IACR News item: 17 December 2014
Ling Ren, Christopher W. Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten van Dijk, Sriniv
ePrint ReportSimply by tuning parameters, Ring ORAM matches or exceeds the performance of the best-known small and large client storage schemes and can achieve a constant factor online bandwidth overhead over insecure systems.
We evaluate Ring ORAM in theory and in practice.
On the theory side, we prove that Ring ORAM matches the asymptotic bandwidth and client storage of Path ORAM, the prior-art scheme for small client storage.
Tuning parameters for small client storage, Ring ORAM reduces overall bandwidth relative to Path ORAM by a factor of $2.7\\times$ and reduces online bandwidth to constant (a $57\\times$ improvement over Path ORAM given realistic parameters).
Tuning parameters for large client storage, Ring ORAM outperforms Path ORAM (which is given equal storage) by $4.5\\times$ and SSS ORAM, the prior-art scheme for large client storage, by 16-33\\%.
Using secure processors as a case study for small client storage, Ring ORAM on average reduces ORAM response time by nearly $5\\times$ and improves workload completion time by $2.75\\times$, relative to Path ORAM.
In the large storage setting, running an enterprise file system trace with bursty requests, Ring ORAM adds negligible overhead to response time given a $>100$~Mbps network bandwidth.
By comparison, Burst ORAM incurs large overheads in response time unless network bandwidth $>350$~Mbps.
These results suggest that Ring ORAM is a compelling construction in both large client storage (e.g., file server) and small client storage (e.g., remote secure processor) settings.
Additional news items may be found on the IACR news page.