We revisit the lower bound on the overhead required to obliviously simulate programs, due to Goldreich and Ostrovsky. While the lower bound is fairly general, including the offline case, when the simulator is given the reads and writes ahead of time, it does assume that the simulator behaves in a “balls and bins” fashion. That is, the simulator must act by shuffling data items around, and is not allowed to have sophisticated encoding of the data.
We prove that for the offline case, showing a lower bound without the above restriction is related to the size of the circuits for sorting. Our proof is constructive, and uses a bit-slicing approach which manipulates the bit representations of data in the simulation. This implies that without obtaining yet unknown superlinear lower bounds on the size of such circuits, we cannot hope to get lower bounds on offline (unrestricted) ORAMs.
Category / Keywords: ORAM, Sorting, Multi-Party Computation, Cryptography, PRAM Date: received 7 Sep 2015, last revised 9 Sep 2015 Contact author: eboyle at alum mit edu Available format(s): PDF | BibTeX Citation Version: 20150909:110843 (All versions of this report) Short URL: ia.cr/2015/863 Discussion forum: Show discussion | Start new discussion