$\pi$-RAG: Oblivious Retrieval via Semantic Quantization and Transcendental Addressing for Large Language Models

Researchers introduce π-RAG, a novel retrieval architecture that protects sensitive data in Large Language Models by using the digits of pi as an oblivious indirection layer, eliminating direct exposure of vector embeddings to inversion attacks. The system combines semantic quantization with cryptographic salting to enable privacy-preserving retrieval for compliance-heavy sectors like finance and healthcare.

π-RAG addresses a critical vulnerability in modern RAG systems: the exposure of raw vector embeddings to potential inversion attacks that could reveal sensitive training data. Traditional architectures directly connect LLMs to datastores through semantic similarity matching, creating privacy risks particularly acute in regulated industries. This research proposes an elegant solution using pi's mathematical immutability as a cryptographic anchor point, creating an indirection layer that mathematically guarantees oblivious inference.

The approach emerges from growing concerns about data privacy in AI systems. As enterprises deploy LLMs in healthcare and finance, regulatory requirements like HIPAA and GDPR demand stronger data isolation guarantees. Standard RAG implementations struggle to meet these requirements while maintaining semantic understanding. π-RAG's semantic quantization layer addresses this by projecting queries onto pre-computed intent centroids rather than raw embeddings, then mapping these through cryptographic salt to deterministic offsets—effectively creating a lossy compression that destroys invertibility while preserving retrieval semantics.

For enterprises, this architecture offers meaningful compliance advantages. Healthcare providers and financial institutions can deploy more capable LLM systems without exposing patient records or financial data to embedding inversion attacks. The deterministic nature of pi-based addressing also enables auditability—a critical requirement for regulated sectors. However, the practical deployment questions remain: performance overhead of the quantization layer, effectiveness of the approach against advanced attacks, and whether the semantic quality of retrieval matches standard RAG. The work represents meaningful progress toward privacy-preserving AI infrastructure rather than a complete solution.

• →π-RAG uses mathematical constants as immutable cryptographic anchors to prevent embedding inversion attacks in retrieval systems
• →Semantic quantization layer projects queries onto intent centroids rather than raw vectors, eliminating direct exposure of sensitive embeddings
• →Architecture enables deterministic addressing through cryptographic salt, supporting auditability requirements in regulated industries
• →System targets compliance-heavy sectors like healthcare and finance where data privacy and regulatory requirements are paramount
• →Approach unifies oblivious inference, differential privacy, and auditability in a single architectural framework