ : number of bins B = n/log ε ƛ Use PRF1 to assign items into bins I n Tier 2 i t i a O l i z b a l i t v i o i Insert in Tier 2 table o n u : s s o r t ! Use PRF2 to assign items into bins

  39. Oblivious Two Tier Hash Table [CGLS’17] Tier 1 Retrieve bin PRF1(query) Amortized complexity: O(log Tier 2 2 N / log log N) If not found, Retrieve bin PRF2(query) else, Retrieve random bin.

  40. PanORAMa Overview ● Leverage entropy reuse to shuffle more efficiently

  41. PanORAMa Hierarchical Construction Level 1 2 i log N - 1 log N

  42. PanORAMa Hierarchical Construction OHT Extract: extract unqueried items Level from each level in shuffled order 1 2 i log N - 1 log N

  43. PanORAMa Hierarchical Construction Multi-array shuffle: shuffle together all OHT Extract: extract unqueried items Level randomly permuted input arrays from each level in shuffled order 1 2 i log N - 1 log N

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

12.05.2015 ITP-PANORAMA Welcome to our presentaton at Master your Software with PANORAMA

12.05.2015 ITP-PANORAMA Welcome to our presentaton at Master your Software with PANORAMA

12.05.2015 ITP-PANORAMA Welcome to our presentaton at Master your Software with PANORAMA V4.0_1 ITP-PANORAMA is supportig all Stragegies for Legacy Software Application Mining and Modernization with ITP-PANORAMA Presentation by: Juergen

373 views • 16 slides
PANORAMA PANORAMA INTRODUCTION (1/2) WG PANORAMA WG PANORAMA = + Set of tools and open and

PANORAMA PANORAMA INTRODUCTION (1/2) WG PANORAMA WG PANORAMA = + Set of tools and open and

Approaches on EUROPEAN EUROPEAN SOCIAL AND SOLIDARITY ECONOMY SOCIAL AND SOLIDARITY ECONOMY PANORAMA PANORAMA INTRODUCTION (1/2) WG PANORAMA WG PANORAMA = + Set of tools and open and tools and open and participatory processes, aimed to

270 views • 26 slides
y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic

y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic

Lesson 5.2: Logarithmic Functions and Their Graphs If y = a x , then the inverse is x = a y An equivalent equation for x = a y is y = log a x y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic Function

120 views • 7 slides
Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18

Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18

Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18 Journey below Unlike for time, it makes sense to talk about sublinear space. This models computations on input that does not fit in memory. To make

663 views • 19 slides
Using the Panorama Teacher Survey Dr. Hunter Gehlbach Elizabeth Loehr Director of Research

Using the Panorama Teacher Survey Dr. Hunter Gehlbach Elizabeth Loehr Director of Research

Using the Panorama Teacher Survey Dr. Hunter Gehlbach Elizabeth Loehr Director of Research Client Services Manager Panorama Education Panorama Education About Panorama Education Student, parent, and teacher surveys Research - based survey

250 views • 11 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
d i E Logarithmic Functions a l l u d Dr. Abdulla Eid b A College of Science . r D

d i E Logarithmic Functions a l l u d Dr. Abdulla Eid b A College of Science . r D

Section 4.2 d i E Logarithmic Functions a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS 103: Mathematics for Business I Dr. Abdulla Eid (University of Bahrain) Logarithms 1 / 8 1 - The Logarithmic Functions Recall:

424 views • 8 slides
Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H. Hubert Chan, Jonathan Katz, Ka Kartik Nay ayak, Antigoni Polychroniadou, Elaine Shi Defini De ning ng an n Obl Oblivious us RAM Example request

812 views • 33 slides
Oblivious Routing on Geometric Networks Costas Busch, Malik Magdon-Ismail and Jing Xi {

Oblivious Routing on Geometric Networks Costas Busch, Malik Magdon-Ismail and Jing Xi {

Oblivious Routing on Geometric Networks Costas Busch, Malik Magdon-Ismail and Jing Xi { buschc,magdon,xij2 } @cs.rpi.edu July 20, 2005. Outline Oblivious Routing: Background and Our Contribution The Algorithm: Oblivious Routing with Single

709 views • 50 slides
Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich

Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich

Yes, There is an Oblivious RAM Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich and Ostrovsky in 1996 Encrypts the memory access pattern of a random-access algorithm Oblivious RAM, Model

505 views • 32 slides
Tables in TEX \eTD \bTD overhead \eTD \eTR overhead so much \eTABLE \eTD \eTR \bTABLE even

Tables in TEX \eTD \bTD overhead \eTD \eTR overhead so much \eTABLE \eTD \eTR \bTABLE even

Tables in TEX \eTD \bTD overhead \eTD \eTR overhead so much \eTABLE \eTD \eTR \bTABLE even once you master the syntax, it's still an overkill for simple tables and keep cheating every time you want to create a new table to create a table in

344 views • 19 slides
Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm Algorithm

Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm Algorithm

Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm Algorithm C program Java program gcc javac Object code Java bytecode linux java Execution Interpretation Can be executed on

963 views • 54 slides
Coping with the Memory Hierarchy the Cache-Oblivious Way Rolf Fagerberg University of Aarhus

Coping with the Memory Hierarchy the Cache-Oblivious Way Rolf Fagerberg University of Aarhus

Coping with the Memory Hierarchy the Cache-Oblivious Way Rolf Fagerberg University of Aarhus Imada, SDU, February 18, 2004 Overview The memory hierachy The I/O-model The cache-oblivious model Examples of cache-oblivious

1.23k views • 72 slides
A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan 2 Brent Waters 1 1 SRI International 2 MIT CRYPTO 2008 1 / 10 Oblivious Transfer [R81,EGL85,BCR86,C87,K88,CK88,C89,CS91,CGT95,DCP95,FMR96,BC97,. .

1.02k views • 50 slides
Panorama Surveys Distance Learning & Community Needs Surveys administered to: Students,

Panorama Surveys Distance Learning & Community Needs Surveys administered to: Students,

Panorama Surveys Distance Learning & Community Needs Surveys administered to: Students, Stafg & Families June 2020 GOALS Panorama Student Survey Needs with Distance Learning Daily Habits Distance Learning Environment

615 views • 32 slides
A Cache-Oblivious Heap Introduced by Arge et al. [1]. Based on distribution of elements

A Cache-Oblivious Heap Introduced by Arge et al. [1]. Based on distribution of elements

A Cache-Oblivious Heap Introduced by Arge et al. [1]. Based on distribution of elements References [1] L. Arge, M. A. Bender, E. D. Demaine, B. Holland-Minkley, and J. I. Munro, Cache-oblivious priority queue and graph algorithm

520 views • 15 slides
UC.yber; Meeting 20 Announcements Tomorrow UCRI will be hearing out our research ideas IEEE

UC.yber; Meeting 20 Announcements Tomorrow UCRI will be hearing out our research ideas IEEE

UC.yber; Meeting 20 Announcements Tomorrow UCRI will be hearing out our research ideas IEEE Secure Development Conference (at MIT) apply by Aug 11th RAPIDS 2 under discussion as State faces funding problems Focus on HS outreach

338 views • 14 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Cuckoo Hashing for Security Awerbuch, Scheideler, Towards Scalable and Robust Overlay Networks Problem: -

329 views • 19 slides
Strong Randomness Properties of (Hyper-)Graphs Generated by Simple Hash Functions Martin Aum

Strong Randomness Properties of (Hyper-)Graphs Generated by Simple Hash Functions Martin Aum

Strong Randomness Properties of (Hyper-)Graphs Generated by Simple Hash Functions Martin Aum uller Technische Universit at Ilmenau, Germany AofA15 Strobl, June 8, 2015 Joint work with Martin Dietzfelbinger and Philipp Woelfel. M.

691 views • 56 slides
INTRODUCTION H ERE Claudio nex Guarnieri @botherder Security

INTRODUCTION H ERE Claudio nex Guarnieri @botherder Security

INTRODUCTION H ERE Claudio nex Guarnieri @botherder Security Researcher at Rapid7 Core member of The Shadowserver FoundaBon Core member of The

472 views • 46 slides
F o r ma l S e c u r i t y A n a l y s i s o f t h e O p e n I D F

F o r ma l S e c u r i t y A n a l y s i s o f t h e O p e n I D F

F o r ma l S e c u r i t y A n a l y s i s o f t h e O p e n I D F i n a n c i a l - g r a d e A P I D a n i e l F e t t , P e d r a m H o s s e y n i , R a l f K s

725 views • 43 slides
Tackling the Reproducibility Problem in Systems Research with Declarative Experiment

Tackling the Reproducibility Problem in Systems Research with Declarative Experiment

Tackling the Reproducibility Problem in Systems Research with Declarative Experiment Specifications Ivo Jimenez , Carlos Maltzahn ( UCSC ) Adam Moody, Kathryn Mohror ( LLNL ) Jay Lofstead ( Sandia ) Andrea Arpaci-Dusseau, Remzi Arpaci-Dusseau (

463 views • 44 slides
Efficient Join Processing across Heterogeneous Processors Henning Funke, Sebastian Bre, Stefan

Efficient Join Processing across Heterogeneous Processors Henning Funke, Sebastian Bre, Stefan

Efficient Join Processing across Heterogeneous Processors Henning Funke, Sebastian Bre, Stefan Noll, Jens Teubner December 15, 2015 1 / 14 GPUs IN DATABASES ARE LIKE A MUSCLE CAR IN A TRAFFIC JAM 3 / 14 Bottleneck 3 / 14 really? 3 / 14

216 views • 19 slides
Introduction: Japanese Language and Culture, Mathematical Linguistics. Hilofumi Yamamoto, Ph. D.

Introduction: Japanese Language and Culture, Mathematical Linguistics. Hilofumi Yamamoto, Ph. D.

12/17/2019 self20191220 Tokyo Institute of Technology Introduction: Japanese Language and Culture, Mathematical Linguistics. Hilofumi Yamamoto, Ph. D. Professor of Linguistics Tokyo Institute of Technology

72 views • 6 slides

More recommend