Bitcoin PIR for wallet developers
Bitcoin PIR lets a wallet look up UTXOs on a remote server without
telling the server which addresses it cares about. Same data shape
as Electrum, same script_hash → [UTXO] query — but the server cannot
distinguish your query from any other.
If you maintain a wallet, this matters. A normal Electrum-style server
sees every blockchain.scripthash.subscribe your client makes. That
log links every address you watch — and through chain analysis, every
address derived from the same xpub — to your IP / circuit / session.
PIR breaks that link.
The three surfaces
This site has three jobs. Pick whichever matches your moment:
- Quickstart — go from
npm installto a working DPF query in under ten minutes. Copy-paste TypeScript, real server. - Playground — paste an address, run a real query against the live server, and watch the SDK build the request. Same code your wallet would write.
- Wire explorer — inspect every WebSocket frame the client sends and confirm that the four privacy invariants hold on your own traffic.
What's in these docs
This is the reference. Pages are short, code-first, and laid out around the wallet developer's job: integrate, debug, ship.
- Concepts — why PIR, and how to choose between DPF, HarmonyPIR, and OnionPIR.
- SDK — the TypeScript / WASM surface most wallets use, and the native Rust crates if you're building outside the browser.
- Protocol — the wire format and per-backend specifics: DPF, HarmonyPIR, OnionPIR.
- Privacy — the four invariants spelled out for users and protocol auditors, plus how attestation pins what's running on the query server.
- Operations — the hint vs query endpoint split, and what to do when something goes wrong in troubleshooting.
Live servers
The reference deployment uses two servers — split deliberately so that the SEV-attested query server only ever sees query traffic, never hints:
wss://weikeng1.bitcoinpir.org hint (Hetzner, no SEV)
wss://weikeng2.bitcoinpir.org query (VPSBG, SEV-SNP Tier 3)
Both speak the same WebSocket protocol. A wallet only needs to know both URLs and which is which; the SDK handles the rest.
If you're new, start with Why PIR to ground the threat model, then jump to the Quickstart.