Cryptanalysis of multi-user quantum private query protocol (Q2241013)

The paper is devoted to cryptanalysis of the recent protocol by Tian et al. for \(n\) users quering the database at the same time in protecting the privacy of user databases. Appeared as a quantum version of SPIR (symmetric private information retrieval), QPQ (quantum private query) has recently become a hot topic in quantum cryptography. Nevertheless, there is a vulnerability in the process of sending quantum sequences. This vulnerability appears because the user does not announce to the sender of a successful receipt of quantum sequence. Using this the eavesdropper can send the modified sequence to the sender Bob and will discover the private key sent by Bob. In this paper the authors propose a man-in-the-middle attack as an eavesdropper. He modified the quantum sequence of the sender Bob and sending back to the sender (Figs 2, 3). In order to avoid man-in-the-middle attack is to authenticate the user two-way before sending the private key. The improvement is that after identification, quantum sequence can be securely sent for key agreement