A Language for Probabilistically Oblivious Computation

TL;DR

Lambda Obliv introduces a type system for probabilistic oblivious computation, enabling secure cryptographic algorithms without information leaks through timing or memory access patterns.

Contribution

It is the first to enforce obliviousness in probabilistic programs using a substructural type system with probability regions, addressing previous limitations.

Findings

Type system enforces obliviousness in probabilistic programs

Supports advanced tree-based oblivious RAMs

Identifies and corrects unsoundness in prior type systems

Abstract

An oblivious computation is one that is free of direct and indirect information leaks, e.g., due to observable differences in timing and memory access patterns. This paper presents Lambda Obliv, a core language whose type system enforces obliviousness. Prior work on type-enforced oblivious computation has focused on deterministic programs. Lambda Obliv is new in its consideration of programs that implement probabilistic algorithms, such as those involved in cryptography. Lambda Obliv employs a substructural type system and a novel notion of probability region to ensure that information is not leaked via the observed distribution of visible events. Probability regions support reasoning about probabilistic correlation and independence between values, and our use of probability regions is motivated by a source of unsoundness that we discovered in the type system of ObliVM, a language for implementing state of the art oblivious algorithms. We prove that Lambda Obliv's type system enforces obliviousness and show that it is expressive enough to typecheck advanced tree-based oblivious RAMs.