### Private Information Retrieval for Ethereum wallets and Portfolio/DeFi frontends Wallets and DeFi frontends read lots of on-chain data, and we want the privacy of those reads to be preserved with cryptographic guarantees using eg [Private Information Retrieval](https://en.wikipedia.org/wiki/Private_information_retrieval) ### Goals Add privacy to wallet queries such as: - Fetch all [cross-chain aggregated] balances of address `0x..` - Fetch all historical transactions of address `0x..` on chain `y` - Fetch all active Aave loans of address `0x..` ### Simplifying assumptions - Small db: ETH/ERC20/NFT balances, including cTokens which reflect DeFi positions - Omit MPT roots, users trust the integrity of the response, until the [UBT upgrade](https://eips.ethereum.org/EIPS/eip-7864): - <details>Although, we can (and are) experiment with UBT _today_ as many Ethereum clients have implemented [EIP7864](https://eips.ethereum.org/EIPS/eip-7864) .. there may be a stop-gap solution where a server proves the mpt<>ubt syncronization with each block and attach that prove to queries from helios for example, but that's a different rabbit hole.</details> ### Schemes and implementations: :arrow_forward: **[See also](https://hackmd.io/@keewoolee/Skvu0BDRle)** <br> [![performance](https://hackmd.io/_uploads/rkmNSAnpgx.png =65%x)](https://github.com/ahenzinger/simplepir) <br> **Recent/Active/Notable Implementations**: - [Plinko](https://eprint.iacr.org/2024/318) "Will need a [~70mb hint on the client side with most active wallets](https://gist.github.com/igor53627/a3e3b258af454309dd6a4941b60cce5b)" -Igor - [RAID-PIR](https://thomaschneider.de/papers/DHS14.pdf) - with [onion routing](https://drive.google.com/file/d/13KtaFWpNbjvv4eJIp6PqXHjpPL3xianL/view) - with [GPU acceleration](https://github.com/encryptogroup/cip-pir?tab=readme-ov-file), [paper](https://encrypto.de/papers/GHPS22.pdf) - [Rust alt impl](https://github.com/KoffeinFlummi/raidpir?tab=readme-ov-file) - Hintless [PIR by Google](https://github.com/google/hintless_pir) - [SimplePIR](https://github.com/ahenzinger/simplepir?tab=readme-ov-file) - Microsoft [SealPIR](https://github.com/microsoft/sealpir/) - [Hybrid](https://github.com/KoffeinFlummi/hybridpir?tab=readme-ov-file) with GPU-acc RAID-PIR - [DP PIR](https://github.com/multiparty/DP-PIR?tab=readme-ov-file), [paper](https://www.usenix.org/system/files/sec22-albab.pdf) - [FrodoPIR](https://github.com/itzmeanjan/frodoPIR) - LWE only, no FHE - "client and server prepare an offline internal state to be used for making online queries" [[1]](https://eprint.iacr.org/2022/981.pdf) - _"Each time we added a new breach to the server we’d need clients to update which wasn’t going to work well"_ -feedback from Brave, they tried using it for alterting users of breached passwords - **[Batched PIR](https://github.com/mhmughees/vectorized_batchpir?tab=readme-ov-file) [[1]](https://eprint.iacr.org/2022/1262)** :eyes: - <details><br>"Existing BatchPIR schemes have achieved decent computation efficiency but have not been able to improve communication efficiency at all. <br><br>Using vectorized homomorphic encryption, we present the first BatchPIR protocol that is efficient in both computation and communication"</details> - **[QuarterPIR](https://github.com/wuwuz/QuarterPIR)** :eyes: ### Notes and open questions - The [Piano](https://www.cs.cmu.edu/~csd-phd-blog/2024/piano-private-information-retrieval/) breakthrough: preprocessing to get around the $\Omega(N$) computation - **How heavy would pre-processing be in wallet/browser?** - Pinged Brave Browser to see if they're still actively [exploring PIR](https://github.com/brave-experiments/frodo-pir) - Families: `Single server` / `Multi-server` / `Hybrid` - Multi-server is information-theoretic and non-viable performance-wise? - Paradigms?: `off-line`/`stateful` (~server-heavy) vs `online`/`stateless` (~client-heavy) - [SeAL](https://github.com/Microsoft/SEAL) is most common dependency - Levers and tradeoffs, which is best for [our usecase](https://hackmd.io/zNvSA68nQ72JgNUZ2XlP_g?both#Goals): - Single vs ~~multi-server~~ - FHE or not: what's the catch with FHE-less schemes? - Pre-processing: how bad? - Batching - [Keewoo's slides](https://drive.google.com/file/d/1twAoiKaVuRNbiBUhs_tq-3IB6Jx8UCAf/view)