On the privacy of a code-based single-server computational PIR scheme
This exposes a critical flaw in a privacy-preserving protocol for secure data retrieval, highlighting incremental security concerns rather than a broad breakthrough.
The authors demonstrated that a 2020 single-server computational PIR scheme is not private, as the server can recover the desired file index in polynomial time with high probability, based on a dimension loss attack when specific rows are removed.
We show that the single-server computational PIR protocol proposed by Holzbaur, Hollanti and Wachter-Zeh in 2020 is not private, in the sense that the server can recover in polynomial time the index of the desired file with very high probability. The attack relies on the following observation. Removing rows of the query matrix corresponding to the desired file yields a large decrease of the dimension over $\mathbb{F}_q$ of the vector space spanned by the rows of this punctured matrix. Such a dimension loss only shows up with negligible probability when rows unrelated to the requested file are deleted.