Paper 2019/1108

Lower Bounds for Multi-Server Oblivious RAMs

Kasper Green Larsen, Mark Simkin, and Kevin Yeo


In this work, we consider the construction of oblivious RAMs (ORAM) in a setting with multiple servers and the adversary may corrupt a subset of the servers. We present an $\Omega(\log n)$ overhead lower bound for any $k$-server ORAM that limits any PPT adversary to distinguishing advantage at most $1/4k$ when only one server is corrupted. In other words, if one insists on negligible distinguishing advantage, then multi-server ORAMs cannot be faster than single-server ORAMs even with polynomially many servers of which only one unknown server is corrupted. Our results apply to ORAMs that may err with probability at most $1/128$ as well as scenarios where the adversary corrupts larger subsets of servers. We also extend our lower bounds to other important data structures including oblivious stacks, queues, deques, priority queues and search trees.

Available format(s)
Publication info
Published by the IACR in TCC 2020
Oblivious RAMLower bound
Contact author(s)
larsen @ cs au dk
kwlyeo @ google com
simkin @ cs au dk
2020-11-13: revised
2019-09-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kasper Green Larsen and Mark Simkin and Kevin Yeo},
      title = {Lower Bounds for Multi-Server Oblivious RAMs},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1108},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.