Oblivious Random Access Machine (ORAM) allows a client to hide the access pattern when accessing sensitive data on a remote server. It is known that there exists a logarithmic communication lower bound on any passive ORAM construction, where the server only acts as the storage service. This overhead, however, was shown costly for some applications. Several active ORAM schemes with server computation have been proposed to overcome this limitation. However, they mostly rely on costly homomorphic encryptions, whose performance is worse than passive ORAM. In this article, we propose S 3 ORAM, a new multi-server ORAM framework, which features O (1) client bandwidth blowup and low client storage without relying on costly cryptographic primitives. Our key idea is to harness Shamir Secret Sharing and a multi-party multiplication protocol on applicable binary tree-ORAM paradigms. This strategy allows the client to instruct the server(s) to perform secure and efficient computation on his/her behalf with a low intervention thereby, achieving a constant client bandwidth blowup and low server computational overhead. Our framework can also work atop a general k -ary tree ORAM structure ( k ≥ 2). We fully implemented our framework, and strictly evaluated its performance on a commodity cloud platform (Amazon EC2). Our comprehensive experiments confirmed the efficiency of S 3 ORAM framework, where it is approximately 10× faster than the most efficient passive ORAM (i.e., Path-ORAM) for a moderate network bandwidth while being three orders of magnitude faster than active ORAM with O (1) bandwidth blowup (i.e., Onion-ORAM). We have open-sourced the implementation of our framework for public testing and adaptation.

中文翻译：

---

具有恒定客户端带宽膨胀的多服务器 ORAM 框架

Oblivious Random Access Machine (ORAM) 允许客户端在访问远程服务器上的敏感数据时隐藏访问模式。众所周知，任何被动 ORAM 结构都存在对数通信下限，其中服务器仅充当存储服务。然而，这种开销对于某些应用程序来说是昂贵的。已经提出了几种具有服务器计算的主动 ORAM 方案来克服这个限制。然而，它们主要依赖于昂贵的同态加密，其性能比被动 ORAM 差。在本文中，我们提出 S3ORAM，一个新的多服务器 ORAM 框架，它具有○(1) 客户端带宽膨胀和客户端存储量低，而不依赖于昂贵的密码原语。我们的关键思想是在适用的二叉树-ORAM 范式上利用 Shamir 秘密共享和多方乘法协议。该策略允许客户端指示服务器代表他/她执行安全和高效的计算，干预较少，从而实现恒定的客户端带宽膨胀和低服务器计算开销。我们的框架也可以在一般的ķ-ary 树 ORAM 结构 (ķ≥ 2)。我们完全实现了我们的框架，并在商品云平台（Amazon EC2）上严格评估了它的性能。我们的综合实验证实了 S 的效率3ORAM 框架，对于中等网络带宽，它比最有效的无源 ORAM（即 Path-ORAM）快大约 10 倍，同时比有源 ORAM 快三个数量级○(1) 带宽膨胀（即 Onion-ORAM）。我们已经开源了我们的公共测试和适应框架的实施。