Existing Oblivious Maps (OMAPs) for Trusted Execution Environments (TEEs) eliminate access-pattern leakage but incur prohibitive bandwidth overhead due to random remapping and worst-case padding. Method: We propose the first OMAP system leveraging the physical isolation of High-Bandwidth Memory (HBM), using HBM as an oblivious cache and adopting a self-hosted architecture to eliminate CPU-side leakage. Our design integrates algorithmic and architectural optimizations, achieving bandwidth complexity of O(1) + O((log log N)²). Contribution/Results: Implemented on a Xilinx U55C FPGA, our prototype reduces initialization and query latency by 279× and 480×, respectively, over state-of-the-art OMAPs. It is the first OMAP to enable secure, low-overhead, near-real-time oblivious access over large-scale host memory.

While Trusted Execution Environments provide a strong foundation for secure cloud computing, they remain vulnerable to access pattern leakages. Oblivious Maps (OMAPs) mitigate this by fully hiding access patterns but suffer from high overhead due to randomized remapping and worst-case padding. We argue these costs are not fundamental. Modern accelerators featuring High-Bandwidth Memory (HBM) offer a new opportunity: Vaswani et al. [OSDI'18] point out that eavesdropping on HBM is difficult -- even for physical attackers -- as its memory channels are sealed together with processor cores inside the same physical package. Later, Hunt et al. [NSDI'20] show that, with proper isolation, HBM can be turned into an unobservable region where both data and memory traces are hidden. This motivates a rethink of OMAP design with HBM-backed solutions to finally overcome their traditional performance limits. Building on these insights, we present BOLT, a Bandwidth Optimized, Lightning-fast OMAP accelerator that, for the first time, achieves O(1) + O((log log N)^2) bandwidth overhead. BOLT introduces three key innovations: (i) a new OMAP algorithm that leverages isolated HBM as an unobservable cache to accelerate oblivious access to large host memory; (ii) a self-hosted architecture that offloads execution and memory control from the host to mitigate CPU-side leakage; and (iii) tailored algorithm-architecture co-designs that maximize resource efficiency. We implement a prototype BOLT on a Xilinx U55C FPGA. Evaluations show that BOLT achieves up to 279x and 480x speedups in initialization and query time, respectively, over state-of-the-art OMAPs, including an industry implementation from Facebook.