{"id":13641667,"url":"https://github.com/mobilecoinfoundation/mc-oblivious","last_synced_at":"2025-04-26T07:31:13.016Z","repository":{"id":37900051,"uuid":"345911644","full_name":"mobilecoinfoundation/mc-oblivious","owner":"mobilecoinfoundation","description":"ORAM and related for Intel SGX enclaves","archived":false,"fork":false,"pushed_at":"2023-09-04T22:45:26.000Z","size":331,"stargazers_count":52,"open_issues_count":4,"forks_count":13,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-19T18:00:26.318Z","etag":null,"topics":["cryptography","no-std"],"latest_commit_sha":null,"homepage":"https://mobilecoin.foundation/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mobilecoinfoundation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-03-09T06:55:03.000Z","updated_at":"2024-12-17T11:50:07.000Z","dependencies_parsed_at":"2024-01-14T11:16:39.850Z","dependency_job_id":"8a5198fe-b42e-4679-bdc5-26cabbd4185a","html_url":"https://github.com/mobilecoinfoundation/mc-oblivious","commit_stats":null,"previous_names":["mobilecoinofficial/mc-oblivious"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilecoinfoundation%2Fmc-oblivious","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilecoinfoundation%2Fmc-oblivious/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilecoinfoundation%2Fmc-oblivious/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilecoinfoundation%2Fmc-oblivious/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mobilecoinfoundation","download_url":"https://codeload.github.com/mobilecoinfoundation/mc-oblivious/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250953382,"owners_count":21513319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","no-std"],"created_at":"2024-08-02T01:01:22.858Z","updated_at":"2025-04-26T07:31:12.676Z","avatar_url":"https://github.com/mobilecoinfoundation.png","language":"Rust","funding_links":[],"categories":["Private Search"],"sub_categories":["Library OSes and SDKs"],"readme":"# mc-oblivious ![mobilecoin](./img/mobilecoin_logo.png)\n\n[![Project Chat][chat-image]][chat-link]\u003c!--\n--\u003e![License][license-image]\u003c!--\n--\u003e[![Dependency Status][deps-image]][deps-link]\u003c!--\n--\u003e[![CodeCov Status][codecov-image]][codecov-link]\u003c!--\n--\u003e[![GitHub Workflow Status][gha-image]][gha-link]\u003c!--\n--\u003e[![Contributor Covenant][conduct-image]][conduct-link]\n\nTraits and implementations for Oblivious RAM inside of Intel SGX enclaves.\n\nThe scope of this repository is:\n\n- Traits for fast constant-time conditional moves of aligned memory in x86-64\n- Traits for \"untrusted block storage\" and \"memory encryption engine\" to support a backing store that exceeds enclave memory limits\n- Traits for Oblivious RAM, and implementations\n- Traits for Oblivious Hash Tables, and implementations\n- Other oblivious data structures and algorithms, such as shuffling or sorting.\n\nThe code in this repo is expected to run on an x86-64 CPU inside SGX. It is out of scope\nto support other platforms. (However, we still abstract things in a reasonable way.\nOnly the `aligned-cmov` crate contains x86-64-specific code.)\n\nThe code in this repo is expected to require the nightly compiler,\nso that we can use inline assembly if needed, to ensure that we get CMOV etc.,\nbecause obliviously moving large blocks of memory is expected to be a bottleneck.\nIf and when inline assembly is stabilized in rust, we expect not to need nightly anymore.\n\n## What is oblivious RAM?\n\nOblivious RAM is a class of data structures designed to avoid information leaks\nover memory access pattern side-channels, introduced in [Goldreich '96].\n\nTree-based ORAM was introduced in a seminal paper [Shi, Chan, Stefanov, Li '11].\nTree-based ORAM algorithms arrange their data in a complete balanced binary tree,\nand are the first and only class of algorithms to have good (poly-log) worst-case performance.\n\nThe first oblivious RAM algorithm that attracted significant interest from practicioners was\nPath ORAM [Shi, Stefanov, Li '13]. Circuit ORAM appeared in [Wang, Chan, Shi '16].\n\nORAM can in principle be used in several ways, and many papers in ORAM consider several of the application modes:\n\n- A user can use it to interact with (untrusted) cloud storage and make use of storage without leaking access patterns.\n- It can be implemented in hardware in the \"secure processor\" setting, such that the \"ORAM controller / client\" is\n  implemented in silicon, and the main memory corresponds to the \"server\".\n- It can be implemented in software in a \"secure enclave\", such that the \"ORAM controller / client\" is the enclave,\n  and the main memory corresponds to the \"server\".\n- It can be implemented in a compiler pass that transforms arbitrary code into code that leaks nothing via its memory access patterns,\n  but runs more slowly.\n\nAs explained, in this repository we are focused on the SGX-based approach, which was first described in the ZeroTrace paper [Sasy, Gorbunuv, Fletcher '17].\n\n## What is oblivious / constant-time?\n\nA great exposition from Intel appears in [Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations](https://software.intel.com/security-software-guidance/secure-coding/guidelines-mitigating-timing-side-channels-against-cryptographic-implementations).\n\n\u003e Most traditional side channels—regardless of technique—can be mitigated by applying all three of the following general \"constant time\"[2] principles, listed here at a high level. We discuss details and examples of these principles later.\n\u003e\n\u003e - Ensure runtime is independent of secret values.\n\u003e - Ensure code access patterns[3] are independent of secret values.\n\u003e - Ensure data access patterns[4] are independent of secret values.\n\u003e\n\u003e ...\n\u003e\n\u003e [2] Use of the term “constant time” is a legacy term that is ingrained in literature and used here for consistency. In modern processors, the time to execute a given set of instructions may vary depending on many factors. The key is to ensure that none of these factors are related to the manipulation of secret data values. Modern algorithm research uses the more inclusive term \"data oblivious algorithm.\"\n\u003e [3] A program's code access pattern is the order and address of instructions that it executes.\n\u003e [4] A program's data access pattern is the order and address of memory operands that it loads and stores.\n\nThese crates provide functions and data structures that have the \"data-oblivious\" property.\n\nA function is completely constant-time / data-oblivious if for any two sets of arguments you might pass it, the code and data access patterns are:\n\n- the same, or\n- identically distributed, or\n- distributed according to distributions that are computationally indistinguishable.\n\nFor example, the implementations of the `CMov` trait in the `aligned-cmov` crate are completely constant-time, because the code and data access patterns\nare exactly the same no matter what the inputs are.\n\nThe implementation of `access` in PathORAM is completely constant-time, because the code and data access patterns are identically distributed\nregardless of what memory position is accessed.\n\nIn some more complex cases, a function may be oblivious with respect to some of its inputs, but not all of them.\nWe follow the convention that those functions are labelled with `vartime` in their name, and explain to what extent if any they are oblivious in documentation.\nSometimes such functions are completely oblivious with respect to some of the arguments but not all of them.\nExamples include `vartime_write` in the `ObliviousMap` trait.\n\nIn some cases, it is obvious that the function will not be oblivious. For example the ORAM and ObliviousMap creator functions take a capacity as an argument.\nIncreasing the capacity will require using more memory, so we are not oblivious with respect to that parameter. We nevertheless don't call the function `vartime_create`.\n\nAs another example, the `access` function in PathORAM implementation takes a closure to which the accessed data is passed.\nThis closure includes a function pointer -- if two different closures are passed, the code access patterns will be different. Additionally,\nif the code in the closure is not itself constant-time with respect to the query then we won't be constant-time. We don't bother documenting this since it should be clear to the user of the API.\n\n[chat-image]: https://img.shields.io/discord/844353360348971068?style=flat-square\n[chat-link]: https://discord.gg/mobilecoin\n[license-image]: https://img.shields.io/crates/l/aligned-cmov?style=flat-square\n[deps-image]: https://deps.rs/repo/github/mobilecoinfoundation/mc-oblivious/status.svg?style=flat-square\n[deps-link]: https://deps.rs/repo/github/mobilecoinfoundation/mc-oblivious\n[codecov-image]: https://img.shields.io/codecov/c/github/mobilecoinfoundation/mc-oblivious/master?style=flat-square\n[codecov-link]: https://codecov.io/gh/mobilecoinfoundation/mc-oblivious\n[gha-image]: https://img.shields.io/github/actions/workflow/status/mobilecoinfoundation/mc-oblivious/ci.yaml?branch=master\u0026style=flat-square\n[gha-link]: https://github.com/mobilecoinfoundation/mc-oblivious/actions/workflows/ci.yaml?query=branch%master\n[conduct-link]: CODE_OF_CONDUCT.md\n[conduct-image]: https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg?style=flat-square\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobilecoinfoundation%2Fmc-oblivious","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmobilecoinfoundation%2Fmc-oblivious","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobilecoinfoundation%2Fmc-oblivious/lists"}