Most existing quantum-key-distribution-based quantum private query (QPQ) protocols are designed based on ideal quantum communication devices. However, multiphoton pulses are unavoidable in various light sources due to practical devices. We analyze the security of the QPQ protocol with the user as the light source in the case of non-ideal light sources. The results show that the user’s privacy is seriously threatened when the database utilizes multiphoton pulses to launch attacks. To address this issue, we propose a decoy-state method to resist multiphoton attacks in the QPQ, which is used to verify the honesty of the database. By calculating the ratio of multiphoton pulses, shifting the key, and choosing the suitable light sources, the user can detect and effectively resist the database launching multiphoton attacks. This approach fills the research gap on the user-as-light-source aspect of QPQ protocols, enabling the QPQ to perform better in scenarios involving non-ideal light sources.

大多数现有的基于量子密钥分发的量子私有查询（QPQ）协议都是基于理想的量子通信设备设计的。然而，由于实际装置的原因，多光子脉冲在各种光源中是不可避免的。我们分析了以用户为光源的QPQ协议在非理想光源情况下的安全性。结果表明，数据库利用多光子脉冲发起攻击时，用户的隐私受到严重威胁。为了解决这个问题，我们提出了一种诱饵状态方法来抵抗QPQ中的多光子攻击，用于验证数据库的诚实性。通过计算多光子脉冲的比例、转移密钥、选择合适的光源，用户可以检测并有效抵御数据库发起的多光子攻击。该方法填补了QPQ协议中用户作为光源方面的研究空白，使QPQ在涉及非理想光源的场景中表现更好。