A lower bound for one-round oblivious RAM

David Cash; Andrew Drucker; Alexander Hoover

doi:10.1007/978-3-030-64375-1_16

A lower bound for one-round oblivious RAM

David Cash
, Andrew Drucker
, Alexander Hoover

Department of Computer Science

The University of Chicago

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

We initiate a fine-grained study of the round complexity of Oblivious RAM (ORAM). We prove that any one-round balls-in-bins ORAM that does not duplicate balls must have either Ω(N) bandwidth or Ω(N) client memory, where N is the number of memory slots being simulated. This shows that such schemes are strictly weaker than general (multi-round) ORAMs or those with server computation, and in particular implies that a one-round version of the original square-root ORAM of Goldreich and Ostrovksy (J. ACM 1996) is optimal. We prove this bound via new techniques that differ from those of Goldreich and Ostrovksy, and of Larsen and Nielsen (CRYPTO 2018), which achieved an Ω(log N) bound for balls-in-bins and general multi-round ORAMs respectively. Finally we give a weaker extension of our bound that allows for limited duplication of balls, and also show that our bound extends to multiple-round ORAMs of a restricted form that include the best known constructions.

Original language	English
Title of host publication	Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings
Editors	Rafael Pass, Krzysztof Pietrzak
Pages	457-485
Number of pages	29
DOIs	https://doi.org/10.1007/978-3-030-64375-1_16
State	Published - 2020
Event	18th International Conference on Theory of Cryptography, TCCC 2020 - Durham, United States Duration: 16 Nov 2020 → 19 Nov 2020

Publication series

Name	Lecture Notes in Computer Science
Volume	12550 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th International Conference on Theory of Cryptography, TCCC 2020
Country/Territory	United States
City	Durham
Period	16/11/20 → 19/11/20

Access to Document

10.1007/978-3-030-64375-1_16

Cite this

@inproceedings{b5596294838b401e959b39a5d05e7d66,

title = "A lower bound for one-round oblivious RAM",

abstract = "We initiate a fine-grained study of the round complexity of Oblivious RAM (ORAM). We prove that any one-round balls-in-bins ORAM that does not duplicate balls must have either Ω(N) bandwidth or Ω(N) client memory, where N is the number of memory slots being simulated. This shows that such schemes are strictly weaker than general (multi-round) ORAMs or those with server computation, and in particular implies that a one-round version of the original square-root ORAM of Goldreich and Ostrovksy (J. ACM 1996) is optimal. We prove this bound via new techniques that differ from those of Goldreich and Ostrovksy, and of Larsen and Nielsen (CRYPTO 2018), which achieved an Ω(log N) bound for balls-in-bins and general multi-round ORAMs respectively. Finally we give a weaker extension of our bound that allows for limited duplication of balls, and also show that our bound extends to multiple-round ORAMs of a restricted form that include the best known constructions.",

author = "David Cash and Andrew Drucker and Alexander Hoover",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2020.; 18th International Conference on Theory of Cryptography, TCCC 2020 ; Conference date: 16-11-2020 Through 19-11-2020",

year = "2020",

doi = "10.1007/978-3-030-64375-1\_16",

language = "English",

isbn = "9783030643744",

series = "Lecture Notes in Computer Science",

pages = "457--485",

editor = "Rafael Pass and Krzysztof Pietrzak",

booktitle = "Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings",

}

Cash, D, Drucker, A & Hoover, A 2020, A lower bound for one-round oblivious RAM. in R Pass & K Pietrzak (eds), Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings. Lecture Notes in Computer Science, vol. 12550 LNCS, pp. 457-485, 18th International Conference on Theory of Cryptography, TCCC 2020, Durham, United States, 16/11/20. https://doi.org/10.1007/978-3-030-64375-1_16

A lower bound for one-round oblivious RAM. / Cash, David; Drucker, Andrew; Hoover, Alexander.
Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings. ed. / Rafael Pass; Krzysztof Pietrzak. 2020. p. 457-485 (Lecture Notes in Computer Science; Vol. 12550 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A lower bound for one-round oblivious RAM

AU - Cash, David

AU - Drucker, Andrew

AU - Hoover, Alexander

N1 - Publisher Copyright: © International Association for Cryptologic Research 2020.

PY - 2020

Y1 - 2020

N2 - We initiate a fine-grained study of the round complexity of Oblivious RAM (ORAM). We prove that any one-round balls-in-bins ORAM that does not duplicate balls must have either Ω(N) bandwidth or Ω(N) client memory, where N is the number of memory slots being simulated. This shows that such schemes are strictly weaker than general (multi-round) ORAMs or those with server computation, and in particular implies that a one-round version of the original square-root ORAM of Goldreich and Ostrovksy (J. ACM 1996) is optimal. We prove this bound via new techniques that differ from those of Goldreich and Ostrovksy, and of Larsen and Nielsen (CRYPTO 2018), which achieved an Ω(log N) bound for balls-in-bins and general multi-round ORAMs respectively. Finally we give a weaker extension of our bound that allows for limited duplication of balls, and also show that our bound extends to multiple-round ORAMs of a restricted form that include the best known constructions.

AB - We initiate a fine-grained study of the round complexity of Oblivious RAM (ORAM). We prove that any one-round balls-in-bins ORAM that does not duplicate balls must have either Ω(N) bandwidth or Ω(N) client memory, where N is the number of memory slots being simulated. This shows that such schemes are strictly weaker than general (multi-round) ORAMs or those with server computation, and in particular implies that a one-round version of the original square-root ORAM of Goldreich and Ostrovksy (J. ACM 1996) is optimal. We prove this bound via new techniques that differ from those of Goldreich and Ostrovksy, and of Larsen and Nielsen (CRYPTO 2018), which achieved an Ω(log N) bound for balls-in-bins and general multi-round ORAMs respectively. Finally we give a weaker extension of our bound that allows for limited duplication of balls, and also show that our bound extends to multiple-round ORAMs of a restricted form that include the best known constructions.

UR - https://www.scopus.com/pages/publications/85098239901

UR - https://www.scopus.com/pages/publications/85098239901#tab=citedBy

U2 - 10.1007/978-3-030-64375-1_16

DO - 10.1007/978-3-030-64375-1_16

M3 - Conference contribution

AN - SCOPUS:85098239901

SN - 9783030643744

T3 - Lecture Notes in Computer Science

SP - 457

EP - 485

BT - Theory of Cryptography - 18th International Conference, TCC 2020, Proceedings

A2 - Pass, Rafael

A2 - Pietrzak, Krzysztof

T2 - 18th International Conference on Theory of Cryptography, TCCC 2020

Y2 - 16 November 2020 through 19 November 2020

ER -

A lower bound for one-round oblivious RAM

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this