The first time I can across PIR was via the 2014 blog post from Signal on how Private Contact Discovery was a hard problem and how it required PIR to be solved. https://signal.org/blog/contact-discovery/
Maybe this will help Signal get to a viable solution in a few years.
> Unfortunately, for a reasonably large user base, this strategy doesn’t work because the bloom filters themselves are too large to transmit to mobile clients. For 10 million TextSecure users, a bloom filter like this would be ~40MB, requested from the server 116 times a second if every client refreshes it once a day.
They decided to run computations inside a 'secure' hardware environment instead (SGX specifically) so that they can't get access to the computation themselves but it also doesn't need to be run client side. I assume you meant the former thing, but the approach they actually use is fundamentally different from homomorphic encryption / PIR.
Unless you have an electron microscope, work at Intel, or manage to find a hardware exploit, you are not getting the private key out of that chip, which, short of breaking the underlying cryptography, is the only way you're getting at that data.
Except, of course, if you put malware in the next build of your mobile app, and grab it before it's encrypted. Which Signal easily could, and it probably wouldn't be spotted for weeks. Fundamentally, it's all about trusting other people.
Maybe this will help Signal get to a viable solution in a few years.