Securing Quantum Computers from Malicious Programs
Most, if not all, of existing quantum computer deployments are for research or as demonstrations of the technologies being currently developed. Programs, or quantum circuits, being run on these machines are run by researchers testing algorithms or quantum computer designs, who are not malicious in intent. This newsletter article discusses the need to consider the future, where once the machines are more commercialized and more powerful, there may be users and programs that are malicious, and that the quantum computers need to be protected from them. This newsletter article includes discussion of the author’s own research on quantum computer antivirus, which could be one way to secure quantum computers from malicious programs.
Possible Future Emergence of Malicious Users and Programs
Quantum computers are being rapidly developed, and they are no longer a futuristic technology but something that is available today from multiple companies. Many of the existing quantum computers are further not locked in some far away research labs, but they are cloud-based systems available to anybody with an e-mail address and a credit card number. Major cloud-based quantum computing services include IBM Quantum, Microsoft Azure, or Amazon Braket. Further, newer companies such as Rigetti are developing their own cloud-based systems to make their machines available to users as well. The quantum computing roadmap from IBM, for example, show past developments and projections for 4000+ physical qubit machines in next 3 years; so far the IBM roadmap has been on target, strengthening the credibility the projections. With the growing size, the quantum computers will in the future be able to generate new, valuable and sensitive intellectual property or data that cannot be feasibly generated with even classical supercomputers. Especially, the computation done on quantum computers can lead to new solutions in optimization problems, development of new chemical compounds, novel drugs and materials, among others.
These unique results that will be generated by quantum computers may create incentives for future malicious users. Once the computers are generating the valuable data, attackers will have motivation, probably financial in nature, to try to steal or access the data. Malicious users could develop programs or circuits to steal the information being processed by the computers, or to modify the computation to give wrong results. The malicious programs could also be used to reverse engineer the operation or design of the computers, endangering the intellectual property of the quantum computer architecture itself.
Incentives for Protection from the Malicious Users or Programs
Without quantum software protection, there is real danger that quantum computers will face constant security threats and malware – just like classical computers. With easy cloud-based access, quantum computers are vulnerable to malicious users loading code on the machines, and currently there are no defenses in place. However, so far, the industry road maps from IBM, Rigetti and others say nothing about security of these machines or code running on them. While the companies are not overtly working on security protections for quantum computers, they may be working on it internally. If they are not, there are of course numerous incentives for them to do so.
At this early stage, the biggest incentive may simply be good publicity by demonstrating new security features (or avoiding bad publicity due to news articles about new, real or simulated security attacks). Currently the quantum computers with 10s or 100s of qubits are not able to really beat classical computers. As such, outside of very important, but still academic, attacks there may not be “real” threats to worry about. However, working on, or investing in research on, security defenses, the companies can build good public image of being ready for when malicious users or programs do appear.
Second incentive may be the time needed to develop and deploy the defenses. Just because a defense can be designed and prototyped, it is unclear how long it would take to bring it to a commercial quantum computing deployment. Software-only defenses may be easier to deploy. However, they too may be limited by the classical computer systems and controllers used to manage the quantum computers. The classical computers and controllers have strict timing requirements considering the control signals, so easiest to deploy would be defenses focusing on high-level program analysis. Hardware modifications are of course much more difficult. Currently it is not clear how long deploying the security defenses would take, either software or hardware, so the incentive can simply be to do so to learn how long it will take and what are the practical challenges.
Third, considering any hardware modifications, quantum computers are somewhat unique in that there are very few, if not just one, vendors. For example, quantum computer fridges are developed today by two or three companies, and to the author’s understanding, they are located outside of United States. With little to no competition, the vendors may need extra convincing if they are to add new hardware features to some components.
Finally, once large-scale quantum computers are online, and they are generating the real, novel data and results, then it may be too late to consider adding security to the quantum computing systems.
Towards an Antivirus for Quantum Computers
In order to detect and eliminate malicious circuits at the software level, the currently used programming frameworks for quantum computers, such as Qiskit, could be extended with an antivirus and pattern matching features. As one possibility, an algorithm could be developed to count the number of appearances of each malicious program pattern in an input program being compiled. Research is need to develop a database of a potential malicious program patterns. Such database could be used by an “antivirus” software to scan the input code to find and count occurrences of the patterns.
To realize the algorithm, both the quantum computer program and the patterns can be described by a set of Qasm instructions, for example. Therefore, the problem of finding a malicious program or circuit can be reduced to problem of finding the instruction pattern in an instruction list. Compared with conventional string matching problem, the complexity of quantum circuit matching problem lies in the additional qubits (and possibly the classical bits and other parameters) for each instruction. Instructions that are not adjacent in the source code may still end up being executed as adjacent quantum gates. There also may be multiple malicious patterns dispersed among different qubits and in different order. All these challenges need to be addressed when creating a functional antivirus software for quantum computers. Rather than simply scanning the instructions, the antivirus may need to focus on the structure, or graph, of the malicious circuit and how to find the structure in any input program.
The antivirus, once developed, could have very easy deployment. As long as it can be required that any programs are scanned by the antivirus before being executed on the quantum computer, its job would be to catch the malicious circuits and prevent programs to execute. The needed research is of course to make antivirus efficient, and also to develop the database of the malicious circuits. The protection will be only as good as is the database.
Benefits of Introducing Security Features into Quantum Computers
Benefits of adding security features into quantum computers should be self-evident. Some of the benefits include, first, ability to secure the user information when it is processed on quantum computers. Software protection could defend quantum computers from malicious programs or code. Second, ability to protect highly-valuable programs from information leakage. Due to the very physical nature of the quantum computation, information leakage between qubits could be an issue in future, shared quantum computers, and antivirus can find programs whose sole purpose is to sense and steal information. Third, ability to prevent intellectual property extraction and ensuring security of the hardware. An antivirus cloud protect from programs that may try to learn the configuration or some physical properties of the quantum computer hardware itself, to steal intellectual property contained within it.
Quantum computers will generate novel results and discoveries, but we need to ensure that they are secure, protected, and that we prevent malicious programs or viruses from disrupting them. According to recent Washington Post article, global losses from cybercrime against classical computers skyrocketed to nearly $1 trillion in 2020. Without security protections for quantum computers, quantum computers face similar threats and possibly even bigger losses in the future.
About the author:
Jakub Szefer is an Associate Professor of Electrical Engineering at Yale University where he leads the Computer Architecture and Security Laboratory (CASLAB). His research interests broadly encompass computer architecture and hardware security of computing systems, including security of quantum computers and post-quantum cryptography.