Private Information
Retrieval

Every time you search a library catalog, the server learns what you looked for. Your reading interests — medical diagnoses, political views, personal struggles — are logged and potentially exposed.

Private Information Retrieval solves this. You retrieve exactly what you want from a database — and the server learns nothing about which item you chose.

This demo implements the 1995 Chor et al. two-server IT-PIR protocol. The privacy guarantee is information-theoretic — not computational. No assumptions about server computing power are required. It is provably private.

Client has target i
Query S (random mask)
Query S′ = S ⊕ {i} (one bit flipped)
Server 1 computes r₁
Server 2 computes r₂
Response r₁
Response r₂
r₁ ⊕ r₂ = book[i] information-theoretically private

Library Catalog

Select a book to query privately.

No book selected. Click a card to begin.

Protocol Visualizer

Select a book above and click Query Privately to watch the IT-PIR protocol execute step by step.

Step 1 of 4

Client generates query pair

Server 1 receives
mask S =
Server 2 receives
mask S′ =
Bit is the only differing bit (highlighted with ring).
These look like random noise to each server. Neither server can determine which bit differs — or which book you want.
Step 2 of 4

Server 1 XOR computation

XOR chain (bits set in S):
r₁ (first 8 bytes):
Step 3 of 4

Server 2 XOR computation

XOR chain (bits set in S′):
r₂ (first 8 bytes):
Step 4 of 4

Client reconstructs the book

r₁
r₂
result
Retrieved title:
Privacy Analysis

What each server knew

Server 1 saw:
A random subset of slots — no pattern reveals your query.
Server 2 saw:
A different random subset — equally uninformative.

Neither server saw your query. Both received cryptographically random-looking masks. The book you retrieved — — remains private.

Naive vs. Private Query

Naive OPAC query
GET /catalog/search?q=[select a book above]

The server receives your exact search term and logs it. Your reading interests are permanently recorded.

In a naive catalog query, the server logs your search term. With PIR, the server only sees a cryptographic mask — indistinguishable from random noise.