Inferensys

Glossary

Oblivious RAM (ORAM)

A cryptographic technique that hides a program's memory access pattern—which locations are read or written—from an observer, preventing data leakage through memory access side-channels.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
MEMORY ACCESS PATTERN HIDING

What is Oblivious RAM (ORAM)?

A cryptographic primitive that conceals a program's memory access patterns from an untrusted server or observer, preventing data leakage through the observation of which physical memory locations are read or written.

Oblivious RAM (ORAM) is a cryptographic technique that hides a program's memory access pattern—the sequence of read and write operations to physical storage—from an observer, such as an untrusted cloud server or a compromised operating system. By continuously reshuffling and re-encrypting data blocks, ORAM ensures that two identical logical access sequences produce indistinguishable physical access patterns, making it impossible for an adversary to infer sensitive information like search queries or branching logic from memory side-channels.

Modern ORAM constructions, such as Path ORAM and Circuit ORAM, achieve this by organizing memory as a tree of encrypted buckets and reading an entire path on every access, then evicting and relocating the target block to a new random path. This imposes a polylogarithmic overhead on memory operations, making ORAM a critical building block for secure processors, private information retrieval, and multi-party computation systems where protecting access patterns is as vital as encrypting the data itself.

ARCHITECTURAL PRIMITIVES

Key Features of ORAM

Oblivious RAM transforms a program's memory access pattern into a sequence that is computationally indistinguishable from random, neutralizing a critical side-channel exploited by cache-timing and bus-snooping attacks.

01

Access Pattern Hiding

The foundational guarantee of ORAM is that an adversary observing physical memory addresses learns nothing about the program's true computation. Whether the program is reading a secret key or a public constant, the sequence of physical accesses is statistically or computationally indistinguishable from a random permutation. This prevents leakage through cache-timing attacks, cold-boot attacks, and bus snooping.

02

Recursive ORAM Construction

A critical optimization that eliminates the need for a large client-side position map. The position map itself is stored in a smaller ORAM, which is stored in an even smaller ORAM, recursively until the final map fits in O(1) client storage. This technique, pioneered by Shi et al., reduces client-side memory from O(N) to O(1) blocks while maintaining poly-logarithmic overhead.

03

Path ORAM

The simplest and most practical ORAM scheme to date. On each access, the client reads and rewrites an entire path from the root to a leaf in a binary tree stored on the server. The requested block is remapped to a new random leaf after each access. Path ORAM achieves O(log N) bandwidth overhead with small, constant client storage, making it the basis for most modern hardware and software implementations.

04

Tree-Based Framework

The dominant paradigm for constructing efficient ORAMs. Data blocks are stored in a binary tree on the server, with each block assigned to a random leaf path. A stash on the client temporarily holds overflowing blocks. Invariants ensure that a block is always found either on its assigned path or in the stash. This framework underpins Path ORAM, Circuit ORAM, and many variants.

05

Secure Processor Integration

ORAM is a critical primitive in trusted execution environments (TEEs) like Intel SGX and AMD SEV. While TEEs encrypt memory contents, they do not hide access patterns by default. Integrating a hardware-accelerated ORAM controller prevents an untrusted operating system or a physical bus snooper from inferring sensitive computations—such as cryptographic key schedules—from memory traces.

06

Bandwidth Overhead Trade-off

The central cost metric for any ORAM scheme. Trivial ORAM (scanning the entire memory on every access) achieves perfect security with O(N) overhead. Path ORAM reduces this to O(log² N) or O(log N) with larger blocks. Square-root ORAM offers a different trade-off with O(√N) overhead but simpler logic. The choice depends on the memory size and the acceptable latency budget.

ORAM FUNDAMENTALS

Frequently Asked Questions

Clear, technical answers to the most common questions about Oblivious RAM, its mechanisms, and its role in privacy-preserving computation.

Oblivious RAM (ORAM) is a cryptographic technique that completely hides a program's memory access pattern—which physical or logical addresses are read or written—from an observer who can see the memory bus. It works by continuously re-encrypting and physically shuffling data blocks on the storage medium after every access, ensuring that the sequence of observed memory locations is statistically independent of the actual computation. The seminal construction by Goldreich and Ostrovsky introduced a hierarchical architecture where data is stored in levels of increasing size, and a position map tracks the current location of each block. During a read or write, the client scans a small set of blocks, retrieves the target, and then re-inserts it at a new random location, making two consecutive accesses to the same logical address appear as accesses to completely unrelated physical addresses. Modern tree-based ORAM schemes, like Path ORAM, organize storage as a binary tree of buckets, reading and rewriting an entire path from the root to a leaf to hide which specific block was accessed.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.