Existing ORAM protocols struggle to simultaneously achieve wait-free concurrency and Byzantine fault tolerance (BFT), often relying on trusted proxies or distributed locks. This work proposes the first wait-free concurrent ORAM protocol supporting crash-fault-tolerant clients and confidential BFT storage. Methodologically, it introduces: (1) the first wait-free construction for concurrent ORAM; (2) a load-aware relaxation of obliviousness—preserving practical security under skewed access patterns; and (3) seamless integration with confidential BFT state-machine replication, yielding the first BFT-secure ORAM scheme. Evaluated in a cloud environment, the prototype achieves数百 operations per second for 4KB accesses, fully tolerating both client crashes and Byzantine storage faults—without trusted components or global synchronization.

It is well known that encryption alone is not enough to protect data privacy. Access patterns, revealed when operations are performed, can also be leveraged in inference attacks. Oblivious RAM (ORAM) hides access patterns by making client requests oblivious. However, existing protocols are still limited in supporting concurrent clients and Byzantine fault tolerance (BFT). We present MVP-ORAM, the first wait-free ORAM protocol that supports concurrent fail-prone clients. In contrast to previous works, MVP-ORAM avoids using trusted proxies, which require additional security assumptions, and concurrency control mechanisms based on inter-client communication or distributed locks, which limit overall throughput and the capability of tolerating faulty clients. Instead, MVP-ORAM enables clients to perform concurrent requests and merge conflicting updates as they happen, satisfying wait-freedom, i.e., clients make progress independently of the performance or failures of other clients. Since wait and collision freedom are fundamentally contradictory goals that cannot be achieved simultaneously in an asynchronous concurrent ORAM service, we define a weaker notion of obliviousness that depends on the application workload and number of concurrent clients, and prove MVP-ORAM is secure in practical scenarios where clients perform skewed block accesses. By being wait-free, MVP-ORAM can be seamlessly integrated into existing confidential BFT data stores, creating the first BFT ORAM construction. We implement MVP-ORAM on top of a confidential BFT data store and show our prototype can process hundreds of 4KB accesses per second in modern clouds.