Private Information
Retrieval

Every time you search a library catalog, the server learns what you looked for. Your reading interests โ€” medical diagnoses, political views, personal struggles โ€” are logged and potentially exposed.

Private Information Retrieval solves this. You retrieve exactly what you want from a database โ€” and the server learns nothing about which item you chose.

This demo implements the 1995 Chor et al. two-server IT-PIR protocol. The privacy guarantee is information-theoretic โ€” not computational. No assumptions about server computing power are required. It is provably private.

Client has target i
Query S (random mask)
Query Sโ€ฒ = S โŠ• {i} (one bit flipped)
Server 1 computes rโ‚
Server 2 computes rโ‚‚
Response rโ‚
Response rโ‚‚
rโ‚ โŠ• rโ‚‚ = book[i] information-theoretically private

Library Catalog

Select a book to query privately.

No book selected. Click a card to begin.

Protocol Visualizer

Select a book above and click Query Privately to watch the IT-PIR protocol execute step by step.

Step 1 of 4

Client generates query pair

Server 1 receives
mask S =
Server 2 receives
mask Sโ€ฒ =
Bit is the only differing bit (highlighted with ring).
These look like random noise to each server. Neither server can determine which bit differs โ€” or which book you want.
Step 2 of 4

Server 1 XOR computation

XOR chain (bits set in S):
rโ‚ (first 8 bytes):
Step 3 of 4

Server 2 XOR computation

XOR chain (bits set in Sโ€ฒ):
rโ‚‚ (first 8 bytes):
Step 4 of 4

Client reconstructs the book

rโ‚
rโ‚‚
result
Retrieved title:
Privacy Analysis

What each server knew

Server 1 saw:
A random subset of slots โ€” no pattern reveals your query.
Server 2 saw:
A different random subset โ€” equally uninformative.

Neither server saw your query. Both received cryptographically random-looking masks. The book you retrieved โ€” โ€” remains private.

Naive vs. Private Query

Naive OPAC query
GET /catalog/search?q=[select a book above]

The server receives your exact search term and logs it. Your reading interests are permanently recorded.

In a naive catalog query, the server logs your search term. With PIR, the server only sees a cryptographic mask โ€” indistinguishable from random noise.