panorama oblivious ram with logarithmic overhead
play

PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel, - PowerPoint PPT Presentation

Oct 02, 2023 •274 likes •1.13k views

PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel, Giuseppe Persiano, Mariana Raykova, Kevin Yeo Most frequently used file Bob knows what files I am accessing Bandwidth is expensive Retrieve the whole database Oblivious RAM

  1. PanORAMa: Oblivious RAM with Logarithmic Overhead Sarvar Patel, Giuseppe Persiano, Mariana Raykova, Kevin Yeo

  5. Most frequently used file Bob knows what files I am accessing

  6. Bandwidth is expensive Retrieve the whole database

  7. Oblivious RAM [GO’96] Access pattern hiding ORAM polylogarithmic overhead (amortized)

  8. How Efficient Can an ORAM Construction be?

  9. ORAM Lower Bound

  10. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound O(log C N) blocks for database of N blocks and client memory of C blocks ○

  11. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound O(log C N) blocks for database of N blocks and client memory of C blocks ○ Caveats: ○ Server only moves and retrieves blocks (does not do any computation) ■ Constructions with statistical security ■ Constructions that work for any block size ■ The client can have oracle access to a private random function ■

  12. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound Ω (log C N) blocks for database of N blocks and client memory of C blocks ○ Caveats: ○ Server only moves and retrieves blocks (does not do any computation) ■ Constructions with statistical security ■ Constructions that work for any block size ■ The client can have oracle access to a private random function ■ Boyle-Naor’16 ● Formalized the “balls and bins” model ○ Evidence for the hardness of extending the lower bound beyond the ball and bins model ○ Reduction from sorting circuits to ORAM ■

  13. ORAM Lower Bound Goldreich-Ostrovsky’96 ● Lower bound Ω (log C N) blocks for database of N blocks and client memory of C blocks ○ Caveats: ○ Server only moves and retrieves blocks (does not do any computation) ■ Constructions with statistical security ■ Constructions that work for any block size ■ The client can have oracle access to a private random function ■ Boyle-Naor’16 ● Formalized the “balls and bins” model ○ Evidence for the hardness of extending the lower bound beyond the ball and bins model ○ Reduction from sorting circuits to ORAM ■ Larsen-Nielsen’18 ● Lower bound extended to computational online ORAM model (only block uploads/downloads) ○

  14. PanORAMa:

  15. New Oblivious RAM Construction ● Improved asymptotic communication ○ O(log N . log log N) blocks ■ Block size Ω (log N) ○ PanORAMa: Can be instantiated in the balls and bins model ○ Follows the hierarchical paradigm ○

  16. New Oblivious RAM Construction ● Improved asymptotic communication ○ O(log N . log log N) blocks ■ Block size Ω (log N) ○ PanORAMa: Can be instantiated in the balls and bins model ○ Follows the hierarchical paradigm ○ New Oblivious Hash Table Construction ● Obliviousness for non-repeating queries ○ Efficient initialization from random array ○ Amortized query communication complexity ○ O(log N + poly(log log ƛ )) ■

  17. New Oblivious RAM Construction ● Improved asymptotic communication ○ O(log N . log log N) blocks ■ Block size Ω (log N) ○ PanORAMa: Can be instantiated in the balls and bins model ○ Follows the hierarchical paradigm ○ New Oblivious Hash Table Construction ● Obliviousness for non-repeating queries ○ Efficient initialization from random array ○ Amortized query communication complexity ○ O(log N + poly(log log ƛ )) ■ New Multi-Array Shuffle Algorithm ● Efficient shuffle for input with entropy ○ Shuffle multiple sorted arrays ○ O(N log log ƛ + N log N log ƛ ) ■ Not too many very small arrays ■

  18. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption

  19. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption Accessed item Shuffle Shuffled items Accessed once

  20. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption Lookup path Stored recursively PMAP = {item, path} {all items}

  21. Construction Paradigms Hierarchical ORAMs Tree ORAMs ● ● Worst case ≠ Average case Worst case = Average case ○ ○ Computation assumption beyond Encryption - the only computational ○ ○ encryption in most cases assumption

  22. Timeline and Complexity Path ORAM: evict on a path O(log 2 N) blocks of size Ω ( log N) First Tree ORAM: O(log 3 N) Square Root ORAM Unified framework for O(log N) blocks of size Ω ( log 2 N) Hierarchical ORAM: O(log 3 N) Eviction: two nodes per level all hierarchical ORAM Cuckoo Hash + level partition Fixed Cuckoo Hash approach Best Complexity: Balls & Bins, Any Circuit ORAM, matches O(log 3 N) block size: O(log 2 N / log log N) Path ORAM for circuit Binary tree per level complexity in MPC Only Comp. assump.: Cuckoo Hashing Encryption; O(log 3 N) Homomorphic encryption Security issue Deterministic Eviction Onion-ORAM: Schedule: O(log 3 N/ log log N) Offline ORAM: O(1) blocks of size Ω ( log 6 N) O(log n log log n) GO’96 PR’10 GM’11 DMN’11 SCSL’11 KLO’11 GGHJRW’13 SDSFRYD’13 MZ’14 WCS’15 DDFRSW’15 CGLS’17

  23. The Hierarchical ORAM Paradigm

  24. Hierarchical Construction Level 1 Level i has capacity for all items assigned to 2 levels 1 to i at any moment (2 i items) i log N - 1 log N

  25. Hierarchical Construction: Search Level 1 Linear scan 2 i log N - 1 log N

  26. Hierarchical Construction: Search Level 1 Linear scan 2 Look up searched item Item found ✔ i Look up searched item log N - 1 log N

  27. Hierarchical Construction: Search Level 1 Linear scan 2 Look up searched item Item found ✔ i Look up searched item Look up random item log N - 1 log N

  28. Hierarchical Construction: Search Level 1 Linear scan Move Item 2 Look up searched item Item found ✔ i Look up searched item Look up random item log N - 1 log N

  29. Hierarchical Construction Level 1 Deterministic schedule shuffle: 2 Shuffle all items residing in level 1 to i and place them in level i, obliviously! i log N - 1 log N

  30. Oblivious Hash Table [CGLS’17] Level 1 Efficiency costs: Instantiate each level with 2 ● Query cost oblivious hash table (OHT) ● Oblivious initialization ● Access pattern hiding for ○ During shuffle non-repeating queries i log N - 1 log N

  31. Existing Oblivious Hash Table Constructions

  32. Existing Oblivious Hash Table Constructions GO’96: ● Use pseudo-random function to match items log n to level buckets ● Query: retrieve item bucket O(log n) ● Oblivious initializations: several oblivious PRF(item) sorts O(n log n)

  33. Existing Oblivious Hash Table Constructions GO’96: ● Use pseudo-random function to match items log n to level buckets ● Query: retrieve item bucket O(log n) ● Oblivious initializations: several oblivious PRF(item) sorts O(n log n) GM’11: ● Cuckoo hash table T1 ● Query: O(1) ● Oblivious initialization: oblivious sort O(n log n) T2 Cuckoo Hash: h1(item) or h2(item)

  34. Existing Oblivious Hash Table Constructions KLO’12: ● Level size n: log n Cuckoo hash tables; each shuffle creates a new one ● Query all Cuckoo tables: O(log n) ● Oblivious initialization: log n oblivious sorts on n/log n items per n queries: log N Cuckoo hash tables O(log n)

  35. Oblivious Two Tier Hash Table [CGLS’17]

  36. Oblivious Two Tier Hash Table [CGLS’17] Tier 1 log n : number of bins B = n/log ε ƛ Use PRF1 to assign items into bins

  37. Oblivious Two Tier Hash Table [CGLS’17] Tier 1 Overflow buffer of size 288.Be -Z/6 log n Z=log ε ƛ : number of bins B = n/log ε ƛ Use PRF1 to assign items into bins

  38. Oblivious Two Tier Hash Table [CGLS’17] I n i t i a O l i z b a l Tier 1 i v t i o i o n u : s s Overflow buffer o r t ! of size 288.Be -Z/6 log n Z=log ε ƛ : number of bins B = n/log ε ƛ Use PRF1 to assign items into bins I n Tier 2 i t i a O l i z b a l i t v i o i Insert in Tier 2 table o n u : s s o r t ! Use PRF2 to assign items into bins

  39. Oblivious Two Tier Hash Table [CGLS’17] Tier 1 Retrieve bin PRF1(query) Amortized complexity: O(log Tier 2 2 N / log log N) If not found, Retrieve bin PRF2(query) else, Retrieve random bin.

  40. PanORAMa Overview ● Leverage entropy reuse to shuffle more efficiently

  41. PanORAMa Hierarchical Construction Level 1 2 i log N - 1 log N

  42. PanORAMa Hierarchical Construction OHT Extract: extract unqueried items Level from each level in shuffled order 1 2 i log N - 1 log N

  43. PanORAMa Hierarchical Construction Multi-array shuffle: shuffle together all OHT Extract: extract unqueried items Level randomly permuted input arrays from each level in shuffled order 1 2 i log N - 1 log N

Recommend

12.05.2015 ITP-PANORAMA Welcome to our presentaton at Master your Software with PANORAMA

12.05.2015 ITP-PANORAMA Welcome to our presentaton at Master your Software with PANORAMA

12.05.2015 ITP-PANORAMA Welcome to our presentaton at Master your Software with PANORAMA V4.0_1 ITP-PANORAMA is supportig all Stragegies for Legacy Software Application Mining and Modernization with ITP-PANORAMA Presentation by: Juergen

373 views • 16 slides
PANORAMA PANORAMA INTRODUCTION (1/2) WG PANORAMA WG PANORAMA = + Set of tools and open and

PANORAMA PANORAMA INTRODUCTION (1/2) WG PANORAMA WG PANORAMA = + Set of tools and open and

Approaches on EUROPEAN EUROPEAN SOCIAL AND SOLIDARITY ECONOMY SOCIAL AND SOLIDARITY ECONOMY PANORAMA PANORAMA INTRODUCTION (1/2) WG PANORAMA WG PANORAMA = + Set of tools and open and tools and open and participatory processes, aimed to

270 views • 26 slides
y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic

y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic

Lesson 5.2: Logarithmic Functions and Their Graphs If y = a x , then the inverse is x = a y An equivalent equation for x = a y is y = log a x y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic Function

120 views • 7 slides
Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18

Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18

Logarithmic space Evgenij Thorstensen V18 Evgenij Thorstensen Logarithmic space V18 1 / 18 Journey below Unlike for time, it makes sense to talk about sublinear space. This models computations on input that does not fit in memory. To make

663 views • 19 slides
Using the Panorama Teacher Survey Dr. Hunter Gehlbach Elizabeth Loehr Director of Research

Using the Panorama Teacher Survey Dr. Hunter Gehlbach Elizabeth Loehr Director of Research

Using the Panorama Teacher Survey Dr. Hunter Gehlbach Elizabeth Loehr Director of Research Client Services Manager Panorama Education Panorama Education About Panorama Education Student, parent, and teacher surveys Research - based survey

250 views • 11 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
d i E Logarithmic Functions a l l u d Dr. Abdulla Eid b A College of Science . r D

d i E Logarithmic Functions a l l u d Dr. Abdulla Eid b A College of Science . r D

Section 4.2 d i E Logarithmic Functions a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS 103: Mathematics for Business I Dr. Abdulla Eid (University of Bahrain) Logarithms 1 / 8 1 - The Logarithmic Functions Recall:

424 views • 8 slides
Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H. Hubert Chan, Jonathan Katz, Ka Kartik Nay ayak, Antigoni Polychroniadou, Elaine Shi Defini De ning ng an n Obl Oblivious us RAM Example request

812 views • 33 slides
Oblivious Routing on Geometric Networks Costas Busch, Malik Magdon-Ismail and Jing Xi {

Oblivious Routing on Geometric Networks Costas Busch, Malik Magdon-Ismail and Jing Xi {

Oblivious Routing on Geometric Networks Costas Busch, Malik Magdon-Ismail and Jing Xi { buschc,magdon,xij2 } @cs.rpi.edu July 20, 2005. Outline Oblivious Routing: Background and Our Contribution The Algorithm: Oblivious Routing with Single

709 views • 50 slides
Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich

Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich

Yes, There is an Oblivious RAM Lower Bound! Kasper Green Larsen Jesper Buus Nielsen Oblivious RAM Introduced by Goldreich and Ostrovsky in 1996 Encrypts the memory access pattern of a random-access algorithm Oblivious RAM, Model

505 views • 32 slides
Tables in TEX \eTD \bTD overhead \eTD \eTR overhead so much \eTABLE \eTD \eTR \bTABLE even

Tables in TEX \eTD \bTD overhead \eTD \eTR overhead so much \eTABLE \eTD \eTR \bTABLE even

Tables in TEX \eTD \bTD overhead \eTD \eTR overhead so much \eTABLE \eTD \eTR \bTABLE even once you master the syntax, it's still an overkill for simple tables and keep cheating every time you want to create a new table to create a table in

344 views • 19 slides
Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm Algorithm

Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm Algorithm

Cache-Oblivious Algorithms 1 Cache-Oblivious Model 2 The Unknown Machine Algorithm Algorithm C program Java program gcc javac Object code Java bytecode linux java Execution Interpretation Can be executed on

963 views • 54 slides
Coping with the Memory Hierarchy the Cache-Oblivious Way Rolf Fagerberg University of Aarhus

Coping with the Memory Hierarchy the Cache-Oblivious Way Rolf Fagerberg University of Aarhus

Coping with the Memory Hierarchy the Cache-Oblivious Way Rolf Fagerberg University of Aarhus Imada, SDU, February 18, 2004 Overview The memory hierachy The I/O-model The cache-oblivious model Examples of cache-oblivious

1.23k views • 72 slides
A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan 2 Brent Waters 1 1 SRI International 2 MIT CRYPTO 2008 1 / 10 Oblivious Transfer [R81,EGL85,BCR86,C87,K88,CK88,C89,CS91,CGT95,DCP95,FMR96,BC97,. .

1.02k views • 50 slides
Panorama Surveys Distance Learning & Community Needs Surveys administered to: Students,

Panorama Surveys Distance Learning & Community Needs Surveys administered to: Students,

Panorama Surveys Distance Learning & Community Needs Surveys administered to: Students, Stafg & Families June 2020 GOALS Panorama Student Survey Needs with Distance Learning Daily Habits Distance Learning Environment

615 views • 32 slides
A Cache-Oblivious Heap Introduced by Arge et al. [1]. Based on distribution of elements

A Cache-Oblivious Heap Introduced by Arge et al. [1]. Based on distribution of elements

A Cache-Oblivious Heap Introduced by Arge et al. [1]. Based on distribution of elements References [1] L. Arge, M. A. Bender, E. D. Demaine, B. Holland-Minkley, and J. I. Munro, Cache-oblivious priority queue and graph algorithm

520 views • 15 slides
Autodesk Idol MFG Autodesk Panorama 2015 Introducing Dmytro Mukhin Anton Vasiliev Evgeny

Autodesk Idol MFG Autodesk Panorama 2015 Introducing Dmytro Mukhin Anton Vasiliev Evgeny

Autodesk Idol MFG Autodesk Panorama 2015 Introducing Dmytro Mukhin Anton Vasiliev Evgeny Tulubensky Autodesk Panorama 2015 Autodesk Idol MFG Autodesk Digital Prototyping Autodesk Panorama 2015 Autodesk Idol MFG Design for Reduce of Energy

575 views • 12 slides
Logarithmic Minimal Models, W -Extended Fusion and Verlinde Formulas 24 September 2008 GGI

Logarithmic Minimal Models, W -Extended Fusion and Verlinde Formulas 24 September 2008 GGI

Logarithmic Minimal Models, W -Extended Fusion and Verlinde Formulas 24 September 2008 GGI Florence Paul A. Pearce Department of Mathematics and Statistics, University of Melbourne PAP, J.Rasmussen, J.-B.Zuber, Logarithmic minimal models ,

391 views • 28 slides
Logarithmic Fluctuations From Circularity Lionel Levine (MIT) AMS Eastern Sectional Meeting

Logarithmic Fluctuations From Circularity Lionel Levine (MIT) AMS Eastern Sectional Meeting

Logarithmic Fluctuations From Circularity Lionel Levine (MIT) AMS Eastern Sectional Meeting April 9, 2011 Joint work with David Jerison and Scott Sheffield Lionel Levine Logarithmic Fluctuations From Circularity From random walk to growth

260 views • 23 slides
Table of Contents 1. Executive Summary 2. Background Information: Description of the Panorama

Table of Contents 1. Executive Summary 2. Background Information: Description of the Panorama

B ELLEVUE S CHOOL D ISTRICT Panorama Student Survey Update Fall 2017 Board Presentation January 16, 2018 Presented by: Naomi Calvo Director of Research, Evaluation & Assessment For additional information regarding this presentation

327 views • 32 slides
Differentially Private Oblivious RAM Sameer Wagh , Paul Cuff , Prateek Mittal July 24,

Differentially Private Oblivious RAM Sameer Wagh , Paul Cuff , Prateek Mittal July 24,

Differentially Private Oblivious RAM Sameer Wagh , Paul Cuff , Prateek Mittal July 24, 2019 Princeton University, Renaissance Technologies Introduction: Oblivious RAM Access data privately from private database. 1

898 views • 55 slides
Steins method, logarithmic and transport inequalities M. Ledoux Institut de Math ematiques

Steins method, logarithmic and transport inequalities M. Ledoux Institut de Math ematiques

Steins method, logarithmic and transport inequalities M. Ledoux Institut de Math ematiques de Toulouse, France joint work with I. Nourdin, G. Peccati (Luxemburg) new connections between Steins method logarithmic Sobolev inequalities

894 views • 45 slides
Oblivious AQM and Nash Equilibria Dutta, Goal and Heidmann In Proceedings of the IEEE Infocom,

Oblivious AQM and Nash Equilibria Dutta, Goal and Heidmann In Proceedings of the IEEE Infocom,

Oblivious AQM and Nash Equilibria Dutta, Goal and Heidmann In Proceedings of the IEEE Infocom, pages 106-113, San Francisco, California, USA, March 2003. IEEE. Presented by ZHOU Zhen cszz COMP 670O 1-1 Oblivious AQM and Nash Equilibria

616 views • 33 slides
Cache Oblivious Sorting Gerth Stlting Brodal University of Aarhus Algorithms and Data

Cache Oblivious Sorting Gerth Stlting Brodal University of Aarhus Algorithms and Data

Cache Oblivious Sorting Gerth Stlting Brodal University of Aarhus Algorithms and Data Structures, Bertinoro, Forl` , Italy, June 22-28, 2003 1 Foundation 2 Outline of Talk Cache oblivious model Sorting problem Binary and

553 views • 33 slides

More recommend