面向可变长度数据的高效ORAM方案

Efficient ORAM Scheme for Variable Length Data

数字经济的发展使得数据体量增长急剧加速,数据安全也成为了当前社会中重要的关注点。为了保护数据隐私安全,不经意随机访问机(ORAM,Oblivious Random Access Machine)方案被提出来保护不可信内存中的访问模式。本文提出一种全新的ORAM协议,与以往只能存储固定长度分块的方案不同,本文提出的方案支持存储不同长度的数据,以更高的效率保证攻击者无法通过观察访问推测出隐私信息。该方案重塑了初始的二叉树结构,并采用加法同态加密方案来实现恒定的通信复杂性。该方案通过可变长度数据提升了多项性能,对于小型客户端存储,该ORAM协议的网络带宽比RingORAM低30%,比HIRBORAM低40%。同时,该ORAM协议极大地节省了客户端计算开销,并利用第三方(可信代理)提高了存储容量。最后证明了本方案过程中读取、写入以及驱逐操作的安全性。

The development of the digital economy has sharply accelerated the growth of data volume,and data security has become an important concern for the current government,enterprises and industry.In order to protect data privacy and security,the Oblivious Random Access Machine(ORAM)scheme has been proposed to protect access patterns in untrusted memory.This article proposes a new ORAM protocol,which is different from previous schemes that can only store same length blocks.The proposed scheme supports storing data of different lengths,ensuring higher efficiency that attackers cannot infer privacy information through observing the access.This scheme reshapes the initial binary tree structure and adopts an additive homomorphic encryption scheme to achieve constant communication complexity.This scheme improves multiple performance through variable length data.For small client storage,the network bandwidth of this ORAM protocol is 30%lower than Ring ORAM and 40%lower than HIRB ORAM.At the same time,the ORAM protocol greatly saves client computing costs and utilizes third-party(trusted agents)to increase storage capacity.Finally,the security of each operation of this scheme was proven.