Inferensys

Glossary

Private Information Retrieval (PIR)

A cryptographic protocol that allows a client to retrieve an item from a database held by a server without the server learning which item was accessed.
Developer working on RAG retrieval system, document chunks visible on screen, technical workspace with code editor.
CRYPTOGRAPHIC PRIVACY PRIMITIVE

What is Private Information Retrieval (PIR)?

A cryptographic protocol enabling a client to query a database without revealing the accessed record to the server.

Private Information Retrieval (PIR) is a cryptographic protocol that allows a client to retrieve a specific record from a database held by a server without the server learning which record was accessed. Unlike Oblivious Transfer (OT), PIR typically focuses on hiding the client's query index, not necessarily on limiting the client to a single record.

PIR protocols achieve this by having the client encode its query in a way that is computationally indistinguishable from a random query. The server processes this encoded query over the entire database, returning a result from which the client can extract the desired record. This guarantees information-theoretic or computational privacy for the client's access pattern.

CORE PROTOCOL PROPERTIES

Key Characteristics of PIR

Private Information Retrieval (PIR) is defined by a set of cryptographic properties that distinguish it from trivial database access. These characteristics define the security model, performance trade-offs, and deployment viability.

01

Information-Theoretic vs. Computational Privacy

PIR protocols are categorized by their underlying security assumptions. Information-theoretic PIR guarantees the server learns absolutely nothing about the query, even with infinite computing power, but requires multiple non-colluding server replicas. Computational PIR relies on hard mathematical problems (e.g., quadratic residuosity, lattice-based cryptography) to secure a query against a single server. If the underlying cryptographic assumption holds, the server cannot distinguish which record was accessed.

  • Multi-server IT-PIR: Requires 2+ servers; zero failure probability.
  • Single-server CPIR: More practical infrastructure; security reduces to a hardness assumption.
≥ 2
Servers for IT-PIR
1
Server for CPIR
02

Sublinear Communication Complexity

A defining requirement of PIR is that the total communication between client and server must be strictly less than the size of the database (n). A trivial protocol where the server sends the entire database achieves perfect privacy but has O(n) communication. PIR protocols achieve sublinear communication, typically O(n^c) for some c < 1, or polylogarithmic in n.

  • Naive download: O(n) communication, trivial privacy.
  • PIR: O(log n) or O(n^c) communication, cryptographic privacy.
  • This is the core efficiency metric that distinguishes PIR from a simple bulk transfer.
O(log n)
Ideal Communication
< O(n)
Hard Requirement
03

Query Privacy Guarantee

The fundamental security property of PIR is that the server's view of the protocol is computationally or statistically independent of the query index i. For any two indices i and j, the distribution of query messages sent by the client must be indistinguishable. This ensures the server cannot infer which record was retrieved, even by observing network traffic, query structure, or access timing.

  • Indistinguishability: Query(i) ≈ Query(j) for all i, j.
  • No trusted hardware required: Privacy is purely cryptographic.
  • Protects access patterns: The server learns that some query occurred, but not which record.
04

Throughput via Batching and Amortization

Single-query PIR is computationally expensive. Modern deployments achieve practical throughput by amortizing the server's cost across batches of queries. Techniques like the XPIR protocol and SealPIR use homomorphic encryption to pack multiple queries into a single ciphertext, reducing the per-query cost by orders of magnitude.

  • Single query: High latency, low throughput.
  • Batch PIR: Amortized server work; throughput can reach gigabytes per second.
  • Key technique: Query compression using fully homomorphic encryption (FHE) SIMD packing.
10 GB/s+
Batch Throughput
100x
Amortization Factor
05

Database Representation: Bit vs. Block

PIR protocols operate on different logical views of the database, which impacts efficiency. Bit PIR treats the database as an array of individual bits, retrieving one bit per query. Block PIR retrieves a contiguous block of bits (e.g., a 256-byte record) in a single query. Block retrieval is significantly more efficient for real-world records.

  • Bit PIR: Simple model; high overhead for multi-bit records.
  • Block PIR: Retrieves a full record; amortizes cryptographic cost.
  • Keyword PIR: An extension where the query is a keyword, not an index.
06

Byzantine-Robust PIR

Standard PIR assumes honest-but-curious servers that follow the protocol correctly. Byzantine-robust PIR extends the security model to servers that may actively deviate from the protocol—returning malformed or incorrect responses. This is critical for decentralized storage networks where servers cannot be trusted.

  • Honest-but-curious: Server follows protocol, tries to learn query.
  • Byzantine: Server may lie, send corrupt data, or collude.
  • Defense: Verifiable computation or redundant queries across independent servers.
PRIVATE INFORMATION RETRIEVAL

Frequently Asked Questions

Clear, technically precise answers to the most common questions about how Private Information Retrieval protocols work, their computational trade-offs, and their role in privacy-preserving systems.

Private Information Retrieval (PIR) is a cryptographic protocol that allows a client to retrieve a specific record from a database held by one or more servers without revealing to any server which record was accessed. The fundamental guarantee is that the server learns nothing about the client's query index, providing access pattern privacy. PIR works by having the client encode its query as a cryptographic object that hides the target index. In the simplest single-server computational PIR scheme, the client encrypts a selection vector—a bitstring of length equal to the database size with a 1 at the desired index and 0 elsewhere—using a homomorphic encryption scheme. The server performs a linear operation over the entire encrypted database, computing the dot product of the encrypted selection vector with all records. The result is an encrypted version of the requested record, which only the client can decrypt. The server processes every record, ensuring it cannot distinguish the target from any other, but this imposes a linear computational cost on the database size.

CRYPTOGRAPHIC PRIMITIVE COMPARISON

PIR vs. Related Privacy-Preserving Techniques

A technical comparison of Private Information Retrieval against other fundamental privacy-preserving protocols used in secure computation.

FeaturePrivate Information Retrieval (PIR)Oblivious Transfer (OT)Private Set Intersection (PSI)Secure Aggregation

Primary Objective

Hide access pattern from database server

Hide selection from sender

Compute set overlap without revealing non-members

Sum client updates without inspecting individuals

Data Output to Client

Single database record

One of n messages

Intersection of two sets

Aggregated sum or average

Server Learns Client's Selection

Client Learns Server's Full Dataset

Typical Communication Complexity

Sublinear in database size

O(1) per transfer

Linear in set size

O(n) where n is number of clients

Computational Overhead

High (homomorphic or multi-server)

Moderate (public-key per transfer)

Moderate to high

Low (additive secret sharing)

Common Implementation Approach

Lattice-based homomorphic encryption

Diffie-Hellman-based OT extension

Cuckoo hashing + OT

Shamir secret sharing with dropouts

Primary Use Case in ML

Private model weight lookup

Garbled circuit input selection

Private feature overlap discovery

Federated learning gradient aggregation

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.