International Association
for Cryptologic Research

Oblivious RAMs (ORAMs) have traditionally been measured by their \\emph{bandwidth overhead} and \\emph{client storage}. We observe that when using ORAMs to build secure computation protocols for RAM programs, the \\emph{size} of the ORAM circuits is more relevant to the performance.

We therefore embark on a study of the \\emph{circuit-complexity} of several recently proposed ORAM constructions. Our careful implementation and experiments show that asymptotic analysis is not indicative of the true performance of ORAM in secure computation protocols with practical data sizes.

We then present SCORAM, a heuristic \\emph{compact} ORAM design optimized for secure computation protocols. Our new design is almost 10x smaller in circuit size and also faster than all other designs we have tested for realistic settings (i.e., memory sizes between 4MB and 2GB, constrained by $2^{-80}$ failure probability). SCORAM\\ makes it feasible to perform secure computations on gigabyte-sized data sets.