Review of Quantum Computer Hardware Cybersecurity Research Papers from 2022
Quantum computer hardware cybersecurity research is a new and active research field. As we come to the end of 2022, there are already approximately 9 research papers, both peer-reviewed research papers and non-peer-reviewed research papers posted on web sites such as arXiv, and more may be posted online before end of December. This newsletter article reviews these research papers from 2022 accessible so far, and analyzes how the field of quantum computer hardware cybersecurity is evolving. This newsletter article includes some discussion of the author’s own research papers.
Research Papers from the Current Year
As may be typical of any computer security research sub-filed, the research papers on quantum computer hardware cybersecurity focused both on threats as well as defenses. The research papers are discussed in the order of their publication (either online posting date, or conference or a journal publication date). The references to the discussed papers are available in a Bibtex file linked here.
In March, Deshpande, et al. posted online work on an antivirus for quantum computers. The work on the antivirus for quantum computers was motivated by various examples of malicious quantum computer circuits which could generate cross-talk and noise, in a multi-tenant quantum computer. Although multi-tenant quantum computers are not available today, the antivirus anticipates future deployments of such computers. The defense does not require hardware modification, but does require active maintenance of a database of quantum computer “viruses”.
In June, Kundu, et al. published work security-related uses of Quantum Machine Learning (QML). The authors investigate the use of QML to classify Printed Circuit Board (PCB) defects, which can severely affect system performance and security. They also propose use of QML for use hardware Trojan detection and recycled chip detection, but do not provide any evaluation results. In the case of PCB defects, the authors utilize QML for image detection to identify PCB images that show some damage or defect, for example, using both Convolutional Autoencoder (CAE) and Quantum Neural Network (QNN). They manually add defects to images of PCBs to create the training data set. Authors found that QML works as well as classical ML, but they did not aim to show superior QML abilities in context of PCB defect detection.
Also in June, Pirnay, et al. published work analyzing security of Quantum Physical Unclonable Functions (PUFs). They formalize a class of Classical Readout Quantum PUFs (CR-QPUFs), which only use single qubit gates in the PUF circuit. The authors demonstrate insufficient security for CR-QPUFs based on single qubit rotation gates. They show that attacker who has access to query the PUFs is able to learn the characteristics of the PUFs and model the PUF. Once attacker has a model of the PUF, they generate same responses as the real PUF.
In August, Beaudoin, et al. posted online work where they demonstrate an application of Quantum Neural Network (QNN) to the hardware security task of Hardware Trojan (HT) detection using a set of power and area Trojan features. The authors used publicly available dataset of Trojan free (TF) and Trojan infected (TI) circuits. The data set contains area and power characteristics of the TI and TF circuits. The authors modified the data set to balance the numbers of TF and TI circuits. They also used non-linear dimensionality reduction technique, the T-distributed Stochastic Neighbor Embedding (t-SNE), to reduce the feature size from 50 to 2 features for training on QNN, due to the size limit of today’s quantum computers, which have only a few qubits. With feature size of 2, QNN came close, but did not match accuracy of classical SVM, for example.
In September, Bell, et al. published a paper which explored side-channel information that can be extracted from circuits running sequentially on a quantum computer. The authors considered future scenario of multi-tenant quantum computers. To achieve this, for each job submitted to IBM quantum computers, they generated sequences of circuits consisting a probe circuit, target circuit, probe circuit, target circuits, etc. Although not specified, it is assumed that default reset strategy was used between the shots of each circuit. The authors showed that they could train neural network to identify whether target circuit was circuit A, B, or none, with accuracy up to 70%, when selecting from 3 fully known victim options (A, B, or none).
Also in September, Upadhyay, et al. posted online work considering untrusted quantum computer providers manipulating user’s execution on the quantum computers. In their work, they model and simulate adversarial tampering of input parameters and measurement outcomes on an exemplary hybrid quantum classical algorithm Quantum Approximate Optimization Algorithm (QAOA). In the QAOA the users execute a circuit on a quantum computer, then use the outcome as input to a local, classical optimization routing, and set parameters for the next execution of the circuit on the quantum computer. The authors considered that the quantum computer provider could be malicious and either modify the parameters from what was requested by user, or to report wrong results from the quantum computation. In this case the malicious quantum computer can significantly degrade the performance of the QAOA. As solution, authors propose to split the computation among different quantum computer providers.
In November, Mi, et al. published work on securing reset operations in quantum computers. A reset gate available in quantum computers such as from IBM, can be used to reset the state of the qubits. However, the authors however that the reset gate is not perfect. In particular, the state of the qubit prior to the reset can be learned by the adversary by measuring the state of the qubit right after the reset operation. As a solution, the authors presented a secure reset operation which randomizes the number of resets used. By randomizing the number of resets, the adversary cannot as easily learn the state of the qubit, since they do not know how many resets were applied. The authors also ensured that the total reset sequence, regardless of the number of random resets used, is constant in time. This say the adversary cannot learn the number of reset gates used in the reset sequence base on its timing.
Also in November, Smith, et al. posted online work focusing on developing a new and simple quantum computer fingerprinting method based on qubit frequencies. The authors analyzed historical data from IBM quantum computers and showed that the qubit frequencies are stable over long periods. Further, the qubit frequencies are unique to different quantum computers. The quantum computer fingerprint was then defined as a set of qubit frequencies. Following ideas similar to Jaccard index, the authors then developed a simple metric of computing the similarity of different fingerprints based on the number of qubit frequencies they differed at.
In December, Topaloglu posted online work which discussed Quantum Logic Locking. Following ideas from classical computing and logic locking, the author suggests to add additional qubits whose operation is locked by a secret input. The resulting locked logic is demonstrated on IBM quantum computers to have similar output probabilities to the unlocked version. The article, however, does not discuss how to supply the secret input such that the cloud provider cannot learn it by observing the control signals of the quantum computer.
Trends in Research Papers
The research papers from this year span all different topics, from attacks to defenses. So far, much of research focuses on application of classical ideas to quantum computers, for example with PUFs or logic locking. Use of machine learning is also prominent, although at this point, due to size of quantum computers, the machine learning approaches do not yet give better results than classical approaches. Also, now researchers are beginning to explore attacking the security primitives, such as the quantum PUFs, that have been earlier proposed for quantum computers.
About the Author
Jakub Szefer is an Associate Professor of Electrical Engineering at Yale University where he leads the Computer Architecture and Security Laboratory (CASLAB). His research interests broadly encompass computer architecture and hardware security of computing systems, including security of quantum computers and post-quantum cryptography.