Paper 2015/1010

TWORAM: Round-Optimal Oblivious RAM with Applications to Searchable Encryption

Sanjam Garg, Payman Mohassel, and Charalampos Papamanthou


We present TWORAM, the first efficient round-optimal oblivious RAM (ORAM) scheme. TWORAM provides oblivious access of a memory index $y$ in exactly two rounds: The client prepares an encrypted query encapsulating $y$ and sends it to the server. The server accesses memory obliviously and returns encrypted information containing the desired value $\mathsf{M}[y]$. The cost of TWORAM is only a multiplicative factor of security parameter higher than the tree-based ORAM schemes such as the path ORAM of Stefanov et al. (CCS, 2013). TWORAM gives rise to interesting applications, and in particular to the first fully-secure searchable symmetric encryption scheme where search is sublinear and search pattern is not leaked---access pattern can also be concealed if we assume the documents are stored in the obliviously accessed memory $\mathsf{M}$.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Searchable Symmetric EncryptionOblivious RAM
Contact author(s)
sanjamg @ berkeley edu
payman mohassel @ gmail com
cpap @ umd edu
2016-02-19: last of 2 revisions
2015-10-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sanjam Garg and Payman Mohassel and Charalampos Papamanthou},
      title = {{TWORAM}: Round-Optimal Oblivious {RAM} with Applications to Searchable Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1010},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.