International Association for Cryptologic Research

International Association
for Cryptologic Research


Simple and Efficient Two-Server ORAM

S. Dov Gordon
Jonathan Katz
Xiao Wang
DOI: 10.1007/978-3-030-03332-3_6
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2018
Abstract: We show a protocol for two-server oblivious RAM (ORAM) that is simpler and more efficient than the best prior work. Our construction combines any tree-based ORAM with an extension of a two-server private information retrieval scheme by Boyle et al., and is able to avoid recursion and thus use only one round of interaction. In addition, our scheme has a very cheap initialization phase, making it well suited for RAM-based secure computation. Although our scheme requires the servers to perform a linear scan over the entire data, the cryptographic computation involved consists only of block-cipher evaluations.A practical instantiation of our protocol has excellent concrete parameters: for storing an N-element array of arbitrary size data blocks with statistical security parameter $$\lambda $$, the servers each store 4N encrypted blocks, the client stores $$\lambda +2\log N$$ blocks, and the total communication per logical access is roughly $$10 \log N$$ encrypted blocks.
  title={Simple and Efficient Two-Server ORAM},
  booktitle={Advances in Cryptology – ASIACRYPT 2018},
  series={Lecture Notes in Computer Science},
  author={S. Dov Gordon and Jonathan Katz and Xiao Wang},