Efficient Oblivious Database Joins
Loading...
Date
2020-12-10
Authors
Krastnikov, Simeon
Journal Title
Journal ISSN
Volume Title
Publisher
University of Waterloo
Abstract
A major algorithmic challenge in designing applications intended for secure remote execution is ensuring that their execution is oblivious to their inputs, in the sense that their memory access patterns do not leak sensitive information to the server. This problem is particularly relevant to cloud databases that wish to allow queries over the client’s encrypted data. One of the major obstacles to such a goal is the join operator, which is non-trivial to implement obliviously without resorting to generic but inefficient solutions like Oblivious RAM (ORAM).
We present an oblivious algorithm for equi-joins which (up to a logarithmic factor) matches the optimal O(n log n) complexity of the standard non-secure sort-merge join (on inputs producing O(n) outputs). We do not use expensive primitives like ORAM or rely on unrealistic hardware or security assumptions. Our approach, which is based on sorting networks and novel provably-oblivious constructions, is conceptually simple, easily verifiable, and very efficient in practice. Its data-independent algorithmic structure makes it secure in various different settings for remote computation, even in those that are known to be vulnerable to certain side-channel attacks (such as Intel SGX) or with strict requirements for low circuit complexity (like secure multiparty computation). We confirm that our approach is easily realizable by means of a compact implementation which matches our expectations for performance and is shown, both formally and empirically, to possess the desired security characteristics.
Description
Keywords
oblivious algorithms, query processing, database privacy, database security, database joins