Search papers, labs, and topics across Lattice.
This paper introduces Onyx, a novel approximate nearest neighbor search (ANNS) system designed for cost-efficient, disk-oblivious operation in trusted execution environments (TEEs) using external SSDs. Onyx achieves this by inverting the design paradigm of prior work, minimizing bandwidth consumption in the ANN layer and access count in the ORAM layer through two co-designed components: Onyx-ANNS, which uses a compact intermediate representation for bandwidth-efficient pruning, and Onyx-ORAM, a locality-aware shallow tree ORAM. Experiments demonstrate that Onyx achieves 1.7-9.9x lower cost and 2.3-12.3x lower latency compared to state-of-the-art oblivious ANN search systems.
Leaking user queries through disk access patterns in sensitive ANN search? Onyx flips the script on prior work to achieve up to 9.9x cost reduction and 12.3x latency improvement.
Approximate nearest neighbor (ANN) search in AI systems increasingly handles sensitive data on third-party infrastructure. Trusted execution environments (TEEs) offer protection, but cost-efficient deployments must rely on external SSDs, which leaks user queries through disk access patterns to the host. Oblivious RAM (ORAM) can hide these access patterns but at a high cost; when paired with existing disk-based ANN search techniques, it makes poor use of SSD resources, yielding high latency and poor cost-efficiency. The core challenge for efficient oblivious ANN search over SSDs is balancing both bandwidth and access count. The state-of-the-art ORAM-ANN design minimizes access count at the ANN level and bandwidth at the ORAM level, each trading-off the other, leaving the combined system with both resources overutilized. We propose inverting this design, minimizing bandwidth consumption in the ANN layer and access count in the ORAM layer, since each component is better suited for its new role: ANN's inherent approximation allows for more bandwidth efficiency, while ORAM has no fundamental lower bounds on access count (as opposed to bandwidth). To this end, we propose a cost-efficient approach, Onyx, with two new co-designed components: Onyx-ANNS introduces a compact intermediate representation that proactively prunes the majority of bandwidth-intensive accesses without hurting recall, and Onyx-ORAM proposes a locality-aware shallow tree design that reduces access count while remaining compatible with bandwidth-efficient ORAM techniques. Compared to the state-of-the-art oblivious ANN search system, Onyx achieves $1.7-9.9\times$ lower cost and $2.3-12.3\times$ lower latency.
