Cryptology ePrint Archive: Report 2021/244

Forward Secret Encrypted RAM: Lower Bounds and Applications

Alexander Bienstock and Yevgeniy Dodis and Kevin Yeo

Abstract: In this paper, we study forward secret encrypted RAMs (FS eRAMs) which enable clients to outsource the storage of an n-entry array to a server. In the case of a catastrophic attack where both client and server storage are compromised, FS eRAMs guarantee that the adversary may not recover any array entries that were deleted or overwritten prior to the attack. A simple folklore FS eRAM construction with $O(\log n)$ overhead has been known for at least two decades. Unfortunately, no progress has been made since then. We show the lack of progress is fundamental by presenting an $\Omega(\log n)$ lower bound for FS eRAMs proving that the folklore solution is optimal. To do this, we introduce the symbolic model for proving cryptographic data structures lower bounds that may be of independent interest.

Given this limitation, we investigate applications where forward secrecy may be obtained without the additional $O(\log n)$ overhead. We show this is possible for oblivious RAMs, memory checkers, and multicast encryption by incorporating the ideas of the folklore FS eRAM solution into carefully chosen constructions of the corresponding primitives.

Category / Keywords: cryptographic protocols / forward secrecy, lower bounds, symbolic model, cell-probe model, ORAM, memory checkers, multicast encryption

Date: received 1 Mar 2021, last revised 22 Jul 2021

Contact author: abienstock at cs nyu edu, dodis at cs nyu edu, kwlyeo at google com

Available format(s): PDF | BibTeX Citation

Version: 20210722:213559 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]