# Provably Secure Symmetric Private Information Retrieval with Quantum Cryptography

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Preliminaries

#### 2.1. Quantum and Classical Systems

#### 2.2. Trace Distance and Distinguishability

## 3. SPIR

#### 3.1. Generic One-Round SPIR Protocol

- Establishing secure channels: Using pre-established secret keys, perfectly secure channels are established between the user and data centres using one-time pad (OTP) encryption. We use $({K}_{1},{K}_{2})$, $({K}_{3},{K}_{4})$, $({K}_{5},{K}_{6})$ to represent the secret key pair between data centre 1 and user, between data centre 2 and user, and between the data centres, respectively. For example, with this arrangement, the user holds ${K}_{2}$ and ${K}_{4}$ and data centre 1 holds ${K}_{1}$ and ${K}_{5}$. Secure channels connecting the user and data centres are denoted by ${\mathcal{C}}_{U1}$ and ${\mathcal{C}}_{U2}$, respectively. Note that the data centres are not allowed to communicate and hence we do not need to define any channel for them. To allow for two-way secure communication with a single secret key, we split $K=({K}^{\mathrm{enc}},{K}^{\mathrm{dec}})$ into two halves, namely ${K}^{\mathrm{enc}}$ (for encryption) and ${K}^{\mathrm{dec}}$ (for decryption).
- Query: The user generates queries for data centres 1 and 2, with ${Q}_{1}={f}_{\mathrm{query},1}(x,R)$ and ${Q}_{2}={f}_{\mathrm{query},2}(x,R)$, respectively, and sends them to the data centres using the secure channels ${\mathcal{C}}_{U1}$ and ${\mathcal{C}}_{U2}$.
- Answer: Upon receiving the query ${\tilde{Q}}_{1}$ (which could be different from ${Q}_{1}$), ${\mathsf{D}}_{1}$ (resp. ${\mathsf{D}}_{2}$) determines a reply ${A}_{1}={f}_{\mathrm{ans},1}({\tilde{Q}}_{1},w,{K}_{5})$ (resp. ${A}_{2}={f}_{\mathrm{ans},2}({\tilde{Q}}_{2},w,{K}_{6})$ and sends it to the user via the secure channels.
- Retrieval: The user retrieves the desired database entry value using ${\widehat{w}}_{x}={f}_{\mathrm{dec}}({\tilde{A}}_{1},{\tilde{A}}_{2},$${Q}_{1},{Q}_{2},x,R)$.

#### 3.2. Original SPIR Security Definition

**Definition**

**1**(Correctness)

**.**

**Definition**

**2**(User Privacy)

**.**

**Definition**

**3**(Database Privacy)

**.**

## 4. SPIR with QKD

#### 4.1. QKD Channel

#### 4.2. QKD Security Definition

#### 4.3. SPIR with QKD Security Definition

**Definition**

**4**(${\eta}_{\mathrm{cor}}$-correctness)

**.**

**Definition**

**5**(${\eta}_{\mathrm{UP}}$-user privacy)

**.**

**Definition**

**6**(${\eta}_{\mathrm{DP}}$-database privacy)

**.**

**Definition**

**7**(${\eta}_{\mathrm{PS}}$-protocol secrecy)

**.**

#### 4.4. Quantum View Modelling

## 5. Security Analysis

**Theorem**

**1.**

## 6. Numerical Simulation

#### 6.1. MDI-QKD

#### 6.2. SPIR Resource

^{−1}, detection efficiency of 14.5%, and background count of $6.02\times {10}^{-6}$. We assume that the central node uses the measurement device shown in Figure 3, which allows it to perform Bell state measurements of states $|{\psi}^{-}\rangle $ and $|{\psi}^{+}\rangle $. The polarisation misalignment error of this setup is modelled following Ref. [41], by introducing unitary rotations in the channels connecting Alice and Bob to the central node, and a unitary rotation in one arm of the measurement device after the beam splitter. The value of the total polarisation misalignment error is set at 1.5%. For simplicity, the protocol uses only two decoy states, with the weaker one having intensity $5\times {10}^{-4}$. We also assume that the error correction leakage is given by ${\mathrm{leak}}_{\mathrm{EC},\mathrm{t}}=1.16{n}_{t}h({e}_{t}^{{a}_{s}{b}_{s}})$, where ${n}_{k}$ is the number of bits of the sifted key (runs that both Alice and Bob prepares in the Z-basis and using the signal intensity) that is not used for error estimation, and ${e}_{t}^{{a}_{s}{b}_{s}}$ is the corresponding error rate of this sifted key.

- iTunes: A consumer wants to purchase a song from the iTunes catalogue, which contains 60 million songs. (Assume each music file is 10 MB) [$n=6\times {10}^{7}$, $L=8\times {10}^{7}$]
- Electronic Health Records (EHR): A doctor in Singapore wants to retrieve his patient’s medical chart from the national health records database. (The average medical chart file size of a healthy patient is about 5 MB [42], and Singapore’s population is 5.7 million [43]) [$n=5.7\times {10}^{6}$, $L=4\times {10}^{7}$]
- Genetic Data: A doctor requests for a gene in a patient’s genome data to analyse disease risk. (Human genome contains 19,116 protein-coding genes, with the maximum size of a single gene being 2.47 million base pairs [46]. Since humans have two alleles for most genes and there are 4 possible bases, each gene entry can be encoded as 9.88 million bits). [$n$ = 19,116, $L=9.88\times {10}^{6}$]

## 7. Discussion

## 8. Conclusions

## Author Contributions

## Funding

## Acknowledgments

## Conflicts of Interest

## Abbreviations

PIR | Private information retrieval |

SPIR | Symmetric private information retrieval |

QKD | Quantum key distribution |

CPTP | Completely positive and trace preserving |

POVM | Positive operator value measurement |

OTP | One-time pad |

CDS | Conditional disclosure of secrets |

MDI | Measurement-device independent |

## Appendix A. Detailed Security Proof

**Theorem**

**A1.**

**Proof.**

**Theorem**

**A2.**

**Proof.**

**Theorem**

**A3.**

**Proof.**

**Theorem**

**A4.**

**Proof.**

## Appendix B. ${\mathcal{B}}_{2}^{\u2033}$ Protocol

## References

- Chor, B.; Kushilevitz, E.; Goldreich, O.; Sudan, M. Private Information Retrieval. J. ACM
**1998**, 45, 965–981. [Google Scholar] [CrossRef] - Mittal, P.; Olumofin, F.; Troncoso, C.; Borisov, N.; Goldberg, I. PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval. In Proceedings of the 20th USENIX Conference on Security, San Francisco, CA, USA, 8–12 August 2011; p. 31. [Google Scholar]
- Khoshgozaran, A.; Shirani-Mehr, H.; Shahabi, C. SPIRAL: A Scalable Private Information Retrieval Approach to Location Privacy. In Proceedings of the Ninth International Conference on Mobile Data Management Workshops, MDMW, Beijing, China, 27–30 April 2008. [Google Scholar]
- Bringer, J.; Chabanne, H.; Pointcheval, D.; Tang, Q. Extended Private Information Retrieval and Its Application in Biometrics Authentications. In Cryptology and Network Security; Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C., Eds.; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2007; pp. 175–193. [Google Scholar]
- Gertner, Y.; Ishai, Y.; Kushilevitz, E.; Malkin, T. Protecting Data Privacy in Private Information Retrieval Schemes. J. Comput. Syst. Sci.
**2000**, 60, 592–629. [Google Scholar] [CrossRef][Green Version] - Stern, J.P. A New and Efficient All-Or-Nothing Disclosure of Secrets Protocol. In Advances in Cryptology—ASIACRYPT’98; Ohta, K., Pei, D., Eds.; Springer Berlin Heidelberg: Berlin/Heidelberg, Germany, 1998; pp. 357–371. [Google Scholar]
- Lipmaa, H. An Oblivious Transfer Protocol with Log-Squared Communication. In Information Security; Zhou, J., Lopez, J., Deng, R.H., Bao, F., Eds.; Springer Berlin Heidelberg: Berlin/Heidelberg, Germany, 2005; pp. 314–328. [Google Scholar]
- Naor, M.; Pinkas, B. Efficient oblivious transfer protocols. In Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms, Washington, DC, USA, 7–9 January 2001; Society for Industrial and Applied Mathematics: Washington, DC, USA, 2001; pp. 448–457. [Google Scholar]
- Chou, T.; Orlandi, C. The Simplest Protocol for Oblivious Transfer. In Progress in Cryptology—LATINCRYPT 2015; Lauter, K., Rodríguez-Henríquez, F., Eds.; Lecture Notes in Computer Science; Springer International Publishing: Cham, Switzerland, 2015; pp. 40–58. [Google Scholar]
- Lo, H.K. Insecurity of quantum secure computations. Phys. Rev. A
**1997**, 56, 1154–1162. [Google Scholar] [CrossRef][Green Version] - Giovannetti, V.; Lloyd, S.; Maccone, L. Quantum Private Queries. Phys. Rev. Lett.
**2008**, 100, 230502. [Google Scholar] [CrossRef][Green Version] - Jakobi, M.; Simon, C.; Gisin, N.; Bancal, J.D.; Branciard, C.; Walenta, N.; Zbinden, H. Practical private database queries based on a quantum-key-distribution protocol. Phys. Rev. A
**2011**, 83, 022301. [Google Scholar] [CrossRef][Green Version] - Panduranga Rao, M.V.; Jakobi, M. Towards communication-efficient quantum oblivious key distribution. Phys. Rev. A
**2013**, 87, 012331. [Google Scholar] [CrossRef][Green Version] - Zhang, J.L.; Guo, F.Z.; Gao, F.; Liu, B.; Wen, Q.Y. Private database queries based on counterfactual quantum key distribution. Phys. Rev. A
**2013**, 88, 022334. [Google Scholar] [CrossRef] - Wei, C.Y.; Wang, T.Y.; Gao, F. Practical quantum private query with better performance in resisting joint-measurement attack. Phys. Rev. A
**2016**, 93, 042318. [Google Scholar] [CrossRef] - Wei, C.; Cai, X.; Wang, T.; Qin, S.; Gao, F.; Wen, Q. Error Tolerance Bound in QKD-Based Quantum Private Query. IEEE J. Sel. Area Commun.
**2020**, 38, 517–527. [Google Scholar] [CrossRef] - Giovannetti, V.; Lloyd, S.; Maccone, L. Quantum Private Queries: Security Analysis. IEEE Trans. Inf. Theory
**2010**, 56, 3465–3477. [Google Scholar] [CrossRef][Green Version] - Olejnik, L. Secure quantum private information retrieval using phase-encoded queries. Phys. Rev. A
**2011**, 84, 022313. [Google Scholar] [CrossRef][Green Version] - Li, J.; Yang, Y.G.; Chen, X.B.; Zhou, Y.H.; Shi, W.M. Practical Quantum Private Database Queries Based on Passive Round-Robin Differential Phase-shift Quantum Key Distribution. Sci. Rep.
**2016**, 6, 31738. [Google Scholar] [CrossRef][Green Version] - Gao, F.; Qin, S.; Huang, W.; Wen, Q. Quantum private query: A new kind of practical quantum cryptographic protocol. Sci. China Phys. Mech. Astron.
**2019**, 62, 70301. [Google Scholar] [CrossRef] - Kent, A. Unconditionally Secure Bit Commitment by Transmitting Measurement Outcomes. Phys. Rev. Lett.
**2012**, 109, 130501. [Google Scholar] [CrossRef][Green Version] - Pitalúa-García, D. Spacetime-constrained oblivious transfer. Phys. Rev. A
**2016**, 93, 062346. [Google Scholar] [CrossRef][Green Version] - Wang, Q.; Skoglund, M. Secure symmetric private information retrieval from colluding databases with adversaries. In Proceedings of the 55th Annual Allerton Conference on Communication, Control, and Computing, Monticello, IL, USA, 3–6 October 2017; pp. 1083–1090. [Google Scholar]
- Yekhanin, S. Towards 3-query locally decodable codes of subexponential length. J. ACM
**2008**, 55, 1:1–1:16. [Google Scholar] [CrossRef][Green Version] - Kerenidis, I.; de Wolf, R. Quantum symmetrically private information retrieval. Inf. Process. Lett.
**2004**, 90, 109–114. [Google Scholar] [CrossRef][Green Version] - Song, S.; Hayashi, M. Capacity of Quantum Private Information Retrieval with Multiple Servers. IEEE Trans. Inf. Theory
**2020**, 67, 452–463. [Google Scholar] [CrossRef] - Diffie, W.; Hellman, M. New directions in cryptography. IEEE Trans. Inf. Theory
**1976**, 22, 644–654. [Google Scholar] [CrossRef][Green Version] - Bennett, C.H.; Brassard, G. Quantum cryptography: Public key distribution and coin tossing. Theor. Comput. Sci.
**1984**, 560, 7–11. [Google Scholar] [CrossRef] - Gisin, N.; Ribordy, G.; Tittel, W.; Zbinden, H. Quantum cryptography. Rev. Mod. Phys.
**2002**, 74, 145–195. [Google Scholar] [CrossRef][Green Version] - Deng, F.G.; Long, G.L.; Liu, X.S. Two-step quantum direct communication protocol using the Einstein-Podolsky-Rosen pair block. Phys. Rev. A
**2003**, 68, 042317. [Google Scholar] [CrossRef][Green Version] - Zhu, F.; Zhang, W.; Sheng, Y.; Huang, Y. Experimental long-distance quantum secure direct communication. Sci. Bull.
**2017**, 62, 1519–1524. [Google Scholar] [CrossRef][Green Version] - Qi, R.; Sun, Z.; Lin, Z.; Niu, P.; Hao, W.; Song, L.; Huang, Q.; Gao, J.; Yin, L.; Long, G.L. Implementation and security analysis of practical quantum secure direct communication. Light. Sci. Appl.
**2019**, 8, 22. [Google Scholar] [CrossRef] - Lo, H.K.; Curty, M.; Qi, B. Measurement-Device-Independent Quantum Key Distribution. Phys. Rev. Lett.
**2012**, 108, 130503. [Google Scholar] [CrossRef][Green Version] - Liu, Y.; Chen, T.Y.; Wang, L.J.; Liang, H.; Shentu, G.L.; Wang, J.; Cui, K.; Yin, H.L.; Liu, N.L.; Li, L.; et al. Experimental Measurement-Device-Independent Quantum Key Distribution. Phys. Rev. Lett.
**2013**, 111, 130502. [Google Scholar] [CrossRef][Green Version] - Yin, H.L.; Chen, T.Y.; Yu, Z.W.; Liu, H.; You, L.X.; Zhou, Y.H.; Chen, S.J.; Mao, Y.; Huang, M.Q.; Zhang, W.J.; et al. Measurement-Device-Independent Quantum Key Distribution Over a 404 km Optical Fiber. Phys. Rev. Lett.
**2016**, 117, 190501. [Google Scholar] [CrossRef] - Tang, Y.L.; Yin, H.L.; Zhao, Q.; Liu, H.; Sun, X.X.; Huang, M.Q.; Zhang, W.J.; Chen, S.J.; Zhang, L.; You, L.X.; et al. Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network. Phys. Rev. X
**2016**, 6, 011024. [Google Scholar] [CrossRef][Green Version] - Fernández-Aleman, J.L.; Senor, I.C.; Lozoya, P.A.O.; Toval, A. Security and privacy in electronic health records: A systematic literature review. J. Biomed. Inform.
**2013**, 46, 541–562. [Google Scholar] [CrossRef] - Nielsen, M.A.; Chuang, I.L. Quantum Computation and Quantum Information: 10th Anniversary Edition, 10th ed.; Cambridge University Press: Cambridge, MA, USA, 2011. [Google Scholar]
- Portmann, C.; Renner, R. Cryptographic Security of Quantum Key Distribution. arXiv
**2014**, arXiv:1409.3525. [Google Scholar] - Curty, M.; Xu, F.; Lim, C.C.W.; Tamaki, K.; Lo, H.K. Finite-key analysis for measurement-device-independent quantum key distribution. Nat. Commun.
**2014**, 5, 3732. [Google Scholar] [CrossRef][Green Version] - Xu, F.; Curty, M.; Qi, B.; Lo, H.K. Practical aspects of measurement-device-independent quantum key distribution. New J. Phys.
**2013**, 15, 113007. [Google Scholar] [CrossRef] - Healthcare Broadband in America; OBI Technical Paper 5; Federal Communications Commission: Washington, DC, USA, 2010.
- Population Trends; Technical Report; Singapore Department of Statistics: Singapore, 2019.
- ISO/IEC 19794-2:2011. Information Technology—Biometric Data Interchange Formats—Part 2: Finger Minutiae Data; International Organization for Standardization: Geneva, Switzerland, 2011. [Google Scholar]
- World Population Prospects 2019, Volume I: Comprehensive Tables; Technical Report ST/ESA/SER.A/426; Department of Economic and Social Affairs, Population Division, United Nations: New York, NY, USA, 2019.
- Piovesan, A.; Antonaros, F.; Vitale, L.; Strippoli, P.; Pelleri, M.C.; Caracausi, M. Human protein-coding genes and gene feature statistics in 2019. BMC Res. Notes
**2019**, 12, 315. [Google Scholar] [CrossRef][Green Version]

**Figure 1.**Schematic of a quantum key distribution (QKD) network with star topology, which can supply QKD keys for the symmetric private information retrieval (SPIR) protocol. The central node (hub) connects to the user and two data centres with optical fibre (solid lines). Using the physical connection, any two parties in the protocol can establish a secure QKD link (dotted lines) via the central node.

**Figure 2.**Setup for implementing measurement device-independent (MDI)-QKD. Alice and Bob each holds a source and modulators which can be used to generate quantum states in basis X or Z and for different intensities. These states are sent to the central node (Charlie) which performs a measurement and broadcasts the result. An honest Charlie would performs Bell state measurement.

**Figure 3.**Schematic of measurement device held by central node. Signals sent from Alice and Bob would enter the beam splitter (BS) before being sent to two polarising beam splitters (PBS) and triggering the single photon detectors. The detectors are labelled based on the polarisation of photon and path they detect. A detection of both ${H}_{c}$ and ${V}_{d}$ or ${H}_{d}$ and ${V}_{c}$ indicates a projection to $|{\psi}^{-}\rangle $ and a detection of both ${H}_{c}$ and ${V}_{c}$ or ${H}_{d}$ and ${V}_{d}$ indicates a projection to $|{\psi}^{+}\rangle $.

**Figure 4.**Plot of database parameters, L, the size of each entry of the database, and n, the number of entries in the database for various number of signals sent, N, (labelled by different line style) and distances, d (labelled by different colours). Four points are included that represents the database parameters of the usage scenarios described in the main text. The diagram also includes a plot for an alternative protocol that requires a more relaxed SPIR definition discussed in Section 7.

Step | ${\mathsf{D}}_{1}$ | $\mathsf{U}$ | ${\mathsf{D}}_{2}$ | ||
---|---|---|---|---|---|

Input: | w | R, x | w | ||

Key pair (${\mathsf{D}}_{1}\leftrightarrow {\mathsf{D}}_{2}$): | ${K}_{5}$ | $\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftrightarrow}$ | ${K}_{6}$ | ||

Key pair ($\mathsf{U}\leftrightarrow {\mathsf{D}}_{1}$): | ${K}_{1}$ | $\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftrightarrow}$ | ${K}_{2}$ | ||

Key pair ($\mathsf{U}\leftrightarrow {\mathsf{D}}_{2}$): | ${K}_{4}$ | $\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftrightarrow}$ | ${K}_{3}$ | ||

Query: | ${Q}_{1}={f}_{\mathrm{query},1}(x,R)$, ${Q}_{2}={f}_{\mathrm{query},2}(x,R)$ | ||||

OTP ($\mathsf{U}\to {\mathsf{D}}_{1}$): | ${\tilde{Q}}_{1}={C}_{{Q}_{1}}\oplus {K}_{1}^{\mathrm{dec}}$ | $\stackrel{{\mathcal{C}}_{U1}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftarrow}}$ | ${C}_{{Q}_{1}}={Q}_{1}\oplus {K}_{2}^{\mathrm{enc}}$ | ||

OTP ($\mathsf{U}\to {\mathsf{D}}_{2}$): | ${C}_{{Q}_{2}}={Q}_{2}\oplus {K}_{4}^{\mathrm{enc}}$ | $\stackrel{{\mathcal{C}}_{U2}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\to}}$ | ${\tilde{Q}}_{2}={C}_{{Q}_{2}}\oplus {K}_{3}^{\mathrm{dec}}$ | ||

Answer: | ${A}_{1}={f}_{\mathrm{ans},1}({\tilde{Q}}_{1},w,{K}_{5})$ | ${A}_{2}={f}_{\mathrm{ans},2}({\tilde{Q}}_{2},w,{K}_{6})$ | |||

OTP (${\mathsf{D}}_{1}\to \mathsf{U}$): | ${C}_{{A}_{1}}={A}_{1}\oplus {K}_{1}^{\mathrm{enc}}$ | $\stackrel{{\mathcal{C}}_{U1}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\to}}$ | ${\tilde{A}}_{1}={C}_{{A}_{1}}\oplus {K}_{2}^{\mathrm{dec}}$ | ||

OTP (${\mathsf{D}}_{2}\to \mathsf{U}$): | ${\tilde{A}}_{2}={C}_{{A}_{2}}\oplus {K}_{4}^{\mathrm{dec}}$ | $\stackrel{{\mathcal{C}}_{U2}}{\overleftarrow{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}}$ | ${C}_{{A}_{2}}={A}_{2}\oplus {K}_{3}^{\mathrm{enc}}$ | ||

Decoding: | ${\widehat{w}}_{x}={f}_{\mathrm{dec}}({\tilde{A}}_{1},{\tilde{A}}_{2},{Q}_{1},{Q}_{2},x,R)$ |

Step | ${\mathsf{D}}_{1}$ | $\mathsf{U}$ | ${\mathsf{D}}_{2}$ | $\mathsf{E}$ | ||
---|---|---|---|---|---|---|

Input: | w | R, x | w | |||

QKD (${\mathsf{D}}_{1}\leftrightarrow {\mathsf{D}}_{2}$): | ${S}_{5}$ | $\stackrel{{\rho}_{{S}_{5}{S}_{6}E}^{\mathrm{real}}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftrightarrow}}$ | ${S}_{6}$ | ${\sigma}_{\mathsf{E}}^{{S}_{5}{S}_{6}}$ | ||

QKD ($\mathsf{U}\leftrightarrow {\mathsf{D}}_{1}$): | ${S}_{1}$ | $\stackrel{{\rho}_{{S}_{1}{S}_{2}E}^{\mathrm{real}}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftrightarrow}}$ | ${S}_{2}$ | ${\sigma}_{E}^{{S}_{1}{S}_{2}}$ | ||

QKD ($\mathsf{U}\leftrightarrow {\mathsf{D}}_{2}$): | ${S}_{4}$ | $\stackrel{{\rho}_{{S}_{3}{S}_{4}}^{\mathrm{real}}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftrightarrow}}$ | ${S}_{3}$ | ${\sigma}_{E}^{{S}_{3}{S}_{4}}$ | ||

Query: | ${Q}_{1}={f}_{\mathrm{query},1}(x,R)$ | |||||

${Q}_{2}={f}_{\mathrm{query},2}(x,R)$ | ||||||

OTP ($\mathsf{U}\to {\mathsf{D}}_{1}$): | ${\tilde{Q}}_{1}={C}_{{Q}_{1}}\oplus {S}_{1}^{\mathrm{dec}}$ | $\stackrel{{\mathcal{C}}_{U1}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\u0210}}$ | ${C}_{{Q}_{1}}={Q}_{1}\oplus {S}_{2}^{\mathrm{enc}}$ | ${C}_{{Q}_{1}}$ | ||

OTP ($\mathsf{U}\to {\mathsf{D}}_{2}$): | ${C}_{{Q}_{2}}={Q}_{2}\oplus {S}_{4}^{\mathrm{enc}}$ | $\stackrel{{\mathcal{C}}_{U2}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\to}}$ | ${\tilde{Q}}_{2}={C}_{{Q}_{2}}\oplus {S}_{3}^{\mathrm{dec}}$ | ${C}_{{Q}_{2}}$ | ||

Answer: | ${A}_{1}={f}_{\mathrm{ans},1}({\tilde{Q}}_{1},w,{S}_{5})$ | ${A}_{2}={f}_{\mathrm{ans},2}({\tilde{Q}}_{2},w,{S}_{6})$ | ||||

OTP (${\mathsf{D}}_{1}\to \mathsf{U}$): | ${C}_{{A}_{1}}={A}_{1}\oplus {S}_{1}^{\mathrm{enc}}$ | $\stackrel{{\mathcal{C}}_{U1}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\to}}$ | ${\tilde{A}}_{1}={C}_{{A}_{1}}\oplus {S}_{2}^{\mathrm{dec}}$ | ${C}_{{A}_{1}}$ | ||

OTP (${\mathsf{D}}_{2}\to \mathsf{U}$): | ${\tilde{A}}_{2}={C}_{{A}_{2}}\oplus {S}_{4}^{\mathrm{dec}}$ | $\stackrel{{\mathcal{C}}_{U2}}{\stackrel{\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}\hspace{1em}}{\leftarrow}}$ | ${C}_{{A}_{2}}={A}_{2}\oplus {S}_{3}^{\mathrm{enc}}$ | ${C}_{{A}_{2}}$ | ||

Decoding: | ${\widehat{w}}_{x}={f}_{\mathrm{dec}}({\tilde{A}}_{1},{\tilde{A}}_{2},{Q}_{1},{Q}_{2},x,R)$ |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Kon, W.Y.; Lim, C.C.W. Provably Secure Symmetric Private Information Retrieval with Quantum Cryptography. *Entropy* **2021**, *23*, 54.
https://doi.org/10.3390/e23010054

**AMA Style**

Kon WY, Lim CCW. Provably Secure Symmetric Private Information Retrieval with Quantum Cryptography. *Entropy*. 2021; 23(1):54.
https://doi.org/10.3390/e23010054

**Chicago/Turabian Style**

Kon, Wen Yu, and Charles Ci Wen Lim. 2021. "Provably Secure Symmetric Private Information Retrieval with Quantum Cryptography" *Entropy* 23, no. 1: 54.
https://doi.org/10.3390/e23010054