This paper identifies a critical security flaw in CB-cPIR—the first coding-theoretic private information retrieval (PIR) scheme—revealing that its underlying code-based hardness assumption becomes efficiently solvable under specific parameter choices, resulting in practical security substantially weaker than claimed. Method: We devise a tailored cryptanalytic attack that breaks CB-cPIR against polynomial-time adversaries for realistic parameter sets and rigorously analyze its communication overhead relative to state-of-the-art PIR schemes (e.g., SealPIR, XPIR). Contribution/Results: Our work refutes CB-cPIR’s viability as a practical post-quantum PIR candidate. Moreover, it establishes the first systematic security evaluation framework for code-based PIR, clarifying the interplay between coding parameters, hardness assumptions, and concrete security. This framework provides both theoretical foundations and actionable design guidelines for developing next-generation coding-based PIR protocols that simultaneously achieve provable security and competitive efficiency.

Private Information Retrieval (PIR) schemes allow clients to retrieve files from a database without disclosing the requested file's identity to the server. In the pursuit of post-quantum security, most recent PIR schemes rely on hard lattice problems. In contrast, the so called CB-cPIR scheme stands out as a pioneering effort to base PIR schemes on hard problems in coding theory, thereby contributing significantly to the diversification of security foundations. However, our research reveals a critical vulnerability in CB-cPIR, substantially diminishing its security levels. Moreover, a comparative analysis with state-of-the-art PIR schemes shows that CB-cPIR's advantages are reduced, making it less competitive in terms of the communication cost. Nevertheless, our findings highlight the importance of continued research into code-based PIR schemes, as they have the potential to provide a valuable alternative to lattice-based approaches.