# Software protection and simulation on oblivious RAMs

@article{Ostrovsky1996SoftwarePA, title={Software protection and simulation on oblivious RAMs}, author={Rafail Ostrovsky}, journal={J. ACM}, year={1996}, volume={43}, pages={431-473} }

Software protection is one of the most important issues concerning computer practice. There exist many heuristics and ad-hoc methods for protection, but the problem as a whole has not received the theoretical treatment it deserves. In this paper, we provide theoretical treatment of software protection. We reduce the problem of software protection to the problem of efficient simulation on oblivious RAM.
A machine is oblivious if thhe sequence in which it accesses memory locations is equivalent…

## 1,537 Citations

Oblivious RAMs without cryptogrpahic assumptions

- Computer Science, MathematicsSTOC '10
- 2010

It is shown that simulation with an oblivious, coin-flipping RAM, with only a factor of ln increase in time and space requirements, is possible, even without any cryptographic assumptions.

Is There an Oblivious RAM Lower Bound?

- Computer Science, MathematicsITCS
- 2016

The lower bound on the overhead required to obliviously simulate programs, due to Goldreich and Ostrovsky, is revisited and it is proved that for the offline case, showing a lower bound without the above restriction is related to the size of the circuits for sorting.

Differentially Oblivious Turing Machines

- Computer Science, MathematicsITCS
- 2021

It is shown that any Turing machine computation can be generically compiled into a differentially oblivious one with only doubly logarithmic overhead, the first unconditional separation between obliviousness and differential obliviousness in the most natural setting of parameters where is a constant and δ is negligible.

Optimal Oblivious Parallel RAM

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

It is shown that any Parallel RAM with memory capacity N can be obliviously simulated in space O(N), incurring only O(logN) blowup in (amortized) total work as well as in depth, and provides an essentially optimal OPRAM scheme.

Perfectly Oblivious (Parallel) RAM Revisited, and Improved Constructions

- Computer Science, MathematicsITC
- 2021

The performance metrics for perfect ORAM/OPRAM, and novel constructions that achieve asymptotical improvements for all performance metrics are revisited, and high-probability performance bounds that match the expected bounds are proved.

On the Depth of Oblivious Parallel RAM T -

- Computer Science, Mathematics
- 2017

This paper asks whether oblivious simulation of PRAM programs can be further sped up if the OPRAM is allowed to have more CPUs than the original PRAM, and constructs a new OPRam scheme that gains a logarithmic factor in depth and without incurring extra blowup in total work in comparison with the state-of-the-art OPR AM scheme.

OptORAMa : Optimal Oblivious RAM Gilad Asharov

- Computer Science, Mathematics
- 2019

This paper presents the first secure ORAM with O(logN) amortized blowup, assuming one-way functions, and improves the previously best known deterministic or randomized algorithms whose running time is O(n · log n) or O( n · log log n), respectively.

Trace oblivious computation

- Computer Science, MathematicsSPLASH
- 2015

This thesis work adopts a language design approach to facilitate users to develop efficient oblivious applications and design languages and security type systems to support efficient algorithm implementations, while formally enforcing obliviousness.

Using Predicated Instructions in Oblivious Data Structures

- Computer Science
- 2020

It is shown that the program runtimes can be reduced and the effectiveness strongly depends on the control-flow of the input program.

Distributed Oblivious RAM for Secure Two-Party Computation

- Computer Science, MathematicsTCC
- 2013

We present a new method for secure two-party Random Access Memory (RAM) program computation that does not require taking a program and first turning it into a circuit. The method achieves logarithmic…

## References

SHOWING 1-10 OF 58 REFERENCES

Efficient computation on oblivious RAMs

- Computer ScienceSTOC '90
- 1990

This paper shows how to do an on-line simulation of an arbitrary RAM program by a probabilistic RAM whose memory access pattern is independent of the program which is being executed, and with a poly-logarithmic slowdown in the running time.

Towards a theory of software protection and simulation by oblivious RAMs

- Computer ScienceSTOC
- 1987

This paper distill and formulate the key problem of learning about a program from its execution, and presents an efficient way of executing programs such that it is infeasible to learn anything about the program by monitoring its executions.

Cryptographic defense against traffic analysis

- Computer Science, MathematicsSTOC '93
- 1993

A model which allows us formally to define “untraceability” of messages in a network of synchronously communicating processors is presented, using such cryptographic techniques as secure multiparty computation and non-interactive zero-knowledge proof.

Checking the correctness of memories

- Computer Science[1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science
- 1991

The notion of program checking is extended to include programs that alter their environment, in particular, programs that store and retrieve data from memory, where n is the size of the structure.

Pseudo-random generators under uniform assumptions

- Mathematics, Computer ScienceSTOC '90
- 1990

The main result of this paper is to indeed prove that oneway functions in the uniform model imply uniformly secure generators.

Relations Among Complexity Measures

- Computer ScienceJACM
- 1979

It is shown that n steps of the computation of an arbitrary machine with one- dimensional tapes can be performed by a combinational logic network of cost O( n log n) and delay O(n) and the results are the best possible, at least insofar as on-hne simulation is concerned.

Pseudo-random permutation generators and cryptographic composition

- Computer Science, MathematicsSTOC '86
- 1986

Part of the cryptographic folklore is that cryptographic composition increases security, and this paper formalizes the notions of cryptographic composition and partial security in this paper and proves that indeed the folklore is correct, i.e. the cryptographic composition of two partially secure permutations generators yields a more secure permutation generator.

Designing programs that check their work

- Computer ScienceSTOC '89
- 1989

This paper defines the concept of a program checker, designs program checkers for a few specific and carefully chosen problems in the class P of problems solvable in polynomial time and characterizes the problems that can be checked.

How to generate cryptographically strong sequences of pseudo random bits

- Computer Science, Mathematics23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)
- 1982

A general algorithmic scheme for constructing polynomial-time deterministic algorithms that stretch a short secret random input into a long sequence of unpredictable pseudo-random bits is presented.

Protecting externally supplied software in small computers

- Computer Science
- 1980

This thesis employs two tools to achieve the security requirements of vendors of external software: tamper-resistant modules (TRMs) and cryptographic techniques.