Results 1 
9 of
9
Oblivious RAM Revisited
"... We reinvestigate the oblivious RAM concept introduced by Goldreich and Ostrovsky, which enables a client, that can store locally only a constant amount of data, to store remotely n data items, and access them while hiding the identities of the items which are being accessed. Oblivious RAM is often c ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We reinvestigate the oblivious RAM concept introduced by Goldreich and Ostrovsky, which enables a client, that can store locally only a constant amount of data, to store remotely n data items, and access them while hiding the identities of the items which are being accessed. Oblivious RAM is often cited as a powerful tool, which can be used, for example, for search on encrypted data or for preventing cache attacks. However, oblivious RAM it is also commonly considered to be impractical due to its overhead, which is asymptotically efficient but is quite high: each data request is replaced by O(log 4 n) requests, or by O(log 3 n) requests where the constant in the “O ” notation is a few thousands. In addition, O(n log n) external memory is required in order to store the n data items. We redesign the oblivious RAM protocol using modern tools, namely Cuckoo hashing and a new oblivious sorting algorithm. The resulting protocol uses only O(n) external memory, and replaces each data request by only O(log 2 n) requests (with a small constant). This analysis is validated by experiments that we ran. Keywords: Secure twoparty computation, oblivious RAM.
Triangle counting in dynamic graph streams
"... Estimating the number of triangles in graph streams using a limited amount of memory has become a popular topic in the last decade. Different variations of the problem have been studied depending on whether the graph edges are provided in arbitrary order or as incidence lists. However, with a few ex ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Estimating the number of triangles in graph streams using a limited amount of memory has become a popular topic in the last decade. Different variations of the problem have been studied depending on whether the graph edges are provided in arbitrary order or as incidence lists. However, with a few exceptions, the algorithms have considered insertonly streams. We present a new algorithm estimating the number of triangles in dynamic graph streams where edges can be both inserted and deleted. We show that our algorithm achieves better time and space complexity than previous solutions for various graph classes, for example sparse graphs with a relatively small number of triangles. Also, for graphs with constant transitivity coefficient, a common situation in real graphs, this is the first algorithm achieving constant processing time per edge. 1
An Empirical Evaluation of Extendible Arrays
"... Abstract. We study the performance of several alternatives for implementing extendible arrays, which allow random access to elements stored in them, whilst allowing the arrays to be grown and shrunk. The study not only looks at the basic operations of grow/shrink and accessing data, but also the eff ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We study the performance of several alternatives for implementing extendible arrays, which allow random access to elements stored in them, whilst allowing the arrays to be grown and shrunk. The study not only looks at the basic operations of grow/shrink and accessing data, but also the effects of memory fragmentation on performance. 1
How to Approximate A Set Without Knowing Its Size In Advance
"... The dynamic approximate membership problem asks to represent a set S of size n, whose elements are provided in an online fashion, supporting membership queries without false negatives and with a false positive rate at most ϵ. That is, the membership algorithm must be correct on each x ∈ S, and may ..."
Abstract
 Add to MetaCart
The dynamic approximate membership problem asks to represent a set S of size n, whose elements are provided in an online fashion, supporting membership queries without false negatives and with a false positive rate at most ϵ. That is, the membership algorithm must be correct on each x ∈ S, and may err with probability at most ϵ on each x / ∈ S. We study a wellmotivated, yet insufficiently explored, variant of this problem where the size n of the set is not known in advance. Existing optimal approximate membership data structures require that the size is known in advance, but in many practical scenarios this is not a realistic assumption. Moreover, even if the eventual size n of the set is known in advance, it is desirable to have the smallest possible space usage also when the current number of inserted elements is smaller than n. Our contribution consists of the following results: • We show a superlinear gap between the space complexity when the size is known in advance and the space complexity when the size is not known in advance. When the size is known in advance, it is wellknown that Θ(n log(1/ϵ)) bits of space are necessary and sufficient (Bloom ’70, Carter et al. ’78). However, when the size is not known in advance, we prove
Hebrew University
"... Abstract — The dynamic approximate membership problem asks to represent a set S of size n, whose elements are provided in an online fashion, supporting membership queries without false negatives and with a false positive rate at most ɛ. That is, the membership algorithm must be correct on each x ∈ ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract — The dynamic approximate membership problem asks to represent a set S of size n, whose elements are provided in an online fashion, supporting membership queries without false negatives and with a false positive rate at most ɛ. That is, the membership algorithm must be correct on each x ∈ S, and may err with probability at most ɛ on each x / ∈ S. We study a wellmotivated, yet insufficiently explored, variant of this problem where the size n of the set is not known in advance. Existing optimal approximate membership data structures require that the size is known in advance, but in many practical scenarios this is not a realistic assumption. Moreover, even if the eventual size n of the set is known in advance, it is desirable to have the smallest possible space usage also when the current number of inserted elements is smaller than n. Our contribution consists of the following results: • We show a superlinear gap between the space complexity when the size is known in advance and the space complexity when the size is not known in advance. When the size is known in advance, it is wellknown that Θ(n log(1/ɛ)) bits of space are necessary and sufficient (Bloom ’70, Carter et al. ’78). However, when the size is not known in advance, we prove that at least (1 − o(1))n log(1/ɛ) + Ω(n log log n) bits of space must be used. In particular, the average number of bits per element must depend on the size of the set. • We show that our space lower bound is tight, and can even be matched by a highly efficient data structure. We present a data structure that uses (1+o(1))n log(1/ɛ)+O(n log log n) bits of space for approximating any set of any size n, without having to know n in advance. Our data structure supports membership queries in constant time in the worst case with high probability, and supports insertions in expected amortized constant time. Moreover, it can be “deamortized” to support also insertions in constant time in the worst case with high probability by only increasing its space usage to O(n log(1/ɛ) + n log log n) bits. 1.
CacheOblivious Dictionaries and Multimaps with Negligible Failure Probability
"... A dictionary (or map) is a keyvalue store that requires all keys be unique, and a multimap is a keyvalue store that allows for multiple values to be associated with the same key. We design hashingbased indexing schemes for dictionaries and multimaps that achieve worstcase optimal performance for ..."
Abstract
 Add to MetaCart
(Show Context)
A dictionary (or map) is a keyvalue store that requires all keys be unique, and a multimap is a keyvalue store that allows for multiple values to be associated with the same key. We design hashingbased indexing schemes for dictionaries and multimaps that achieve worstcase optimal performance for lookups and updates, with minimal space overhead and subpolynomial probability that the data structure will require a rehash operation. Our dictionary structure is designed for the Random Access Machine (RAM) model, while our multimap implementation is designed for the cacheoblivious external memory (I/O) model. The failure probabilities for our structures are subpolynomial, which can be useful in cryptographic or dataintensive applications.
Hardness Preserving Reductions via Cuckoo Hashing
, 2012
"... A common method for increasing the usability and uplifting the security of pseudorandom function families (PRFs) is to “hash ” the inputs into a smaller domain before applying the PRF. This approach, known as “Levin’s trick”, is used to achieve “PRF domain extension ” (using a short, e.g., fixed, in ..."
Abstract
 Add to MetaCart
A common method for increasing the usability and uplifting the security of pseudorandom function families (PRFs) is to “hash ” the inputs into a smaller domain before applying the PRF. This approach, known as “Levin’s trick”, is used to achieve “PRF domain extension ” (using a short, e.g., fixed, input length PRF to get a variablelength PRF), and more recently to transform nonadaptive PRFs to adaptive ones. Such reductions, however, are vulnerable to a “birthday attack”: after √ U  queries to the resulting PRF, where U being the hash function range, a collision (i.e., two distinct inputs have the same hash value) happens with high probability. As a consequence, the resulting PRF is insecure against an attacker making this number of queries. In this work we show how to go beyond the birthday attack barrier, by replacing the above simple hashing approach with a variant of cuckoo hashing — a hashing paradigm typically used for resolving hash collisions in a table, by using two hash functions and two tables, and cleverly assigning each element into one of the two tables. We use this approach to obtain: (i) A domain extension method that requires just two calls to the original PRF, can withstand as many queries as the original domain size and has a distinguishing probability that is exponentially small in the non cryptographic work. (ii) A securitypreserving reduction from nonadaptive to adaptive PRFs. 1
Tight Bounds for Sliding Bloom Filters∗
, 2013
"... A Bloom filter is a method for reducing the space (memory) required for representing a set by allowing a small error probability. In this paper we consider a Sliding Bloom Filter: a data structure that, given a stream of elements, supports membership queries of the set of the last n elements (a slid ..."
Abstract
 Add to MetaCart
(Show Context)
A Bloom filter is a method for reducing the space (memory) required for representing a set by allowing a small error probability. In this paper we consider a Sliding Bloom Filter: a data structure that, given a stream of elements, supports membership queries of the set of the last n elements (a sliding window), while allowing a small error probability and a slackness parameter. The problem of sliding Bloom filters has appeared in the literature in several communities, but this work is the first theoretical investigation of it. We formally define the data structure and its relevant parameters and analyze the time and memory requirements needed to achieve them. We give a low space construction that runs in O(1) time per update with high probability (that is, for all sequences with high probability all operations take constant time) and provide an almost matching lower bound on the space that shows that our construction has the best possible space consumption up to an additive lower order term. 1
Bloom Filters in Adversarial Environments
"... Many efficient data structures use randomness, allowing them to improve upon deterministic ones. Usually, their efficiency and/or correctness are analyzed using probabilistic tools under the assumption that the inputs and queries are independent of the internal randomness of the data structure. In t ..."
Abstract
 Add to MetaCart
(Show Context)
Many efficient data structures use randomness, allowing them to improve upon deterministic ones. Usually, their efficiency and/or correctness are analyzed using probabilistic tools under the assumption that the inputs and queries are independent of the internal randomness of the data structure. In this work, we consider data structures in a more robust model, which we call the adversarial model. Roughly speaking, this model allows an adversary to choose inputs and queries adaptively according to previous responses. Specifically, we consider a data structure known as “Bloom filter ” and prove a tight connection between Bloom filters in this model and cryptography. A Bloom filter represents a set S of elements approximately, by using fewer bits than a precise representation. The price for succinctness is allowing some errors: for any x ∈ S it should always answer ‘Yes’, and for any x / ∈ S it should answer ‘Yes ’ only with small probability. In the adversarial model, we consider both efficient adversaries (that run in polynomial time) and computationally unbounded adversaries that are only bounded in the amount of queries they can make. For computationally bounded adversaries, we show that nontrivial (memorywise) Bloom filters exist if and only if oneway functions exist. For unbounded adversaries we show that there exists a Bloom filter for sets of size n and error ε, that is secure against t queries and uses only O(n log 1ε + t) bits of memory. In comparison, n log 1 ε is the best possible under a nonadaptive adversary.