Revisiting Square Root ORAM Efficient Random Access in Multi-Party - - PowerPoint PPT Presentation
Revisiting Square Root ORAM Efficient Random Access in Multi-Party Computation Samee Zahur Xiao Wang Mariana Raykova Adri Gascn Jack Doerner Jonathan Katz David Evans oblivc.org/sqoram Secure multi-party computation applications Set
Samee Zahur Jack Doerner David Evans Xiao Wang Jonathan Katz Mariana Raykova Adrià Gascón
Set intersection [FNP04] Linear ridge-regression [NWIJBT13] Median computation [AMP04] Iris code matching [LCPLB12] Matrix factorization for recommendations [NIWJTB13]
Access every element Per-access cost: Θ 𝑜
Continually shuffle elements around Per-access cost: Θ(log𝑞 𝑜)
Figure from: Wang, Chan, Shi. Cir ircuit it Oram
Linear scan
6
(our work)
Classic “square root” scheme by Goldreich and Ostrovsky (1996). Considered slow for MPC because
Per-access amortized cost: Θ 𝑜 log 𝑜
Linear scan Cost: 4𝐶 = 12𝐶/3 Our scheme Cost: 11𝐶/3
3 2 1
1 2 3
1 3 2
1 2 3
Position map
Position map
𝑜 log 𝑜 accesses
𝜌𝐵 𝑞 𝜌𝐵 ⋅ 𝑞 𝜌𝐶 = 𝜌𝐵 ⋅ 𝑞
𝜌𝐵 Bob computes 𝜌𝐶
−1 = 𝑞−1 ⋅ 𝜌𝐵 −1
𝜌𝐵 𝜌𝐶
−1 ⋅ 𝜌𝐵
= 𝑞−1 ⋅ 𝜌𝐵
−1 ⋅ 𝜌𝐵
= 𝑞−1 𝜌𝐶 = 𝜌𝐵 ⋅ 𝑞 𝜌𝐶
𝑜 log 𝑜 accesses at Θ 𝑜 log 𝑜
Task Parameters Linear scan Circuit ORAM Square-root ORAM
Binary search 210 searches 215 elements
1020 s 5041 s 825 s
Breadth-first search 210 vertices 213 edges
4570 s 3750 s 680 s
Stable matching 29 pairs
119000 s
scrypt hashing N = 214
≈ 7 days 2850 s 1920 s
We revisited a well-known scheme and used it to
Shows that asymptotic costs are not the final word, concrete costs require more consideration.
Contact for help: Samee Zahur <samee@virginia.edu>