Table of Contents
Fetching ...

Pervasive Vulnerability Analysis and Defense for QKD-based Quantum Private Query

Xiaoyu Peng, Bin Liu, Shiyu He, Nankun Mu, Wei Huang, Bingjie Xu, Fei Gao

TL;DR

This work analyzes security vulnerabilities in QKD-based Quantum Private Query (QPQ) protocols, focusing on post-processing under undetermined signal bits. It characterizes two attack classes—Direct Observation Attack and Minimum-Error Discrimination—showing that substantial database leakage can occur even when per-bit determination is uncertain, with metrics such as $I_s$ and the per-bit success probability. In simulations with $k=6$ and multi-round queries, a Direct Observation Attack yields about $0.856$ bits per item (versus $0.386$ for honest users), and the MED attack can reveal about 99% of the database with only ~500 queries, far outperforming UD. The authors propose a multi-encryption defense that splits the final oblivious key into multiple segments and uses dual shifts, demonstrating that leakage can be suppressed to near-honest levels, enabling practical, secure QPQ deployments.

Abstract

Quantum Private Query (QPQ) based on Quantum Key Distribution (QKD) is among the most practically viable quantum communication protocols, with application value second only to QKD itself. However, prevalent security vulnerabilities in the post-processing stages of most existing QKD-based QPQ protocols have been severely overlooked. This study focuses on hidden information extraction under undetermined signal bits, revealing that most such QPQ protocols face severe security threats even without complex quantum resources. Specifically, direct observation attack causes incremental information leakage, while the minimum error discrimination attack efficiently steals additional database inforamtion. To address these critical flaws, the proposed multi-encryption defense scheme is compatible with existing QPQ protocols. The study demonstrates the necessity of the multi-encryption strategy for the security of databases in QPQ, providing key theoretical and technical support for constructing practical QPQ protocols resistant to real-world attacks.

Pervasive Vulnerability Analysis and Defense for QKD-based Quantum Private Query

TL;DR

This work analyzes security vulnerabilities in QKD-based Quantum Private Query (QPQ) protocols, focusing on post-processing under undetermined signal bits. It characterizes two attack classes—Direct Observation Attack and Minimum-Error Discrimination—showing that substantial database leakage can occur even when per-bit determination is uncertain, with metrics such as and the per-bit success probability. In simulations with and multi-round queries, a Direct Observation Attack yields about bits per item (versus for honest users), and the MED attack can reveal about 99% of the database with only ~500 queries, far outperforming UD. The authors propose a multi-encryption defense that splits the final oblivious key into multiple segments and uses dual shifts, demonstrating that leakage can be suppressed to near-honest levels, enabling practical, secure QPQ deployments.

Abstract

Quantum Private Query (QPQ) based on Quantum Key Distribution (QKD) is among the most practically viable quantum communication protocols, with application value second only to QKD itself. However, prevalent security vulnerabilities in the post-processing stages of most existing QKD-based QPQ protocols have been severely overlooked. This study focuses on hidden information extraction under undetermined signal bits, revealing that most such QPQ protocols face severe security threats even without complex quantum resources. Specifically, direct observation attack causes incremental information leakage, while the minimum error discrimination attack efficiently steals additional database inforamtion. To address these critical flaws, the proposed multi-encryption defense scheme is compatible with existing QPQ protocols. The study demonstrates the necessity of the multi-encryption strategy for the security of databases in QPQ, providing key theoretical and technical support for constructing practical QPQ protocols resistant to real-world attacks.
Paper Structure (5 sections, 9 equations, 2 figures, 2 tables)

This paper contains 5 sections, 9 equations, 2 figures, 2 tables.

Figures (2)

  • Figure 1: Simulation of multi-round attacks by the HbC user when $k=6$. The red (dense dotted) curve depicts the average amount of information obtained by the HbC user for each database item over 2000 rounds of queries, the black curve represents the average amount of information accessible to the legitimate user (which is actually the proportion of database items obtained relative to the entire database), and the orange (sparse dotted) curve represents the effect of the defense strategy described in the final section against HbC attack. Note that the database size needs to be specified in defense simulation, and here we set the database to contain 32000 items.
  • Figure 2: A comparison of the effectiveness between the MED individual attack proposed in this paper and the conventional UD individual attack. Herein, the red (dense dotted) curve represents the efficiency of the MED attack, the blue (dashed) curve represents that of the UD attack, the black curve represents that of the honest user, and the orange (sparse dotted) curve represents the effect of the defense strategy described in the next section.