Cryptology ePrint Archive: Report 2014/672

Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound

Xiao Wang and Hubert Chan and Elaine Shi

Abstract: We propose a new tree-based ORAM scheme called Circuit ORAM. Circuit ORAM makes both theoretical and practical contributions. From a theoretical perspective, Circuit ORAM shows that the well-known Goldreich-Ostrovsky logarithmic ORAM lower bound is tight under certain parameter ranges, for several performance metrics. Therefore, we are the first to give an answer to a theoretical challenge that remained open for the past twenty-seven years. Second, Circuit ORAM earns its name because it achieves (almost) optimal circuit size both in theory and in practice for realistic choices of block sizes. We demonstrate compelling practical perfor- mance and show that Circuit ORAM is an ideal candidate for secure multi-party computation applications.

Category / Keywords: oblivious RAM, secure multi-party computation

Date: received 26 Aug 2014, last revised 15 May 2015

Contact author: runting at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150515:163555 (All versions of this report)

Short URL: ia.cr/2014/672

Discussion forum: Show discussion | Start new discussion