MVP-ORAM: a Wait-free Concurrent ORAM for Confidential BFT Storage
Robin Vassantlal
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Privacy Systems
Bernardo Ferreira from the University of Lisbon (presenting for Robin Vassantlal) introduces **MVP-ORAM** (Multi-Version Path ORAM), the first **wait-free Byzantine fault-tolerant Oblivious RAM**. ORAM hides data access patterns in storage systems -- even if data is encrypted, the pattern of which blocks are accessed can reveal sensitive information through inference attacks. MVP-ORAM eliminates client synchronization by allowing multiple clients to operate independently on versioned copies of the ORAM data structures, achieving higher throughput and lower latency than prior fault-tolerant ORAM schemes. The system provides **Byzantine fault tolerance** (surviving compromised servers, not just crashes), while maintaining obliviousness under skewed access distributions. Benchmarked on **BFT-SMaRt**, the system achieves stable throughput up to 10 concurrent clients with latency below **140 milliseconds** for 50 clients, outperforming the crash-fault-tolerant **ConcurORAM** in both throughput and latency despite providing strictly stronger security guarantees.
AI review
A systems paper achieving the first wait-free Byzantine fault-tolerant ORAM. Technically sound with clean formalization of the security-concurrency trade-off, but this is distributed systems research, not security research. No attacks, no vulnerabilities, no exploitation. The ORAM access-pattern hiding is a well-studied primitive; the contribution is making it work with BFT replication and concurrent clients.