Cryptology ePrint Archive: Report 2015/1074
Succinct Adaptive Garbled RAM
Ran Canetti and Yilei Chen and Justin Holmgren and Mariana Raykova
Abstract: We show how to garble a large persistent database and then garble, one by one, a sequence of adaptively and adversarially chosen RAM programs that query and modify the database in arbitrary ways. Still, it is guaranteed that the garbled database and programs reveal only the outputs of the programs when run in sequence on the database. The runtime, space requirements and description size of the garbled programs are proportional only to those of the plaintext programs and the security parameter. We assume indistinguishability obfuscation for circuits and poly-to-one collision-resistant hash functions. The latter can be constructed based on standard algebraic assumptions such as the hardness of discrete log or factoring. In contrast, all previous garbling schemes with persistent data were shown secure only in the static setting where all the programs are known in advance.
As an immediate application, our scheme is the first to provide a way to outsource large databases to untrusted servers, and later query and update the database over time in a private and verifiable way, with complexity and description size proportional to those of the unprotected queries.
Our scheme extends the non-adaptive RAM garbling scheme of Canetti and Holmgren [ITCS 2016]. We also define and use a new primitive, called adaptive accumulators, which is an adaptive alternative to the positional accumulators of Koppula et al [STOC 2015] and somewhere statistical binding hashing of Hubacek and Wichs [ITCS 2015]. This primitive might well be useful elsewhere.
Category / Keywords: public-key cryptography / Obfuscation, Garbling, RAM Programs, Adaptive Security
Date: received 4 Nov 2015
Contact author: holmgren at mit edu
Available format(s): PDF | BibTeX Citation
Version: 20151105:125513 (All versions of this report)
Short URL: ia.cr/2015/1074
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]