TY - GEN
T1 - Constants count
T2 - 24th USENIX Security Symposium
AU - Ren, Ling
AU - Fletcher, Christopher
AU - Kwon, Albert
AU - Stefanov, Emil
AU - Shi, Elaine
AU - Van Dijk, Marten
AU - Devadas, Srinivas
N1 - Publisher Copyright:
© 2015 Proceedings of the 24th USENIX Security Symposium. All rights reserved.
PY - 2015
Y1 - 2015
N2 - Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. This paper proposes Ring ORAM, the most bandwidth-efficient ORAM scheme for the small client storage setting in both theory and practice. Ring ORAM is the first tree-based ORAM whose bandwidth is independent of the ORAM bucket size, a property that unlocks multiple performance improvements. First, Ring ORAM’s overall bandwidth is 2.3× to 4× better than Path ORAM, the prior-art scheme for small client storage. Second, if memory can perform simple untrusted computation, Ring ORAM achieves constant online bandwidth (∼ 60× improvement over Path ORAM for practical parameters). As a case study, we show Ring ORAM speeds up program completion time in a secure processor by 1.5× relative to Path ORAM. On the theory side, Ring ORAM features a tighter and significantly simpler analysis than Path ORAM.
AB - Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. This paper proposes Ring ORAM, the most bandwidth-efficient ORAM scheme for the small client storage setting in both theory and practice. Ring ORAM is the first tree-based ORAM whose bandwidth is independent of the ORAM bucket size, a property that unlocks multiple performance improvements. First, Ring ORAM’s overall bandwidth is 2.3× to 4× better than Path ORAM, the prior-art scheme for small client storage. Second, if memory can perform simple untrusted computation, Ring ORAM achieves constant online bandwidth (∼ 60× improvement over Path ORAM for practical parameters). As a case study, we show Ring ORAM speeds up program completion time in a secure processor by 1.5× relative to Path ORAM. On the theory side, Ring ORAM features a tighter and significantly simpler analysis than Path ORAM.
UR - http://www.scopus.com/inward/record.url?scp=85076291337&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076291337&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85076291337
T3 - Proceedings of the 24th USENIX Security Symposium
SP - 415
EP - 430
BT - Proceedings of the 24th USENIX Security Symposium
PB - USENIX Association
Y2 - 12 August 2015 through 14 August 2015
ER -