International Association
for Cryptologic Research

It has been an open question whether Oblivious RAM stored on a malicious server can be securely shared among multiple users. ORAMs are stateful, and users need to exchange updated state to maintain security. This is a challenge, as the motivation for using ORAM is that the users may not have a way to directly communicate. A malicious server can potentially tamper with state information and thus break security. We answer the question of multi-user ORAM on malicious servers affirmatively by providing several new, efficient multi-user ORAM constructions. We first show how to make the original square-root solution by Goldreich and the hierarchical one by Goldreich and Ostrovsky multi-user secure. We accomplish this by separating the \\emph{critical} parts of the access, which depends on the state of the ORAM, from the non-critical parts that can be safely executed in any state. Our second and main contribution is a multi-user variant of Path ORAM. To enable secure meta-data update during evictions, we employ our first result, small multi-user secure classical ORAMs, as a building block. Depending on the block size, the overhead of our construction reaches a low $O(\\log n)$ communication complexity per user, similar to state-of-the-art single-user ORAMs.