Fingerprinting and Tracking Quantum Computer Hardware
Fingerprinting and tracking quantum computer hardware will become important when quantum computers are more widely available, and when companies move from hosting their own hardware to selling them and letting third parties have full control of the hardware and its operation. This newsletter article outlines some of the current research on fingerprinting quantum computer hardware, and explores ideas for future approaches to tracking and identifying quantum computer hardware when it is deployed outside of control of the vendor. Further, this newsletter article touches on supply chain security, where tracking of the hardware can be helpful. This newsletter article includes some discussion of the author’s own research papers.
Means of Tracking Quantum Computer Hardware
At the cost of millions of dollars, today’s quantum computers and their parts are carefully tracked by the quantum computer vendors. Although there is no public information about how companies keep track of the hardware, it can be easily assumed that serial numbers for all major parts are tracked as well as their movement. Any shipment and location can be tracked in detail, even with dedicated GPS sensors attached to the hardware or its transportation containers, if needed. Cost of managing and tracking the quantum computers is a minimal overhead on top of all other hardware and development costs today. Considering parts from which the quantum computers are built, they are sourced from few companies, that the quantum computer vendors have close relationships with. Thus the quantum computer vendors have clear idea where the parts are coming from, and again possibly individual parts can be tracked in detail by the vendors’ staff.
As the cost of the quantum computers eventually reduces and their numbers increase, however, the overhead of tracking the quantum computer hardware will become relatively larger and larger. As result, developing low cost methods of tracking quantum computer hardware is necessary. Although these maybe not be useful today, they can be of high importance in the future. Leveraging ideas from classical computer security, intrinsic properties of the hardware can be used to identify it or identify how long it has been in operation. Especially, intrinsic identifiers which are difficult or impossible to duplicate are the ones best suited.
In classical computer security, physical uncloneable functions (PUFs) are often used for identification of hardware. PUFs output a unique and stable response to a challenge. For each challenge, the response is different, and always depends on the challenge and the physical properties of the hardware. For example, for two pieces of identical hardware, e.g., two memory chips of certain brand and model, given the same challenge, the response is different. Because the response depends on the physical characteristics of the hardware, it is determined at manufacturing time and depends on manufacturing variations that ideally cannot be predicted even by the manufacturer themselves. One example of PUFs in classical computer hardware would be PUFs in DRAM memories based on decay of DRAM cells – the decay of DRAM cells is unique and depends on manufacturing variations in the capacitors, in the access transistors, or in the amplifier logic of the DRAM cells.
Sometimes “PUFs” and “fingerprints” are used interchangeably since PUFs can be used for fingerprinting hardware. However, PUFs can have other uses beyond fingerprinting, including being sources of randomness or enabling secure cryptographic key generation.
Security Reasons for Tracking and Fingerprinting Quantum Computers
Need for tracking and fingerprinting quantum computer hardware can be illustrated by different types of attacks. Taking inspiration from classical computer security, the possible attacks include supply chain attacks, anti-counterfeiting, or ensuring the computer hardware provider gives access to genuine hardware, for example.
One threat are security attacks leveraging supply chain. Tracking of the computer parts and sources is important to prevent malicious hardware from being used in building or assembly computer systems. At manufacturing time, the hardware properties can be collected, which is sometimes called “enrollment” when using PUFs. Once enrolled, the properties can be stored in a database and made available to people purchasing or using the hardware. Unlike serial numbers, the physical properties of the hardware are very difficult to alter – although not impossible for attackers with sufficient time, money, and equipment. When receiving the assembled system, the hardware can be queried to check if the fingerprints match what was specified by the manufacturers of the different parts. If any fingerprint does not match, then it may indicate that during assembly or transportation, some of the hardware has been altered of swapped. An alteration or swapping could be indication of a possible hardware Trojan attack, for example.
Another security threat are attacks due to introduction of old or recycled parts. Different parts usually have a finite life-time during which their operating characteristics are guaranteed. Old and used parts may be past their life-time. Use of such parts may reduce system fidelity, or lead to failures. To attempt to prevent the use of recycled parts, fingerprinting can be used to check the identifier of the parts in questions, to see if they are known parts previously manufactured and used. The physical properties used for the fingerprints can themselves be affected by aging or use of the hardware, so the fingerprint has to be correctly designed.
A different security threat may be on the cloud provider’s side, where the provider gives access to non-genuine hardware. For example, to charge more money but actually give access to older generation hardware. Without means of fingerprinting the hardware, users may not know if they are really getting access to the hardware they paid for. To attempt to prevent this, again, fingerprinting can be used to check the identifier of the system in question. Compared to prior two example, in this case user may only have remote access to the hardware, so fingerprinting methods have to be able to be performed remotely, and there has to be a way for cloud provider not to intercept the fingerprint data.
Fingerprinting Quantum Chips
The main part of the quantum computer that one may want to fingerprint and track are of course the quantum computing chips themselves. Considering superconducting qubit machines, a number of methods for fingerprinting has been proposed. Unlike some other types of quantum computers, superconducting qubit machines have a feature, or weakness, that each qubit is unique and its properties depend on the manufacturing variations. In particular, the qubit frequencies are affected slightly by the manufacturing, and may not come slightly different from the target frequency. For fixed frequency qubits, there are some methods to adjust the frequencies such as using annealing. But in general, after manufacturing the frequencies are set. Considering this property, fingerprints based on qubit frequencies have been recently proposed. This simple, but reliable method can use the set of frequencies of qubits as the fingerprint. The frequencies can be measured using dedicated frequency sweep circuits that users can execute on the quantum computers. As far as it has been tested on few superconducting machines, the frequency set is unique.
Other methods for fingerprinting quantum computer chips have been proposed based on error rates of the qubits or whole machines. For example, randomized benchmarking can be used to learn the error rates of different quantum gates. These error rates are unique to the machines and can be a source of fingerprints as well.
Fingerprinting Classical Controllers and Hardware
In addition to fingerprinting quantum chips, it will be important to fingerprint other parts of the computers as well. Fortunately, a large body of research on classical computers may be able to be used her. One important feature of the superconducting qubit quantum computers is that they depend on classical controllers, signal generators, mixers, analog to digital, and digital to analog converters. Modifications to these components, or use of old and recycled components, will affect the operation of the quantum chips. The classical controller computers are easiest to fingerprint, as most research has focused on digital computers and their parts. For example, the aforementioned DRAM PUFs can be used to identify the DRAM memories or arbiter PUFs can be used to identify any ASICs. Further, any FPGAs used in the signal generators, etc., could also be fingerprinted based on existing methods, such as using ring oscillator PUFs.
However, putting all the existing methods together remains an open challenge. Further, not all the fingerprinting methods can be done remotely today. How to reliably, remotely fingerprint the whole quantum computer system, from qubits all the way up to the classical controller hardware is an open challenge.
About the author:
Jakub Szefer is an Associate Professor of Electrical Engineering at Yale University where he leads the Computer Architecture and Security Laboratory (CASLAB). His research interests broadly encompass computer architecture and hardware security of computing systems, including security of quantum computers and post-quantum cryptography