File sharing systems like Dropbox offer insufficient privacy since a compromised server can see the file content in the clear. Though encryption can hide such content from the servers, metadata leakage remains significant. It is promising to develop a file sharing system that hides such metadata—including user identities and file access patterns.

Metal is the first file sharing system that hides such metadata from malicious users and that has a latency of only a few seconds. The core of Metal is a new two-server multi-user oblivious RAM (ORAM) scheme, which is secure against malicious users, together with metadata-hiding access control and capability sharing.