Cryptology ePrint Archive: Report 2019/1108

Lower Bounds for Multi-Server Oblivious RAMs

Kasper Green Larsen and Mark Simkin and Kevin Yeo

Abstract: In this work, we consider the construction of oblivious RAMs (ORAM) in a setting with multiple servers and the adversary may corrupt a subset of the servers. We present an $\Omega(\log n)$ overhead lower bound for any $k$-server ORAM that limits any PPT adversary to distinguishing advantage at most $1/4k$ when only one server is corrupted. In other words, if one insists on negligible distinguishing advantage, then multi-server ORAMs cannot be faster than single-server ORAMs even with polynomially many servers of which only one unknown server is corrupted. Our results apply to ORAMs that may err with probability at most $1/8$ as well as scenarios where the adversary corrupts larger subsets of servers. We also extend our lower bounds to other important data structures including oblivious stacks, queues, deques, priority queues and search trees.

Category / Keywords: foundations / Oblivious RAM, Lower bound,

Date: received 27 Sep 2019

Contact author: larsen at cs au dk,kwlyeo@google com,simkin@cs au dk

Available format(s): PDF | BibTeX Citation

Version: 20190929:184526 (All versions of this report)

Short URL: ia.cr/2019/1108


[ Cryptology ePrint archive ]