Private query is a kind of cryptographic protocols to protect both users’ privacies in their communication. For instance, Alice wants to buy one item from Bob’s database. The aim of private query is to ensure that Alice can get only one item from Bob, and simultaneously, Bob cannot know which one was taken by Alice. In pursuing high security and efficiency, some quantum private query protocols were proposed. As a practical model, Quantum-Oblivious-Key-Transfer (QOKT)-based private query, which utilizes a QOKT protocol to distribute oblivious key between Alice and Bob and then applies the key to achieve the aim of private query, has drawn much attention.
Here, we focus on postprocessing of the oblivious key, and the following two contributions are achieved. 1) We analyze three recently proposed dilution methods and find two of them have serious security loophole. That is, Alice can illegally obtain much additional information about Bob’s database by multiple queries. For example, Alice can obtain the whole database, which contains 104 items, by only 53.4 queries averagely. 2) We present an effective error-correction method for the oblivious key, which can address the realistic scenario with channel noises and make QOKT-based private query more practical.