Paper 2024/011

MetaDORAM: Info-Theoretic Distributed ORAM with Less Communication

Brett Hemenway Falk, University of Pennsylvania
Daniel Noble, Silence Laboratories
Rafail Ostrovsky, University of California, Los Angeles
Abstract

A Distributed Oblivious RAM is a multi-party protocol that securely implements a RAM functionality on secret-shared inputs and outputs. This paper presents two DORAMs in the semi-honest honest-majority 3-party setting which are information-theoretically secure and whose communication costs are asymptotic improvements over previous work. Let $n$ be the number of memory locations and let $d$ be the bit-length of each location. The first, MetaDORAM1, is \emph{statistically} secure, with $n^{-\omega(1)}$ leakage. It has $O(\log_b(n) d + b \omega(1) \log(n) + \log^3(n)/\log(\log(n)))$ bits of communication per memory access. Here, $b \geq 2$ is a free parameter and $\omega(1)$ is any super-constant function (in $n$). The best prior work was that of Abraham et al (PKC 2017), which has cost $O(\log_b(n) d + b \omega(1) \log_b(n) \log^2(n))$. MetaDORAM1 is an asymptotic improvement over the work of Abraham et al whenever $d = O(\log^2(n))$. The second protocol, MetaDORAM2, achieves \emph{perfect} security, albeit at the cost of a computationally-expensive setup phase. It has communication cost $O(\log_b(n)d + b \log(n) + \log^3(n)/\log(\log(n)))$. The best prior work of Chan et al (ASIACRYPT 2018) has communication cost $O(\log(n) d + \log^3(n))$. When $b = \log(n)$, the communication cost of our protocol is $O(\log(n) d /\log(\log(n)) + \log^3(n)/\log(\log(n)))$, that is a $\Theta(\log(\log(n)))$ factor improvement over that of Chan et al. Our work is the first perfectly secure DORAM with sub-logarithmic communication overhead. This comes at the cost of a once-off (for any given $n$) setup phase which requires exponential (in $n$) computation. By a trivial transformation, these can be transformed, respectively, into statistically and perfectly secure active multi-server ORAM protocols with the same communication costs. These multi-server ORAM protocols are likewise asymptotic improvements over the state of the art.

Note: The paper has been modified to emphasize the contribution of the first perfectly secure DORAM with sub-logarithmic communication overhead. It has also been modified to allow for a free parameter, $b$, which allows balancing of the asymptotic terms, dependent on the block-size $d$.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
ORAMOblivious RAMDORAMDistributed Oblivious RAMInformation-Theoretic SecurityMPC
Contact author(s)
fbrett @ seas upenn edu
danielnoble @ proton me
rafail @ cs ucla edu
History
2024-10-14: last of 3 revisions
2024-01-03: received
See all versions
Short URL
https://ia.cr/2024/011
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/011,
      author = {Brett Hemenway Falk and Daniel Noble and Rafail Ostrovsky},
      title = {{MetaDORAM}: Info-Theoretic Distributed {ORAM} with Less Communication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/011},
      year = {2024},
      url = {https://eprint.iacr.org/2024/011}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.