Pervasive Vulnerability Analysis and Defense for QKD-based Quantum Private Query
Xiaoyu Peng, Bin Liu, Shiyu He, Nankun Mu, Wei Huang, Bingjie Xu, Fei Gao
TL;DR
This work analyzes security vulnerabilities in QKD-based Quantum Private Query (QPQ) protocols, focusing on post-processing under undetermined signal bits. It characterizes two attack classes—Direct Observation Attack and Minimum-Error Discrimination—showing that substantial database leakage can occur even when per-bit determination is uncertain, with metrics such as $I_s$ and the per-bit success probability. In simulations with $k=6$ and multi-round queries, a Direct Observation Attack yields about $0.856$ bits per item (versus $0.386$ for honest users), and the MED attack can reveal about 99% of the database with only ~500 queries, far outperforming UD. The authors propose a multi-encryption defense that splits the final oblivious key into multiple segments and uses dual shifts, demonstrating that leakage can be suppressed to near-honest levels, enabling practical, secure QPQ deployments.
Abstract
Quantum Private Query (QPQ) based on Quantum Key Distribution (QKD) is among the most practically viable quantum communication protocols, with application value second only to QKD itself. However, prevalent security vulnerabilities in the post-processing stages of most existing QKD-based QPQ protocols have been severely overlooked. This study focuses on hidden information extraction under undetermined signal bits, revealing that most such QPQ protocols face severe security threats even without complex quantum resources. Specifically, direct observation attack causes incremental information leakage, while the minimum error discrimination attack efficiently steals additional database inforamtion. To address these critical flaws, the proposed multi-encryption defense scheme is compatible with existing QPQ protocols. The study demonstrates the necessity of the multi-encryption strategy for the security of databases in QPQ, providing key theoretical and technical support for constructing practical QPQ protocols resistant to real-world attacks.
