Cryptology ePrint Archive: Report 2015/005

Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM

Srinivas Devadas and Marten van Dijk and Christopher W. Fletcher and Ling Ren and Elaine Shi and Daniel Wichs

Abstract: We present Onion ORAM, an Oblivious RAM (ORAM) with constant worst-case bandwidth blowup that leverages poly-logarithmic server computation to circumvent the logarithmic lower bound on ORAM bandwidth blowup. Our construction does not require fully homomorphic encryption, but employs an additively homomorphic encryption scheme such as the Damgard-Jurik cryptosystem, or alternatively a BGV-style somewhat homomorphic encryption scheme without bootstrapping. At the core of our construction is an ORAM scheme that has "shallow circuit depth" over the entire history of ORAM accesses. We also propose novel techniques to achieve security against a malicious server, without resorting to expensive and non-standard techniques such as SNARKs. To the best of our knowledge, Onion ORAM is the first concrete instantiation of a constant bandwidth blowup ORAM under standard assumptions (even for the semi-honest setting).

Category / Keywords: ORAM, Cryptographic Protocols

Original Publication (with minor differences): IACR-TCC-2016

Date: received 5 Jan 2015, last revised 7 Nov 2015

Contact author: cwfletch at mit edu

Available format(s): PDF | BibTeX Citation

Version: 20151107:174220 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]