Sharded PIR Design
for the Ethereum State

Ali Atiia
Private Reads
Ethereum Foundation
Stateless Summit · EthCC 2026
QR: privreads.ethereum.foundation
privreads.ethereum.foundation

The Need to Protect the Privacy of Reads

The edge relies on the infrastructure to read state data: balances, transaction status, historical holdings, DeFi yields, AMM exchange rates, …

Simply reading part of the state reveals users' holdings and intentions, and undermines privacy protections like shielding.

Ethereum P2P Network Indexers RPC Providers Node-as-a-Service Explorers Wallets Frontends dApps Light Clients P2P Network Infrastructure The Edge
Sharded PIR Design 1

What Do Users Actually Read?

Contexts of data consumption across wallet, frontend, and archival use cases

Answer: a bit of everything

Sharded PIR Design 2

Paradigms for Private Reads

Single-Server PIR
Cryptographic guarantee. One server, no coordination.

Our current focus is single-server PIR

  • No overhead of coordinating non-colluding parties
  • No assumptions on the availability or security of hardware
Multi-Server PIR
Non-colluding servers split the trust assumption.
TEE + ORAM
Trusted hardware executes queries inside enclaves; ORAM hides access patterns to memory.
...
Sharded PIR Design 3

PIR: Private Information Retrieval

The server answers queries while being completely oblivious to what is being accessed or what the query is about

Various cryptographic tools to achieve this hiding; example from FHE-based schemes:

  • Client encrypts the query under a lattice-based scheme (e.g. RLWE)
  • Server computes homomorphically over the entire database — operating on ciphertexts without ever decrypting them
  • Server returns an encrypted result that only the client can open
Client wants record #42 query answer Server #1 ? #2 ? #3 ? . . . #42 ? . . . #N ? processes all rows knows none is the target Which record was accessed? Cannot tell. Got it record #42 ✓ touches every row
Sharded PIR Design 4

What Shapes PIR Performance?

The most consequential factors: database size and (for some schemes) update frequency

Meanwhile, looking at Ethereum data:

Frequently accessed & latency-sensitive
What are my balances?
Checked on every wallet open, every page load
Has my transaction been included?
Polled repeatedly after submission — incoming and outgoing
Less frequently accessed & less latency-sensitive
Transaction history
Behind multiple clicks in wallets, or pagination on a frontend
Independent verification of balances
Verification of internal (non-value) nodes can run in the background by a light client
Sharded PIR Design 5

A Slicing of the Ethereum State

The most consequential factors: database size and (for some schemes) update frequency

Slices of the Ethereum State Size ↓ Update frequency ↑ Express 1–10 GB Small 10–20 GB Medium 80–100 GB Large 100–300 GB Huge 2–30 TB ETH & ERC balances, recent events account headers, bytecode account headers + internal trie nodes full storage incl. internal nodes full snapshot at every historical block Update frequency ↓ Size ↑
Sharded PIR Design 6

Pairing Schemes with Slices

RMS24
VIA Compress
Harmony-FF1
?
Express 1–10 GB Small 10–20 GB Medium 80–100 GB Large 100–300 GB Huge 2–30 TB

Example: use a server- and client-stateless scheme for "Express" because:
(a) it's consumed frequently in frontends (can't have client-side storage assumption)
(b) latency sensitive
(c) small in size so the performance should be ok despite query cost being linear in db size

QR: PIR benchmarks
PIR benchmarks
Sharded PIR Design 7

Genuine + Decoy = Full Privacy

Client wants data from Shard 3 Shard 1 — Express ~1-10 GB · per-block decoy Shard 2 — Small ~10-20 GB · immutable decoy Shard 3 — Medium ~80-100 GB · mutable REAL Shard 4 — Large ~100-300 GB · high churn decoy Server's View Receive 4 independent queries, processed parallely. Cannot distinguish real from decoy.

Each slice (shard) is paired with the optimal scheme (engine) … but all schemes must be queried in parallel with decoy queries in addition to the real query, to preserve privacy

Note: more bandwidth is consumed but since the queries are independent, it doesn't affect the latency of the real query

Sharded PIR Design 8

Decoupling the Edge from the PIR Backend

The Edge Wallets, Frontends, dApps, Light Clients eth_getBalance eth_call eth_getProof standard RPC Middleware Adapter Routes RPC calls → PIR queries per slice · Manages hints & preprocessing Lives in wallet SDKs — edge clients absorb zero PIR concerns abstract PIR API Engine A Express slice Engine B Small slice Engine C Medium slice Engine D Large slice schemes get swapped, upgraded — edge never notices
Sharded PIR Design 9

Optimizations & Ongoing Research

Sharded PIR Design 10

Learn More:

QR: ethresear.ch post ethresear.ch
Sharded PIR Design for the Ethereum State
Thanks
Sharded PIR Design 11