Practical server privacy with secure coprocessors

Abstract
What does it take to implement a server that provides access to records in a large database, in a way that ensures that this access is completely private--even to the operator of this server? In this paper, we examine the question: Using current commercially available technology, is it practical to build such a server, for real databases of realistic size, that offers reasonable performance--scaling well, parallelizing well, working with the current client infrastructure, and enabling server operators of otherwise unknown credibility to prove their service has these privacy properties? We consider this problem in the light of commercially available secure coprocessors--whose internal memory is still much, much smaller than the typical database size--and construct an algorithm that both provides asymptotically optimal performance and also promises reasonable performance in real implementations. Preliminary prototypes support this analysis, but leave many areas for further work.