A private information retrieval (PIR) scheme allows a client to retrieve a data item $x_i$ among $n$ items $x_1,x_2,\ldots,x_n$ from $k$ servers, without revealing what $i$ is even when $t < k$ servers collude and try to learn $i$. Such a PIR scheme is said to be $t$-private. A PIR scheme is $v$-verifiable if the client can verify the correctness of the retrieved $x_i$ even when $v \leq k$ servers collude and try to fool the client by sending manipulated data. Most of the previous works in the literature on PIR assumed that $v < k$, leaving the case of all-colluding servers open. We propose a generic construction that combines a linear map commitment (LMC) and an arbitrary linear PIR scheme to produce a $k$-verifiable PIR scheme, termed a committed PIR scheme. Such a scheme guarantees that even in the worst scenario, when all servers are under the control of an attacker, although the privacy is unavoidably lost, the client won't be fooled into accepting an incorrect $x_i$. We demonstrate the practicality of our proposal by implementing the committed PIR schemes based on the Lai-Malavolta LMC and three well-known PIR schemes using the GMP library and blst, the current fastest C library for elliptic curve pairings.

翻译：私有信息检索（PIR）方案允许客户端从$k$个服务器中存储的$n$个数据项$x_1,x_2,\ldots,x_n$中检索一个数据项$x_i$，即使当$t<k$个服务器合谋试图推断$i$时，该方案也能隐藏$i$的信息。此类PIR方案被称为$t$-隐私保护。如果客户端即使当$v \leq k$个服务器合谋并通过发送篡改数据试图欺骗客户端时，仍能验证检索到的$x_i$的正确性，则该PIR方案是$v$-可验证的。以往文献中大多数PIR研究假定$v<k$，而所有服务器合谋的情况尚待解决。我们提出了一种通用构造方法，通过结合线性映射承诺（LMC）与任意线性PIR方案，生成$k$-可验证的PIR方案，称为承诺型PIR方案。该方案保证在最坏情形下（即所有服务器均被攻击者控制时），尽管隐私性不可避免会丧失，但客户端不会因接受错误的$x_i$而受骗。我们基于Lai-Malavolta LMC和三种经典PIR方案，利用GMP库以及当前最快的椭圆曲线配对C语言库blst实现了承诺型PIR方案，从而证明了所提方案的实用性。