Hermitian-Curve XSTPIR Scheme

• The paper introduces a Hermitian-curve-based XSTPIR scheme that leverages maximal rational points and a novel two-tier block basis to achieve superior PIR rates.
• Advanced algebraic geometry codes are constructed via refined divisor structures on the Hermitian curve to ensure both X-security and T-privacy in distributed setups.
• Methodological innovations such as interference alignment and optimized pole placement guarantee correct file recovery and enhanced capacity over previous curve-based constructions.

A Hermitian-curve-based XSTPIR scheme is a protocol for $X$-secure, $T$-private information retrieval (XSTPIR) using algebraic geometry codes constructed from the Hermitian curve over $\mathbb{F}_{q^2}$. These schemes leverage the maximality and large supply of rational points of the Hermitian curve to attain higher PIR rates for fixed parameters $(q,X,T)$ than previous constructions using rational, elliptic, or hyperelliptic curves. The protocols operate in a distributed storage setting with $N$ servers, each storing codeword symbols corresponding to evaluations of carefully chosen Riemann–Roch space functions, with parameters tailored to guarantee both $X$-security (data remains secret against colluding servers) and $T$-privacy (the file index remains private against colluding servers) (Ghiandoni et al., 26 Aug 2025, Gao et al., 12 Jan 2026, Christensen et al., 2018).

1. Hermitian Curve and Rational Points

The Hermitian curve $\mathcal{H}_q$ over the field $\mathbb{F}_{q^2}$ is defined by the affine equation: $x^{q+1} = y^q + y$ It is a smooth, projective, $T$0-maximal curve, with genus

$T$1

and exactly $T$2 rational points (including the unique point at infinity $T$3). Maximality indicates that $T$4 attains the Hasse-Weil upper bound on the number of rational points for its genus (Ghiandoni et al., 26 Aug 2025, Gao et al., 12 Jan 2026).

The abundance of rational points is critical: it enables construction of long AG codes and, thus, large numbers of servers or stored symbols without diminishing minimum distance or security parameters.

2. Construction of Hermitian AG Codes and Subspace Design

The protocol utilizes AG codes associated with divisors on $T$5, and exploits advanced bases for multiplier spaces:

• Evaluation Set: The scheme selects a subset of the $T$6 rational points (excluding a small number used in the support of noise and pole divisors).
• Divisor Structure: The "full" global divisor $T$7 is constructed as a sum of the zeros of $T$8 chosen irreducible quadratics $T$9, a multiple of $\mathbb{F}_{q^2}$0, plus small contributions from $\mathbb{F}_{q^2}$1 and $\mathbb{F}_{q^2}$2.
• Data-Multiplier Basis: The core innovation is a two-level basis for the data-multiplier space:
  • Functions are constructed as $\mathbb{F}_{q^2}$3, where the block basis $\mathbb{F}_{q^2}$4 aggregates monomials supported on the irreducible $\mathbb{F}_{q^2}$5's.
  • All $\mathbb{F}_{q^2}$6 such basis elements $\mathbb{F}_{q^2}$7 are then multiplied by a global factor $\mathbb{F}_{q^2}$8, yielding basis elements whose zeros and poles are efficiently concentrated, minimizing overlap with storage evaluation points (Gao et al., 12 Jan 2026).

Subspaces for each file coordinate $\mathbb{F}_{q^2}$9 are defined as: $(q,X,T)$0 with the information space $(q,X,T)$1 and noise space composed of all relevant combinations of $(q,X,T)$2, $(q,X,T)$3, $(q,X,T)$4 (Ghiandoni et al., 26 Aug 2025, Gao et al., 12 Jan 2026).

3. PIR Protocol Instantiation and Interference Alignment

The retrieval protocol encodes files across servers as evaluations of functions from the information space, while queries are generated with superpositions of random elements from $(q,X,T)$5 (to achieve $(q,X,T)$6-security and $(q,X,T)$7-privacy) and a designated $(q,X,T)$8 for the requested file index: $(q,X,T)$9 Each server, holding evaluations at a point $N$0, responds with $N$1. The user collects all $N$2 and projects onto the information space, extracting $N$3 and thus recovering the desired file symbol.

The disjointness property $N$4 is enforced by the degree and location of divisors, ensuring precise cross-subspace alignment: all "noise" aligns in a subspace orthogonal to the useful signal (Ghiandoni et al., 26 Aug 2025).

4. Privacy, Security, and Correctness Guarantees

Security is formalized as follows:

• $N$5-security: Any coalition of up to $N$6 servers, observing their response and storage symbols, sees at most $N$7 linear combinations in $N$8. The dual code distances guarantee this reveals no information about file contents.
• $N$9-privacy: Any coalition of up to $X$0 servers observes only evaluations of the query in $X$1; the dual code again protects the file index privacy.
• Correctness: The separation between $X$2 and $X$3 ensures the user can recover the requested symbol uniquely (Ghiandoni et al., 26 Aug 2025).

When instantiated as an XSTPIR scheme, the Hermitian-curve construction realizes both privacy and security thresholds as dictated by Riemann–Roch space dimensions and minimum distances (Gao et al., 12 Jan 2026, Christensen et al., 2018).

5. Retrieval Rate and Parameter Optimization

The PIR rate is given by

$X$4

where $X$5. Maximizing $X$6 (while adhering to divisors and support overlap constraints) yields the maximum rate: $X$7 The existence condition is

$X$8

This rate strictly exceeds prior Hermitian-curve and hyperelliptic schemes for $X$9 and $T$0, and can be quantitatively larger (the improvement can exceed 0.14 in absolute rate for large $T$1 and suitable $T$2) (Gao et al., 12 Jan 2026).

Comparison Table: Maximal PIR Rate Formulas

Curve family	Maximal rate	Existence condition
Rational curve	$T$3	$T$4
Hyperelliptic (genus $T$5)	$T$6	$T$7
Old Hermitian-curve	$T$8	$T$9
New Hermitian-curve	$\mathcal{H}_q$0	$\mathcal{H}_q$1

6. Technical Innovations and Impact

The principal innovation is the new block basis for the polynomial space, which replaces Lagrange-type interpolation. By arranging poles at a few fixed locations (zeros of $\mathcal{H}_q$2, $\mathcal{H}_q$3, $\mathcal{H}_q$4, and $\mathcal{H}_q$5), the construction minimizes the loss in available rational points (storage places) to divisor support. This enables the use of nearly all $\mathcal{H}_q$6 points for storage and evaluation, rather than paying a linear cost in $\mathcal{H}_q$7 as in earlier approaches (Gao et al., 12 Jan 2026).

This efficient utilization unlocks the highest known capacity for Hermitian-curve-based XSTPIR, with performance exceeding that of all earlier rational-curve, hyperelliptic, and Hermitian constructions under the stated parameter regimes.

This suggests that further advances in XSTPIR rate may critically depend on similar innovations in basis and divisor management, rather than simply moving to curves of ever-higher genus.

7. Relationship to Other Hermitian-Curve Key Constructions

Earlier works constructed XSTPIR using nested pairs of one-point Hermitian codes:

• The codes $\mathcal{H}_q$8 built from divisors $\mathcal{H}_q$9 and $\mathbb{F}_{q^2}$0 (with $\mathbb{F}_{q^2}$1), deliver a rate $\mathbb{F}_{q^2}$2, with $\mathbb{F}_{q^2}$3 and $\mathbb{F}_{q^2}$4 (Christensen et al., 2018).
• The new block-basis and multi-divisor schemes allow much larger $\mathbb{F}_{q^2}$5 for the same $\mathbb{F}_{q^2}$6, and strictly higher rates except in cases of very small field size or privacy/security threshold.

In summary, by leveraging the maximality of the Hermitian curve and introducing a two-tiered block basis, Hermitian-curve-based XSTPIR schemes represent a significant advancement in the construction of high-rate, robustly private and secure PIR protocols for distributed storage systems (Ghiandoni et al., 26 Aug 2025, Gao et al., 12 Jan 2026, Christensen et al., 2018).