We propose a new tree-based ORAM scheme called Circuit ORAM. Circuit ORAM makes
both theoretical and practical contributions. From a theoretical perspective, Circuit ORAM
shows that the well-known Goldreich-Ostrovsky logarithmic ORAM lower bound is tight under
certain parameter ranges, for several performance metrics. Therefore, we are the first to give an
answer to a theoretical challenge that remained open for the past twenty-seven years. Second,
Circuit ORAM earns its name because it achieves (almost) optimal circuit size both in theory
and in practice for realistic choices of block sizes. We demonstrate compelling practical perfor-
mance and show that Circuit ORAM is an ideal candidate for secure multi-party computation
applications.
↧