Single Round-trip Hierarchical ORAM via Succinct Indices

Accesses to data stored remotely create a side channel that is known to leak information even if the content is encrypted. Oblivious RAM is a cryptographic primitive that provides confidentiality of access patterns in remote storage settings. To outsource a database of $n$ blocks of $B$ bits, traditional solutions restrict the client to $\mathcal{O}(B)$ bits of private memory. A class of solutions, known as Hierarchical ORAM, has achieved theoretically optimal bandwidth performance in this setting. Hierarchical ORAM distributes data blocks at the server across a hierarchy of hash tables, with the most recently accessed blocks in the lower levels of the hierarchy. Locating a block in the hierarchy requires a large number of round-trips of communication, with the server, per virtual access. Furthermore, rebuilding the hierarchy incurs a large concrete bandwidth overhead. Thus, Hierarchical ORAMs are seen as theoretical artefacts and have not been deployed in practice. For many applications, such as cloud storage, the client can afford a larger, $\omega(B)$-bit, private memory allocation. With this premise, we introduce Rank ORAM, the first practical Hierarchical ORAM that takes advantage of a larger client. We construct a compact client-side data structure that keeps track of how recently data blocks have been accessed. Leveraging this information, Rank ORAM reduces both the number of round-trips of communication and the concrete bandwidth overhead of Hierarchical ORAM. In addition, Rank ORAM achieves a smaller client memory allocation than existing (non-Hierarchical) state-of-the-art practical ORAM schemes while maintaining comparable bandwidth performance. Our experiments on real network file-system traces demonstrate a reduction in client memory, against existing approaches, of a factor of $100$.