**
Software Protection and Simulation on Oblivious RAMs.
**

*
Rafail Ostrovsky
*

**
Abstract:
**
Software protection is one of the most important issues concerning
computer practice. There exist many heuristics and ad-hoc methods for
protection, but the problem as a whole has not received the
theoretical treatment it deserves. In this paper we provide
theoretical treatment of software protection. We reduce the problem
of software protection to the problem of efficient simulation on *
oblivious* RAM.

A machine is * oblivious* if the sequence in which it accesses
memory locations is equivalent for any two inputs with the same
running time. For example, an oblivious Turing Machine is one for
which the movement of the heads on the tapes is identical for each
computation. (Thus, it is independent of the actual input.) *
What is the slowdown in the running time of any machine, if it is
required to be oblivious?* In 1979 Pippenger and Fischer showed how
a two-tape * oblivious* Turing Machine can simulate, on-line, a
one-tape Turing Machine, with a logarithmic slowdown in the running
time. We show an analogue result for the random-access machine (RAM)
model of computation. In particular, we show how to do an on-line
simulation of an arbitrary RAM input by a probabilistic *
oblivious* RAM
with a poly-logarithmic slowdown in the running time.
On the other hand,
we show that a logarithmic slowdown is a lower bound.
Our proof yields a technique of efficiently hiding (through
randomization) the access pattern into any composite data-structure
which has many practical applications.

**comment:**
M.I.T. Ph.D. Thesis, 1992. Preliminary version appeared as a single-author
paper in
Proceedings of 22^{nd} annual ACM Symposium on Theory of
Computing (STOC-90) pp. 514-523.

Fetch PostScript file of the
Ostrovsky Ph.D. thesis
or fetch PDF file of the
Ostrovsky Ph.D. thesis

Journal version (which combines my thesis with Oded Goldreich previous
historical paper on the same subject) appeared in JACM
Vol. 43, No. 3, May 1996, pp.431-473.
You can also get this version, with a somewhat different, shorter
proof of bucket re-shufflng method of section 5.5:
[postscript],
[pdf].

Back to Publications List |