In multi-server private information retrieval (PIR), the standard non-collusion assumption is vulnerable to covert collusion, undermining privacy guarantees. Method: This paper proposes a collusion-resistant PIR scheme grounded in rational game theory, the first to deeply integrate payment-based incentive mechanisms and formal game-theoretic modeling into PIR protocol design. It abandons reliance on “honest servers” or trusted hardware, instead adopting a “quantity-for-security” paradigm that relaxes the strong non-collusion requirement. The scheme combines a smart-contract-enabled public bulletin board, a verifiable reward-punishment mechanism, and a multi-server 1-private PIR protocol. Contribution/Results: Deployed in server-rich settings such as blockchain lightweight clients, it significantly raises the cost of collusion while ensuring long-term post-query privacy. Experiments demonstrate that, without assuming honest-majority servers or trusted components, the scheme achieves provably collusion-resistant security alongside practical privacy protection.

A long line of research on secure computation has confirmed that anything that can be computed, can be computed securely using a set of non-colluding parties. Indeed, this non-collusion assumption makes a number of problems solvable, as well as reduces overheads and bypasses computational hardness results, and it is pervasive across different privacy-enhancing technologies. However, it remains highly susceptible to covert, undetectable collusion among computing parties. This work stems from an observation that if the number of available computing parties is much higher than the number of parties required to perform a secure computation task, collusion attempts in privacy-preserving computations could be deterred.We focus on the prominent privacy-preserving computation task of multi-server 1-private information retrieval (PIR) that inherently assumes no pair-wise collusion. For PIR application scenarios, such as those for blockchain light clients, where the available servers can be plentiful, a single server’s deviating action is not tremendously beneficial to itself. We can make deviations undesired via small amounts of rewards and penalties, thus significantly raising the bar for collusion resistance. We design and implement a collusion mitigation mechanism on a public bulletin board with payment execution functions, considering only rational and malicious parties with no honest non-colluding servers. Privacy protection is offered for an extended period after the query executions.