Presentation is loading. Please wait.

Presentation is loading. Please wait.

ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1.

Published byRussell Holland Modified over 9 years ago

Similar presentations

Presentation on theme: "ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1."— Presentation transcript:

1 ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1

2 Basics What is secure Computation Why it is important Different Methods 2

3 Secure Computation My age is 16 I do not want Bob to know My age is 12 I do not want Alice to know Who is the oldest? 3

4 Secure Computation Traditional solutions use circuit abstraction >=16?12 No, I am older than Bob OT [Yao, 1982] Garbled Circuit 4

5 Papers for discussion 1.* Automating Efficient RAM-Model Secure Computation, SP14 2.Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns, SEC14 5

6 Terms Third party computation Semi honest model Adversarial behavior Oblivious transfer Memory access pattern Garbled circuit 6

7 Introduction Traditional circuit approach RAM- SC model Automating efficient RAM- Model 7

8 Key building blocks of RAM model SC Oblivious RAM – a cryptographic primitive that hides memory access patterns by randomly shuffling data in memory. Each memory read/ write incurs poly log n actual memory accesses 8

9 Automating Efficient RAM – About Define Intermediate representation Type system Automated compiler – transfers high level program into secure computation protocol. 9

10 Continue Intermediate representation and Type system – Helps in avoiding expensive circuit 10

11 Automating RAM-model Secure Computation SCVM Intermediat e Representat ion Progra m in source langua ge Secure computati on protocol Programmer Crypto Non-Expert Front-end compiler Front-end compiler Back-end compiler Back-end compiler Type Checker Usability Formal Security Efficiency 11

12 Automating RAM-model Secure Computation SCVM Intermediat e Representat ion Progra m in source langua ge Secure computati on protocol Programmer Front-end compiler Front-end compiler Back-end compiler Back-end compiler Type Checker Usability Formal Security Efficiency 12

13 Automating RAM-model Secure Computation SCVM Intermediat e Representat ion Progra m in source langua ge Secure computati on protocol Programmer Front-end compiler Front-end compiler Back-end compiler Back-end compiler Type Checker Usability Formal Security Efficiency 13

14 Toward generating efficient protocol Instruction-trace obliviousness Memory-trace obliviousness Mixed-mode execution 14

15 Toward generating efficient protocol Instruction-trace obliviousness 15

16 Program counter leaks information The instructions being executed leak information if(a[mid] <key) l = mid + 1; else r = mid; 16

17 Program counter leaks information The instructions being executed leak information if(a[mid] <key) l = mid + 1; else r = mid; 17

18 Program counter leaks information The instructions being executed leak information if(a[mid] <key) l = mid + 1; else r = mid; 18

19 Program counter leaks information The instructions being executed leak information if(a[mid] <key) l = mid + 1; else r = mid; Universal Circuit Instruction Execute ALL instructions! INEFFICIENT! new pc value 19

20 Instruction-trace obliviousness if(a[mid] <key) l = mid + 1; else r = mid;t1=a[mid]; cmp = t1<key; t2=mid+1; l=mux(cmp, t2, l); r=mux(cmp, r, mid); Instruction-trace oblivious programs, e.g. straight-line programs, can avoid the universal circuit 20

21 Toward generating efficient protocol Instruction-trace obliviousness Memory-trace obliviousness 21

22 Memory Trace Obliviousness int count(public int n, alice int* data, bob int T) { int count = 0; for(int i=0; i<n; ++i) { if(data[i]==T) count = count+1; } data need not be stored in an ORAM RAM Linear scan 22

23 Toward generating efficient protocol Instruction-trace obliviousness Memory-trace obliviousness Mixed-mode execution 23

24 Mix-mode Execution When code can be computed locally or publicly, a secure computation protocol is not necessary E.g. sorting the array before performing binary search. { P, A, B, O} 24

25 Compilation Typing the source language Labeling statements On secret branching On secret while looping – can impose constraint Declassification – info can flow from only low secure to high Correctness - type checker 25

26 Evaluation KMP string matching algorithm Dijkstra’s shortest distance algorithm Inverse Permutation Aggregation over sliding windows Binary Search Heap Data Structure 26

27 Evaluation Little compile time compared to earlier circuit model compilers Metric – block cipher evaluations as performance metric 27

28 Thank you 28

Download ppt "ORAM – Used for Secure Computation by Venkatasatheesh Piduri 1."

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Polylogarithmic Private Approximations and Efficient Matching
Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.

Efficient Private Approximation Protocols Piotr Indyk David Woodruff Work in progress.
Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
GCSE Computing Lesson 5.

GCSE Computing Lesson 5.
Secure Computation of Linear Algebraic Functions

Secure Computation of Linear Algebraic Functions
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Yan Huang, David Evans, Jonathan Katz

Yan Huang, David Evans, Jonathan Katz
Synopsys University Courseware Copyright © 2012 Synopsys, Inc. All rights reserved. Compiler Optimization and Code Generation Lecture - 3 Developed By:

Synopsys University Courseware Copyright © 2012 Synopsys, Inc. All rights reserved. Compiler Optimization and Code Generation Lecture - 3 Developed By:
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Oblivious Branching Program Evaluation

Oblivious Branching Program Evaluation
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Automating Efficient RAM- Model Secure Computation Chang Liu, Yan Huang, Elaine Shi, Jonathan Katz, Michael Hicks University of Maryland, College Park.

Automating Efficient RAM- Model Secure Computation Chang Liu, Yan Huang, Elaine Shi, Jonathan Katz, Michael Hicks University of Maryland, College Park.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Code Shape III Booleans, Relationals, & Control flow Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled.

Code Shape III Booleans, Relationals, & Control flow Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled.
Complexity Analysis (Part I)

Complexity Analysis (Part I)

Similar presentations

Ads by Google