DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries

Sensitive information is present on our phones, disks, watches and computers. Its protection is essential. Plausible deniability of stored data allows individuals to deny that their device contains a piece of sensitive information. This constitutes a key tool in the fight against oppressive governments and censorship. Unfortunately, existing solutions, such as the now defunct TrueCrypt, can defend only against an adversary that can access a users device at most once (single-snapshot adversary). Recent solutions have traded significant performance overheads for the ability to handle more powerful adversaries, that are able to access the device at multiple points in time (multi-snapshot adversary). In this paper we show that this sacrifice is not necessary. We introduce and build DataLair, a practical plausible deniability mechanism. When compared with existing approaches, DataLair is two orders of magnitude faster for public data accesses, and 5 times faster for hidden data accesses. An important component in DataLair is a new write-only ORAM construction which improves on the complexity of the state of the art write-only ORAM by a factor of O(logN ), where N denotes the underlying storage disk size.

💡 Research Summary

DataLair is a storage system that provides plausible deniability (PD) against multi‑snapshot adversaries while achieving high performance. The authors observe that existing PD solutions such as TrueCrypt protect only against a single‑snapshot attacker because they fail to hide changes in free space between snapshots. To defeat a multi‑snapshot adversary, DataLair separates public and hidden volumes and treats them differently. Public data is stored in a regular encrypted volume whose key can be voluntarily disclosed; therefore, its access patterns need not be hidden. Hidden data, on the other hand, must be indistinguishable from public activity. The core technical contribution is a new write‑only ORAM that improves the asymptotic complexity from O(log²N) to O(logN) by using a tree‑based layout with batch reshuffling. This ORAM is used only for hidden writes, and each hidden write is paired with exactly one public write (φ = 1), ensuring that the write trace of a public operation with a hidden operation is computationally indistinguishable from a pure public operation. The authors formalize PD as a chosen‑pattern security game (PD‑CPA) and identify two necessary and sufficient conditions: hidden‑write access pattern indistinguishability (HWA) and public‑vs‑hidden write‑trace indistinguishability (PAT). DataLair satisfies both, guaranteeing that an adversary cannot win the PD‑CPA game with non‑negligible advantage. An implementation as a Linux kernel module demonstrates that public‑data accesses are up to two orders of magnitude faster than prior PD systems, while hidden‑data accesses are about five times faster. Memory overhead remains modest, and the design relies on a small volatile buffer to ensure atomic transactions that the adversary cannot observe. Experiments on SSD and HDD platforms confirm the claimed performance gains and show that the system scales to realistic storage sizes. In summary, DataLair achieves strong plausible deniability against powerful multi‑snapshot attackers without the prohibitive performance penalties of earlier ORAM‑based approaches, making it a practical solution for users under coercive regimes.