A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

Liu, Wenjie; Gao, Peipei; Liu, Zhihao; Chen, Hanwu; Zhang, Maojun

doi:https://doi.org/10.1155/2019/4923590

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Related Work Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Intrusion Detection and Prevention in Cloud, Fog, and Internet of Things

View this Special Issue

Research Article | Open Access

Volume 2019 | Article ID 4923590 | https://doi.org/10.1155/2019/4923590

A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

Wenjie Liu,^1,2,3Peipei Gao,²Zhihao Liu,^3,4Hanwu Chen,^3,4and Maojun Zhang^5,6

Guest Editor: Yuan Yuan

Received16 Aug 2018

Accepted26 Feb 2019

Published01 Apr 2019

Abstract

Cloud computing is a powerful and popular information technology paradigm that enables data service outsourcing and provides higher-level services with minimal management effort. However, it is still a key challenge to protect data privacy when a user accesses the sensitive cloud data. Privacy-preserving database query allows the user to retrieve a data item from the cloud database without revealing the information of the queried data item, meanwhile limiting user’s ability to access other ones. In this study, in order to achieve the privacy preservation and reduce the communication complexity, a quantum-based database query scheme for privacy preservation in cloud environment is developed. Specifically, all the data items of the database are firstly encrypted by different keys for protecting server’s privacy, and in order to guarantee the clients’ privacy, the server is required to transmit all these encrypted data items to the client with the oblivious transfer strategy. Besides, two oracle operations, a modified Grover iteration, and a special offset encryption mechanism are combined together to ensure that the client can correctly query the desirable data item. Finally, performance evaluation is conducted to validate the correctness, privacy, and efficiency of our proposed scheme.

1. Introduction

Cloud computing is a powerful computing paradigm that enables ubiquitous access to shared infrastructure resources and higher-level services. It has shown the remarkable advantage in load balancing, data access control, and resources sharing, for database management [1]. Benefiting from the cloud paradigm, an increasing number of individuals and groups choose to put their massive data (including private part) into the cloud.

In recent years, database outsourcing has become an important component of cloud computing [2], where data owners outsource data management to a service provider (i.e., cloud database), and this mode is also called Database-as-a-Service (DaaS) [3]. Cloud database provides users with capabilities to store and process their data in the cloud, which has the advantages of scalability and high availability that users can access data anytime, anywhere and anyway. However, all the data of data owner is stored in the cloud environment, and some sensitive data (e.g., health records, financial transactions, and personal information) is at risk of being compromised. So, security and privacy have become the major challenges which inhibit the cloud computing wide acceptance in practice [4].

The privacy preservation is the main concern of cloud application, such as service recommendation [5–7], service quality prediction [8, 9], database query [10–16], etc. As an important research branch, the privacy-preserving database query (PPDQ) aims to protect database security and clients’ privacy, while ensuring the correctness of database query. To be specific, any user can query data items from the cloud database without revealing its information, but his/her access to other data items is not permitted. There are a variety of techniques or methods for guaranteeing the privacy preservation of database query, such as homomorphic encryption (HE) [10, 11], attribute-based encryption (ABE) [12–14], searchable encryption (SE) [15, 16], etc. Searchable encryption is a cryptographic system which offers secure search functions over encrypted data, which is considered to be a more effective technique to solve the problem of PPDQ. In 2000, Song et al. [15] proposed the first searchable encryption scheme based on symmetric key cryptography (SKC). Since then, other various SE schemes have been continuously proposed, such as public key cryptography- (PKC-) based searchable encryption [17], secure ranked search over encrypted cloud data [18], and so on.

As we all know, the security of classic cryptography protocols, including most private query schemes (also named privacy-preserving database query schemes), is based on mathematical complexity, and its security is based on the fact that computing power is limited. However, with the prevalence of new distributed computing models (especially cloud computing), a normal user is given the super computing power far beyond a single computer. Therefore, these cryptography protocols based on computational complexity are facing serious challenges.

On the other hand, quantum computing demonstrates the superior parallel computing power that the classical paradigm cannot match. For instance, Shor’s algorithm [19] solves the problem of integer factorization in polynomial time, and Grover’s algorithm [20] has a quadratic speedup to the problem of conducting a search through some unstructured database. Therefore, most classic cryptography protocols, including PPDQ schemes, are very vulnerable to the powerful quantum computer. Fortunately, quantum mechanics also provides a security mechanism against quantum attacks, and it holds the potential unconditional security based on some physical properties, such as noncloning theorem, uncertainty principle, quantum entanglement, etc. With the application of quantum mechanics in the field of information processing, some research findings have been proposed, including quantum key distribution [21, 22], quantum secret sharing [23, 24], quantum key agreement [25, 26], quantum direct communication [27, 28], quantum steganography [29], quantum teleportation and remote state preparation [30–32], quantum sealed-bid auction [33, 34], delegating quantum computation [35], and quantum machine learning [36, 37].

With the above observations, the security of classic database query schemes is facing the dual challenge of cloud computing and quantum computing, while quantum mechanics has been proven to be an effective method for solving such problem. In this study, in order to implement the privacy-preserving database query in cloud environment, we utilize some physical properties of quantum mechanics to design a quantum-based database query scheme for privacy preservation (QBDQ) in cloud environment and conduct its performance evaluation to show our scheme is feasible, secure, and efficient. To be specific, our main contributions include the three following aspects.(1)We present a systematic framework for privacy preservation cloud database query scheme in the cloud environment.(2)A feasible QBDQ is designed through oblivious transfer, the offset encryption mechanism, oracle operation, and the modified Grover iteration to achieve the privacy preservation for the cloud database query and reduce its communication complexity.(3)The performance evaluation is conducted to verify the performance of our proposed QBDQ scheme, such as correctness, security, and efficiency.

The rest of this paper is organized as follows. In Section 2, we introduce the basic knowledge of quantum computing, while the framework of the privacy-preserving database query in cloud environment is presented. In Section 3, the problem of privacy-preserving database query in cloud environment is defined, and then the proposed QBDQ is elaborated step by step. Section 4 conducts the performance evaluation from the aspects of correctness, security, and efficiency. After that, Section 5 summarizes the related work on cloud database queries, SE, and quantum private queries. Finally, the conclusion of the paper and the prospection for future work are presented in Section 6.

2. Preliminaries

In this section, the basic knowledge of quantum computing is introduced firstly. Then, we introduced the principle of oblivious transfer (OT). And finally, a cloud computing framework for privacy preservation is designed.

2.1. Quantum Computing

2.1.1. Quantum Bit

The classic bit is the smallest unit in the classic computer, and its value is either 0 or 1. Unlike classical computers, the smallest unit of quantum computers is qubit (quantum bit), which is the quantum analog of the classic bit. A qubit is a unit vector in a two-dimensional complex Hilbert space, and its Dirac notation is represented as follows:where and are the probability amplitudes of the state and + . Since the vectors and are basis states and can be represented as the qubit can be expressed in vector form . In addition, the single qubit can be extended to multiple qubits; for example, an n-qubit system can exist in any superposed basis statesHere, . Quantum states form a complete orthonormal basis in Hilbert space.

2.1.2. Unitary Operator

In a closed quantum system, the evolution of the system is characterized by a series of unitary operators; that is,where and is the transpose conjugate of . Each unitary operator corresponds to a quantum gate. Similar to a logic gate in classical calculations, the quantum gate can be represented in matrix form, and the quantum gate over a qubit is represented by a unitary matrix. For instance, Pauli-X, Pauli-Z, and the Hadamard gate H are important quantum operators over one qubit described in

2.1.3. Quantum Measurement

The quantum state is in a superposition state, and it must be measured to collapse to a basis state to obtain a result. Assuming that the quantum state is before measurement operator, quantum measurements are described by a collection of measurement operators which satisfy the completeness equationwhere indicates the possible outcome of the measurement. The quantum state is measured by the measurement basis , then the probability that result occurs is given byand the postmeasurement state is

2.2. Oblivious Transfer

In cryptography, an oblivious transfer (OT) strategy is a type of strategy in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred. The first form of oblivious transfer was introduced by Rabin [38]. In this form, the sender sends a message to the receiver with probability 1/2, while the sender remains oblivious as to whether or not the receiver received the message. OT is a basic strategy in the field of cryptography and has a wide range of applications. In general, the OT strategy involves two parties, the sender and the receiver, and satisfies the following characteristics:(i)Whether the queried data can be obtained is entirely dependent on probability, rather than sender or receiver. That is, neither the sender nor receiver can affect the execution of the strategy.(ii)After the execution of the strategy, the sender could not know whether the receiver got the data he wanted to query.

k-out-of-n () (k<n) is the general form of all OT strategies. That is, the sender has secrets, and the receiver can only get secrets. The strategy consists of two parties, the sender with secret data , and the receiver with k indices . The strategy meets the following requirements:(i)Correctness. After executing the strategy, the receiver can obtain all of the correctly.(ii)Receiver’s Security. When the receiver queries the data from the sender, the database cannot know the receiver’s query items.(iii)Sender's Security. The receiver cannot get more data items from the sender except queried data items.

2.3. The Framework of Privacy-Preserving Database Query in Cloud Environment

We first consider the framework model of privacy-preserving cloud database query system, which consists of two main entities (clients and cloud server) as illustrated in Figure 1.

As shown in Figure 1, there are n clients and a cloud database server, and every client sends a query request to the cloud server and gets the query result from the cloud server finally. In this framework, we suppose all the clients and server are semihonest: they are curious about cheating the privacy of other’s, but honest to carry out the operations in the scheme. Here, two kinds of entity can be defined as follows.

Client is the entity that wants to query items from the database in the cloud server and can be the connected users or the individual user with mobile constrained devices such as smartphones, PDA, TPM chip, etc.

Cloud server is the entity which provides data services and computational resources to the clients dynamically.

In this paper, we take three parties as an example, i.e., the client Alice, client Bob, and the cloud server Charlie, to demonstrate the process of the privacy-preserving database query using quantum mechanics.

3. A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

In this section, we first define the privacy-preserving database query problem and quantum-based privacy-preserving database query problem in cloud environment. To address this issue, a QBDQ scheme is proposed in detail. Before we introduce the relevant content, the key notations and descriptions used in this section are listed in Table 1.

3.1. Some Definitions

In order to clearly illustrate our scheme, we first define the problem to be solved.

Definition 1 (database query problem for privacy preservation in cloud environment). In the cloud environment, the cloud server has a collection of sensitive data , and each client wants to query a data item from the cloud server without revealing which item is queried. During the retrieving process, the client cannot gain any other data item except .

Definition 2 (database query scheme for privacy preservation in cloud environment). Each client inputs the index of query item , and cloud server inputs sensitive dataset . After executing this scheme, the client outputs the queried data item . In addition, the scheme should satisfy the following:(i)Correctness. The client successfully obtains the correct data item he(she) wants to query (i.e., ).(ii)Clients’ Privacy. During the retrieving process, the cloud server cannot get any private information about the query index of the client.(iii)Cloud Server’s Privacy. Clients cannot get any other data items from the cloud server except .

3.2. A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

For the sake of simplicity, we take three parties (one cloud server Charlie, and two clients Alice, Bob) as an example to describe our scheme. Suppose Charile has a private database D with N items and an encryption key sequence , and Alice and Bob want to, respectively, query an item, the p-th item D_p, and the q-th item (), from server. The scheme consists of five steps as follows (also shown in Figure 2).

Step 1. Charlie prepares an (n+m)-qubit state , where , . And then he applies an oracle operation (its schematic circuit is sketched in Figure 3) on referring to the sequence . Here, is defined as follows:where denotes the index of the data item and is the encryption key originally assigned to encrypt the i-th data item. After the above operation, we can get the state, namely, , and then Charlie sends it to Alice with oblivious transfer strategy. Similar to Alice, Charlie also prepares another state in the same way and sends it to Bob.

Step 2. After receiving from Charlie, Alice takes as the computational basis and performs projective measurement on the index qubits of . Suppose the measurement result is ; the remaining qubits will collapse into , which means Alice can obtain (i.e., one of the encryption keys) through projective measurement. Since Alice’s retrieving index is , she computes the offset and sends it to Charlie. As same as Alice, Bob also performs the same operations and announces the offset to Charlie, where is the measurement result, and represents the index of the data item Bob wants to query.

Step 3. Having received the offsets and , Charlie updates every encryption key asand obtains the new key sequence and , Then, Charlie encrypts every data items respectively with its new corresponding keys and as follows:After that, Charlie prepares two states , and applies the oracle operation , as and gets the final states , . Finally, Charlie sends , to Alice and Bob, respectively, with oblivious transfer strategy.

Step 4. After receiving from Charlie, Alice performs the modified Grover iteration on it to obtain the target state . Figure 4 describes the detailed process of modified Grover iteration, which consists of at most times application of a quantum subroutine, called the operator. The whole process of operator (also shown in Figure 5) can be subdivided into four steps as follows.
Step 4.1. Alice applies the oracle operation on , which conditionally changes the sign of the amplitudes of the query itemHere, we call the resultant state , i.e., , and is the judgment function defined byStep 4.2. The Hadamard transformation is applied on ,Step 4.3. Alice applies conditionally phase transfer on the state ,where the function is defined as follows: Step 4.4. The Hadamard transformation is applied again on and obtains the stateAlice applies the above Grover iteration times and finally obtains the target state .
Similar to Alice, Bob also applies the modified Grover iteration on the received state and obtains the target query state .

Step 5. Alice and Bob measure the last m-qubit of state , and extract the classic information of query result , , respectively.

In addition, in order to check eavesdropping in the quantum channel, we can use decoy-photon technology. That is, the sender randomly inserts several decoy photons into the qubit sequence, where every decoy photon is prepared randomly with either Z-basis or X-basis , and transmits them to the receiver. After confirming that the receiver has received the transmitted sequence, the sender announces the positions of the decoy photons and the corresponding measurement basis. The receiver measures the decoy photons according to the sender’s announcements and tells the sender his (her) measurement results. Then, the sender compares the measurement results from the receiver with the initial states of the decoy photons in the transmitted sequence and calculates the error rate. If the error rate is higher than the threshold determined by the channel noise, they cancel this scheme and restart; else they continue the next step.

It is worth mentioning that we adopted the OT strategy and offset encryption mechanism in our scheme. In Step 3, the OT strategy is utilized to transfer Charlie's data to Alice and Bob. As we know, the transmitted state is a superposition state which encapsulates all the encrypted data items . So, the process of Charlie sending , to Alice and Bob can be viewed as the oblivious transfer mechanism. The use of OT strategy ensures that information about Charlie cannot be leaked. In addition, our scheme also applied the offset encryption mechanism. The offsets , can be computed by using the index of the query data items and the keys determined by clients’ measurement. Charlie updates the encryption keys according to these offsets and then encrypts data with these updated keys, respectively. The combination of OT strategy and offset mechanism allows Alice and Bob obtain the correct data they want to query, while Charlie cannot get their queried data, which guaranteed the privacy of client. At the same time, data encryption makes the data items into ciphertext, and neither the eavesdropper nor the clients can directly obtain the data item, thus ensuring the data security of the cloud server.

4. Performance Evaluation

Our proposed QBDQ scheme in cloud environment tends to ensure the correctness of query result, protect the privacy of clients and servers in cloud, and also improve the efficiency during querying the cloud database. Therefore, we take three parties (i.e., clients Alice and Bob; cloud server Charlie) as an example and estimate the overall performance of the proposed scheme in terms of correctness analysis, security analysis, and the efficiency analysis.

4.1. Correctness Analysis

Now, we analyze the correctness of the proposed scheme. Without loss of generality, suppose that the server Charlie has a database of 16 items , and he holds the corresponding encryption key sequence . Since , the max value in is 15, , . Here, we take Alice as an example to analyze the procedures of our QBDQ scheme as follows (suppose Alice wants to query the item of the database).

In Step 1, Charlie prepares an initial state and performs an oracle operation on it to encode his encryption keys,Then, he sends the resultant state to Alice. In Step 2, Alice performs projective measurement on the first four qubits (i.e., index qubits) of in the computational basis . Suppose the random measurement result is (i.e., = 12), then the remaining qubits (i.e., the key qubits) collapse to the state , which means . But the data Alice wants to query is the ninth data , so she computes the difference between and the desirable query index , , and sends to Charlie. After receiving , Charlie updates the key sequence through the formulation , then . He uses to encrypt every data items: , that is, . Then, in Step 3, Charlie prepares another state and applies the oracle operation to embed the encrypted data items ,Then, he sends the state to Alice.

Further, Alice performs modified Grover iteration on up to times (actually, the number of iterations is 6), then she can obtain the encrypted query item with a high possibility, and measures it to get . Alice uses the obtained key to decrypt the ninth itemTherefore, regardless of what measurement result Alice has obtained, she can finally obtain the query data correctly.

Figure 6 shows the entire execution process of Alice querying Charlie’s database in a simplified way. At the same time, it also sketched the execution of the other user Bob (assuming it queries the fifth data).

4.2. Security Analysis

4.2.1. Privacy Analysis

Cloud Server's Privacy. Suppose the client Alice is dishonest, and she wants to obtain more information about Charlie’s database. In Step 1 of our scheme, the server Charlie sends the quantum state to client Alice through oblivious transfer strategy. Since all the information about the key sequence is encoded in the state , so Alice cannot extract the key form directly. Here we suppose the whole system of quantum state consisted of two subsystems, i.e., the n-qubit quantum subsystem C (index qubits ) and the m-qubit subsystem D (key qubits ). If Alice makes a projective measurement on the received state , she will get the resultant state for any with the probability of . The whole system can be represented by the quantum ensemble , here , Here we get the upper limit of information that Alice can get from Charlie’s is determined by the Holevo bound [38],Here denotes Von Neumann entropy of quantum state , H(B:A) means the information Alice can get about Charlie’s key information (including the address and according keys ), and we haveand ; therefore,Then, Alice can only get -bit of address information (i.e., ) and the corresponding -bit key (i.e., ) by measuring . In addition, she will certainly lose the change to get her key . This means Alice cannot extract more than one key from Charlie.

Besides, in Step 3, Charlie uses the offset key to encrypt the data items, and send its encoded state to Alice with oblivious transfer strategy. Alice’s privacy of query index i is protected by the oblivious transfer strategy. For example, the transmitted state Alice received is a superposition state, i.e., which encapsulates all the query data including the desirable one . Alice obtains the query item through the Grover iteration and the previously obtained key . Suppose Bob is also dishonest, he has the same situation with Alice.

Client’s Privacy. If Charlie is dishonest, he may try to obtain Alice’s private query index p during the communication process. However, Alice only sends one classic message to cloud server Charlie in Step 2, and Charlie does not know the encryption key which chosen by Alice, thus he cannot obtain any useful information about the data Alice wants to search. As same as Alice, Bob only sends a classic offset message to Charlie, which prevents Charlie from obtaining his information.

4.2.2. Channel Security Analysis

The security of the quantum channel is guaranteed by the decoy-photon checking technology. The process of eavesdropping detected done by the two neighbor participants in our scheme is essentially equivalent to that in the BB84 scheme [36], which has been proved to be unconditionally secure. To be specific, the decoy qubits, which are randomly inserted into target qubits, are generated by randomly chosen from . After one participant sends the mixed decoy qubits and encrypted target qubits to quantum center, he will ask quantum center to measure them with the same bases these qubits were produced. For any outside eavesdropper, the bases used by participants are all random; the eavesdropper cannot produce the same qubits like decoy qubits before quantum center receives the qubits. Just like the situation in the BB84 scheme, if any outside eavesdropper exists in the process of our scheme, the eavesdropping actions will be found by the two participants.

The outside eavesdropper cannot get the shared key because eavesdropper cannot distinguish target qubits form decoy qubits, and he can only choose one set of orthogonal basis to measure it, so the eavesdropper will certainly change the states of the qubit, and then he will be discovered. We assume that eavesdropper will do intercept-resend attack. Eavesdropper applies operation and auxiliary system which satisfies the following conditions:Here, and . If the eavesdropper wants to extract the encode information precisely, then must satisfyFrom (29)–(32) we can obtain thatwe can get that , , and , then we getand we can summarize that eavesdropper would not be found only when decoy qubits and target qubits are , which is impossible. So there is no way for the eavesdropper to know the secret key.

4.3. Efficiency Analysis

As we know, quantum-based schemes have greater information capacity than classic ones. In order to evaluate the efficiency of our QDBQ scheme more objectively, we choose some of the most representative quantum schemes as comparison objects, for example, Jakobi et al.’s quantum private query (QPQ) scheme (J11 for short) [39], Gao et al.’s QPQ scheme (G12) [40], and Rao et al.’s QPQ) scheme (R13) [41].

To evaluate the efficiency of quantum communication schemes, there are mainly two indicators: the communication complexity (i.e., the number of transmitted qubits), and the consumption of exchanged classic messages (i.e., the number of exchanged classic bits).

4.3.1. Communication Complexity

The communication complexity, i.e., the number of quantum bits (qubits) transmitted in the communication process, is one of the key indicators of the efficiency for communication scheme. In J11 and G12 schemes, the cloud server (Charlie) sends qubits to the client (Alice), where is the number of divided substrings. These substrings are added bitwise in order to reduce Alice’s information on the key to roughly one bit (i.e., ), so . In summary, qubits are transmitted in J11 and J12 schemes, and its communication complexity is . But in the R13 scheme, the number of qubits that need to be exchanged is reduced to , so the communication complexity is .

In our QBDQ scheme, Charlie firstly transmits a ()-qubit state () for sending the encryption keys in Step 1, and the ()-qubit state () containing every encrypted data is transmitted to Alice(Bob) in Step 3. Considering that each data item the cloud server holds is an only one-bit message in J11, G12 and R13 schemes, here we let . Therefore, the transmitted qubits are , so its communication complexity is .

To be more intuitive, we calculate the numbers of transmitted qubits in different database capacities for the J11, G12, R13, and our QBDQ schemes (see Table 2) and show the comparison results among them in Figure 7. As shown in this figure, J11 and G12 schemes have the same qubits consumption, R13 scheme reduces the consumption, and our QBDQ scheme has the lowest qubits consumption. That is, our scheme has the lowest communication complexity among them.

4.3.2. Consumption of Exchanged Classic Messages

For a communication scheme, it should also consider the consumption of the exchanged classic messages. In the J11, J12, and R13 schemes, bits of encrypted data, considering each data item is a one-bit message (i.e., ), is transmitted from the cloud server to the client, so their exchanged classic messages are all cbits. In our scheme, Alice (Bob) returns a classical message , i.e., a ()-cbit classic message, to Charlie in Step 2. Since , the exchanged message is just cbits.

Table 3 lists the numbers of transmitted qubits in different database capacities for the J11, G12, R13, and our QBDQ schemes, while Figure 8 gives a more intuitive comparison between our QBDQ scheme and the other QPQ schemes (J11, G12, and R13 schemes). Obviously, our scheme needs less consumption of exchanged classic messages than other QPQ protocols.

In summary, Table 4 lists the comparison among our QBDQ scheme and the other three QPQ schemes clearly. As shown in Table 4, our scheme achieves a great reduction on both the communication complexity and the consumption of exchanged classic messages. Besides, our QBDQ scheme just needs to perform quantum measurement two times, which is obviously less than the other ones.

Cloud database services are typically run on cloud computing platforms, and access to cloud databases is provided as a service, which takes care of scalability and availability of the database, and it makes the underlying software-stack transparent to the user.

Benefit from cloud computing technologies and devices, more and more data owners are motivated to outsource their data to cloud servers for great convenience in data management, and cloud database query has attracted the attention of scholars. Cloud database query was firstly proposed by Chor et al. [42], where the privacy of the server cannot be guaranteed, which means that sensitive data (e.g., health records, financial transactions) stored in cloud database is threatened by information leaks. Therefore, how to preserve the privacy of sensitive data in the process of cloud database query has become an important topic. In order to solve the problem, many methods are proposed to guarantee the privacy preservation of database query [12–18]; one of the most popular methods is SE.

SE is a special kind of private query, which enables the user to store the encrypted data to the cloud and execute keyword search over ciphertext. Since Song et al.[15] proposed the first practical private database query scheme for searching on encrypted data in cloud and provided the security proofs for the scheme, some other schemes to address privacy protection issues in cloud database queries have also been proposed[17, 18]. In order to support more complex queries, the conjunctive keyword search scheme [14] over encrypted data has been proposed. After that, a more general approach, predicate encryption [16], which supports inner-product, was also proposed.

In general, most of the above schemes [12–18, 42] are based on public key cryptography such as RSA, and its security is based on mathematical NP-hard problems. Therefore, these schemes are difficult to crack in polynomial time for classic computers. All of the above protocols are based on public key cryptography such as RSA. On a quantum computer, to factor an integer , Shor’s algorithm [19] can run in polynomial time (the time taken is polynomial in , which is the size of the input. Specifically, it takes quantum gates of order using fast multiplication [43], thus demonstrating that the integer-factorization problem (the large factorization problem is the security foundation of RSA) can be efficiently solved on a quantum computer and is consequently in the complexity class BQP. This is almost exponentially faster than the most efficient known classical factoring algorithm, so we can say that these schemes [12–18, 42] are not resistant to quantum attacks. Different from classic schemes based on mathematical complexity, the security of quantum-based schemes is guaranteed by some properties of quantum mechanics, such as noncloning theorem and uncertainty principle. They are considered to have potential unconditional security and of course also include resistance to quantum attacks.

Recently, some researchers have tried to utilize quantum mechanics to design private query schemes. In 2008, Giovannetti et al. [44] proposed the first quantum private query (QPQ) protocol. The client sends the query and a decoy state to the server in random order, then Bob uses each of them to interrogate his database using a qRAM (which records the reply to her queries in a register R) and returns or . The returned decoy state is used to check the eavesdropping of the server or the outside party. In 2011, Olejnik [45] presented a new QPQ protocol in a similar form with Giovannetti et al.’s protocol. By subtly selecting the oracle operation and the encoding scheme, one query state can achieve two aims simultaneously, i.e., obtaining the expected information and checking Bob's potential attack, so the communication complexity is reduced. Unfortunately, it is very vulnerable to the realities of significant transmission losses.

Therefore, Jakobi et al. [39] proposed a novel QPQ protocol (J11) based on the QKD protocol, where QKD is essentially a quantum analog of SE. In this protocol, an asymmetric key can be distributed between Alice and Bob by utilizing SARG04 QKD protocol, and Bob encrypts the whole database with the QKD key. Alice only knows few bits of the key, which ensures the database privacy. Compared with the previous QPQ protocols, J11 protocol is loss-tolerant and more secure. What is more, the J11 protocol can be easily generalized to the large database. Later, Gao et al. [40] proposed a flexible generalized protocol (G12) based on the J11 protocol, which introduced a variable to adjust the balance between database security and client privacy. Considering a database with size N, the J11 and G12 protocols have a communication complexity of O(). In order to reduce the complexity, Rao et al. [41] gave two more efficient protocols (R13), which reduced the number of exchanged qubits to O(N).

Different from classical encryption schemes based on some mathematical difficult problems, these findings have shown the potential in either the improvements of efficiency or the enhancements of security in cloud computing field with large computing resources and also brought new quantum technologies to solve private database query problems. However, to the best of our knowledge, there are few studies focusing on the quantum-based privacy-preserving database query problem in cloud environment. Therefore, we combine quantum mechanics with cloud database queries and proposed a QBDQ which aims to realize the privacy preservation for the clients and cloud server.

6. Conclusion and Future Work

As far as we know, the existing QPQ schemes either belong to the qRAM-based schemes, such as Giovannetti et al.’s [44] and Olejnik’s [45] schemes, or belong to the QKD-based schemes, such as Jakobi et al.’s [39], Gao et al.’s [40], and Rao et al.’ s [41] schemes. These QKD-based schemes solve the problem of the server’s privacy; their communication complexity needs to be further reduced. In this study, we propose an efficient quantum private query scheme based on oracle operation, modified Grover iteration, oblivious transfer strategy, and the special offset encryption mechanism rather than QKD or qRAM. Compared with those schemes, our QBDQ scheme shows higher efficiency in terms of the communication complexity, the consumption of exchanged message, and the quantum measurement.

In our QBDQ scheme, we adopt the oblivious transfer strategy to solve the problem of the client’s privacy; i.e., the client will ask the server to transmit all these encrypted data items to him/her. But in a real-world cloud environment, this is not a good approach. Although it guarantees that there is no information about the query index to be leaked, but it needs to transmit too many data items from the cloud database. Even if quantum resources have an exponential high-capacity advantage, it is also a waste of resources. Maybe the “query window” strategy is a better choice. To be specific, the client can firstly choose an index window that contains the desirable query item and ask the server to transmit these encrypted data items in this window scope other than the all data items, to him/her in a quantum way. Although there is certain information leakage from the perspective of information theory, it can save quantum resources. In this strategy, the selection of the size of a query window is a key point. In order to achieve a balance of efficiency and security, perhaps some game theory (such as, Nash Equilibrium [46, 47]) and penalty functions [48–50] can provide relevant optimized solutions.

It is worth noting that although the proposed solution involves two clients, for the sake of brevity (and for comparison with other quantum schemes), Alice and Bob do not interact. This is the most common pattern in cloud database queries. For the multiparty joint inquiry method, we will discuss it in future work. In addition, we just consider the ideal framework of the privacy-preserving database query in cloud environment; i.e., all the clients and cloud server are semihonest. But in a real cloud environment, clients and servers may be untrustworthy. How to generalize our QBDQ into such multiuser and the untrusted scenario is an interesting work.

Data Availability

The database items and the corresponding encryption keys used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work is supported by Nature Science Foundation of China (Grants nos. 71461005, 61502101, 61501247, and 61672290), Natural Science Foundation of Jiangsu Province (Grant no. BK20171458), Natural Science Foundation for Colleges and Universities of Jiangsu Province (Grant no. 16KJB520030), the Six Talent Peaks Project of Jiangsu Province (Grant no. 2015-XXRJ-013), and the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD).

References

M. Armbrust, A. Fox, R. Griffith et al., “Above the clouds: a berkeley view of cloud computing,” Tech. Rep. UCB/EECS-2009-28, EECS Department, University of California, Berkeley, 2009.
View at: Google Scholar
Y. E. Gelogo and S. Lee, “Database management system as a cloud service,” International Journal of Future Generation Communication and Networking, vol. 5, no. 2, pp. 71–76, 2012.
View at: Google Scholar
M. Seibold and A. Kemper, “Database as a service,” Datenbank-Spektrum, vol. 12, no. 1, pp. 59–62, 2012.
View at: Publisher Site | Google Scholar
H. Takabi, J. B. D. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, 2010.
View at: Publisher Site | Google Scholar
L. Qi, X. Zhang, W. Dou, and Q. Ni, “A distributed locality-sensitive hashing-based approach for cloud service recommendation from multi-source data,” IEEE Journal on Selected Areas in Communications, vol. 35, no. 11, pp. 2616–2624, 2017.
View at: Publisher Site | Google Scholar
Y. Xu, L. Qi, W. Dou, and J. Yu, “Privacy-preserving and scalable service recommendation based on simhash in a distributed cloud environment,” Complexity, vol. 2017, Article ID 3437854, 2017.
View at: Google Scholar
C. Yan, X. Cui, L. Qi, X. Xu, and X. Zhang, “Privacy-aware data publishing and integration for collaborative service recommendation,” IEEE Access, vol. 6, pp. 43021–43028, 2018.
View at: Publisher Site | Google Scholar
W. Gong, L. Qi, and Y. Xu, “Privacy-aware multidimensional mobile service quality prediction and recommendation in distributed fog environment,” Wireless Communications and Mobile Computing, vol. 2018, Article ID 3075849, 2018.
View at: Google Scholar
L. Qi, S. Meng, X. Zhang et al., “An exception handling approach for privacy-preserving service recommendation failure in a cloud environment,” Sensors, vol. 18, no. 7, p. 2037, 2018.
View at: Publisher Site | Google Scholar
R. L. Rivest, L. Adleman, and M. L. Dertouzos, “On data banks and privacy homomorphisms,” Foundations of Secure Computation, vol. 4, no. 11, pp. 169–180, 1978.
View at: Google Scholar
X. A. Wang, F. Xhafa, J. Ma, Y. Cao, and D. Tang, “Reusable garbled gates for new fully homomorphic encryption service,” International Journal of Web and Grid Services, vol. 13, no. 1, pp. 25–48, 2017.
View at: Publisher Site | Google Scholar
V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), pp. 89–98, November 2006.
View at: Publisher Site | Google Scholar
X. A. Wang, J. Ma, F. Xhafa, M. Zhang, and X. Luo, “Cost-effective secure E-health cloud system using identity based cryptographic techniques,” Future Generation Computer Systems, vol. 67, pp. 242–254, 2017.
View at: Publisher Site | Google Scholar
Y. Lu and G. Tsudik, “Privacy-preserving cloud database querying,” Journal of Internet Services and Information Security, vol. 1, no. 4, pp. 5–25, 2011.
View at: Google Scholar
D. X. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 44–55, IEEE, USA, May 2000.
View at: Publisher Site | Google Scholar
X. A. Wang, F. Xhafa, W. Cai, J. Ma, and F. Wei, “Efficient privacy preserving predicate encryption with fine-grained searchable capability for Cloud storage,” Computers and Electrical Engineering, vol. 56, pp. 871–883, 2016.
View at: Publisher Site | Google Scholar
B. Wang, W. Song, W. Lou, and Y. T. Hou, “Inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee,” in Proceedings of the 34th IEEE Annual Conference on Computer Communications and Networks, IEEE INFOCOM 2015, pp. 2092–2100, Hong Kong, May 2015.
View at: Google Scholar
C. Wang, N. Cao, J. Li, K. Ren, and W. Lou, “Secure ranked keyword search over encrypted cloud data,” in Proceedings of the 30th IEEE International Conference on Distributed Computing Systems, ICDCS 2010, pp. 253–262, 2010.
View at: Google Scholar
P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in Proceedings of the 35th Annual Symposium on Foundations of Computer Science (SFCS '94), pp. 124–134, IEEE, USA, 1994.
View at: Publisher Site | Google Scholar
L. K. Grover, “Quantum mechanics helps in searching for a needle in a haystack,” Physical Review Letters, vol. 79, no. 2, pp. 325–328, 1997.
View at: Publisher Site | Google Scholar
C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, pp. 175–179, India, 1984.
View at: Google Scholar
A. K. Ekert, “Quantum cryptography based on Bell's theorem,” Physical Review Letters, vol. 67, no. 6, pp. 661–663, 1991.
View at: Publisher Site | Google Scholar
M. Hillery, V. Buzek, and A. Berthiaume, “Quantum secret sharing,” Physical Review A: Atomic, Molecular and Optical Physics, vol. 59, no. 3, pp. 1829–1834, 1999.
View at: Publisher Site | Google Scholar | MathSciNet
Z. Dou, G. Xu, X. Chen, and K. Yuan, “Rational non-hierarchical quantum state sharing protocol,” Computers Materials & Continua, vol. 58, no. 2, pp. 335–347, 2018.
View at: Google Scholar
W.-J. Liu, Z.-Y. Chen, S. Ji, H.-B. Wang, and J. Zhang, “Multi-party semi-quantum key agreement with delegating quantum computation,” International Journal of Theoretical Physics, vol. 56, no. 10, pp. 3164–3174, 2017.
View at: Publisher Site | Google Scholar | MathSciNet
W.-J. Liu, Y. Xu, C.-N. Yang, P.-P. Gao, and W.-B. Yu, “An efficient and secure arbitrary N-party quantum key agreement protocol using bell states,” International Journal of Theoretical Physics, vol. 57, no. 1, pp. 195–207, 2018.
View at: Publisher Site | Google Scholar | MathSciNet
W.-J. Liu, H.-W. Chen, T.-H. Ma, Z.-Q. Li, Z.-H. Liu, and W.-B. Hu, “An efficient deterministic secure quantum communication scheme based on cluster states and identity authentication,” Chinese Physics B, vol. 18, no. 10, pp. 4105–4109, 2009.
View at: Publisher Site | Google Scholar
J. Zhong, Z. Liu, and J. Xu, “Analysis and improvement of an efficient controlled quantum secure direct communication and authentication protocol,” Computers Materials & Continua, vol. 57, no. 3, pp. 621–633, 2018.
View at: Publisher Site | Google Scholar
Z. Qu, T. Zhu, J. Wang, and X. Wang, “A novel quantum stegonagraphy based on brown states,” Computers, Materials and Continua, vol. 56, no. 1, pp. 47–59, 2018.
View at: Google Scholar
X. Tan, X. Li, and P. Yang, “Perfect quantum teleportation via Bell states,” Computers Materials & Continua, vol. 57, no. 3, pp. 495–503, 2018.
View at: Publisher Site | Google Scholar
W.-J. Liu, Z.-F. Chen, C. Liu, and Y. Zheng, “Improved deterministic N-To-one joint remote preparation of an arbitrary qubit via EPR pairs,” International Journal of Theoretical Physics, vol. 54, no. 2, pp. 472–483, 2015.
View at: Publisher Site | Google Scholar
M. Wang, C. Yang, and R. Mousoli, “Controlled cyclic remote state preparation of arbitrary qubit states,” Computers, Materials and Continua, vol. 55, no. 2, pp. 321–329, 2018.
View at: Google Scholar
W.-J. Liu, F. Wang, S. Ji, Z.-G. Qu, and X.-J. Wang, “Attacks and improvement of quantum sealed-bid auction with EPR pairs,” Communications in Theoretical Physics, vol. 61, no. 6, pp. 686–690, 2014.
View at: Publisher Site | Google Scholar
W.-J. Liu, H.-B. Wang, G.-L. Yuan et al., “Multiparty quantum sealed-bid auction using single photons as message carrier,” Quantum Information Processing, vol. 15, no. 2, pp. 869–879, 2016.
View at: Publisher Site | Google Scholar | MathSciNet
W. J. Liu, Z. Y. Chen, J. S. Liu, Z. F. Su, and L. H. Chi, “Full-blind delegating private quantum computation,” Computers Materials & Continua, vol. 55, no. 2, pp. 321–329, 2018.
View at: Google Scholar
W.-J. Liu, P.-P. Gao, W.-B. Yu, Z.-G. Qu, and C.-N. Yang, “Quantum relief algorithm,” Quantum Information Processing, vol. 17, no. 10, p. 280, 2018.
View at: Publisher Site | Google Scholar | MathSciNet
W. J. Liu, P. P. Gao, Y. X. Wang, W. B. Yu, and M. J. Zhang, “A unitary weights based one-iteration quantum perceptron algorithm for non-ideal training sets,” IEEE Access, 2019.
View at: Publisher Site | Google Scholar
M. O. Rabin, “How to exchange secrets with oblivious transfer,” IACR Cryptology Eprint Archive, vol. 2005, p. 187, 2005.
View at: Google Scholar
M. Jakobi, C. Simon, N. Gisin et al., “Practical private database queries based on a quantum-key-distribution protocol,” Physical Review A: Atomic, Molecular and Optical Physics, vol. 83, no. 2, Article ID 022301, 2011.
View at: Google Scholar
F. Gao, B. Liu, Q.-Y. Wen, and H. Chen, “Flexible quantum private queries based on quantum key distribution,” Optics Express, vol. 20, no. 16, pp. 17411–17420, 2012.
View at: Publisher Site | Google Scholar
M. V. Panduranga Rao and M. Jakobi, “Towards communication-efficient quantum oblivious key distribution,” Physical Review A: Atomic, Molecular and Optical Physics, vol. 87, no. 1, Article ID 012331, 2013.
View at: Publisher Site | Google Scholar
B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, “Private information retrieval,” in Proceedings of the 1995 IEEE 36th Annual Symposium on Foundations of Computer Science, pp. 41–50, 1995.
View at: Google Scholar
D. Beckman, A. N. Chari, S. Devabhaktuni, and J. Preskill, “Efficient networks for quantum factoring,” Physical Review A: Atomic, Molecular and Optical Physics, vol. 54, no. 2, pp. 1034–1063, 1996.
View at: Publisher Site | Google Scholar | MathSciNet
V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum private queries,” Physical Review Letters, vol. 100, no. 23, Article ID 230502, 2008.
View at: Publisher Site | Google Scholar | MathSciNet
L. Olejnik, “Secure quantum private information retrieval using phase-encoded queries,” Physical Review A: Atomic, Molecular and Optical Physics, vol. 84, no. 2, Article ID 022313, 2011.
View at: Publisher Site | Google Scholar
J. Zhang, B. Qu, and N. Xiu, “Some projection-like methods for the generalized Nash equilibria,” Computational Optimization and Applications, vol. 45, no. 1, pp. 89–109, 2010.
View at: Publisher Site | Google Scholar | MathSciNet
B. Qu and J. Zhao, “Methods for solving generalized nash equilibrium,” Journal of Applied Mathematics, vol. 2013, Article ID 762165, 6 pages, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
C. Wang, C. Ma, and J. Zhou, “A new class of exact penalty functions and penalty algorithms,” Journal of Global Optimization, vol. 58, no. 1, pp. 51–73, 2014.
View at: Publisher Site | Google Scholar | MathSciNet
S. Lian and Y. Duan, “Smoothing of the lower-order exact penalty function for inequality constrained optimization,” Journal of Inequalities and Applications, vol. 2016, no. 1, p. 185, 2016.
View at: Publisher Site | Google Scholar | MathSciNet
S. Li and Y. Zhang, “On-line scheduling on parallel machines to minimize the makespan,” Journal of Systems Science & Complexity, vol. 29, no. 2, pp. 472–477, 2016.
View at: Publisher Site | Google Scholar | MathSciNet

Copyright

Copyright © 2019 Wenjie Liu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

2136

Downloads

1032

Citations

Security and Communication Networks

Intrusion Detection and Prevention in Cloud, Fog, and Internet of Things

A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

Abstract

1. Introduction

2. Preliminaries

2.1. Quantum Computing

2.1.1. Quantum Bit

2.1.2. Unitary Operator

2.1.3. Quantum Measurement

2.2. Oblivious Transfer

2.3. The Framework of Privacy-Preserving Database Query in Cloud Environment

3. A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

3.1. Some Definitions

3.2. A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment

4. Performance Evaluation

4.1. Correctness Analysis

4.2. Security Analysis

4.2.1. Privacy Analysis

4.2.2. Channel Security Analysis

4.3. Efficiency Analysis

4.3.1. Communication Complexity

4.3.2. Consumption of Exchanged Classic Messages

5. Related Work

6. Conclusion and Future Work

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright