Path ORAM is an extremely simple Oblivious RAM (ORAM) protocol designed to hide a client's access pattern to remote storage. The protocol is notable for its simplicity and practical efficiency, making it one of the most practical ORAM schemes available. Path ORAM achieves an asymptotic bandwidth cost of \(O(\log N)\) blocks for blocks of size \(B = \Omega(\log^2 N)\) bits, outperforming other ORAM schemes with small client storage in terms of both asymptotics and practicality. The protocol involves maintaining a tree structure where each node is a bucket that can hold up to a fixed number of blocks. Each block is mapped to a uniformly random leaf bucket, and unstashed blocks are placed in buckets along the path to the mapped leaf. When reading or writing a block, the entire path to the mapped leaf is read into a stash, the block is remapped, and the path is written back to the server. The client stores a position map and a stash, with the stash having a worst-case size of \(O(\log N) \cdot \omega(1)\) blocks. The protocol is proven to be statistically secure and has been adopted in the design of secure processors.Path ORAM is an extremely simple Oblivious RAM (ORAM) protocol designed to hide a client's access pattern to remote storage. The protocol is notable for its simplicity and practical efficiency, making it one of the most practical ORAM schemes available. Path ORAM achieves an asymptotic bandwidth cost of \(O(\log N)\) blocks for blocks of size \(B = \Omega(\log^2 N)\) bits, outperforming other ORAM schemes with small client storage in terms of both asymptotics and practicality. The protocol involves maintaining a tree structure where each node is a bucket that can hold up to a fixed number of blocks. Each block is mapped to a uniformly random leaf bucket, and unstashed blocks are placed in buckets along the path to the mapped leaf. When reading or writing a block, the entire path to the mapped leaf is read into a stash, the block is remapped, and the path is written back to the server. The client stores a position map and a stash, with the stash having a worst-case size of \(O(\log N) \cdot \omega(1)\) blocks. The protocol is proven to be statistically secure and has been adopted in the design of secure processors.