Oblivious Random Access Machine (ORAM) is a kind of cryptographic primitive that allows a client to access its private data from the server without disclosing the access pattern. To deal with consecutive requested blocks at a time efficiently, range ORAM (rORAM) is presented. In the previous rORAM scheme, the locality, namely, the number of discontinuous seeks to complete a request, is reduced to O(log2 N), nevertheless, the bandwidth cost is increased to the poly-logarithmic level. Hence, there exists an open question, that is, whether rORAM can be constructed with the same bandwidth efficiency as a regular ORAM, that is, O(log N)-block? In this paper, we propose a new rORAM scheme, called L2-rORAM. In our scheme, a compatible superblock technique is proposed, and it is combined together with an eviction technique for range blocks, so that it avoids duplication of multiple copies and extra dummy access. As a result, it obtains O(log N)-block bandwidth cost, which affirmatively answers the above open question. Meanwhile, the data locality is reduced to O(log N). In addition, the client storage is maintained at the small level of O(log N)-block, and the server storage is maintained at the unexpanded level of O(N)-block. Finally, experimental results show that the average response time of our L2-rORAM is reduced by one order of magnitude over the state-of-the-art rORAM scheme.
Read full abstract