Research into the security of quantum computer architecture is a new and active field of research. As the new year and semester roll on, this article reviews recent papers on quantum computer architecture security published or posted online in the year preceding 2022. Many of the papers are peer-reviewed research papers, while some of they are not peer-reviewed research papers posted on such websites arXiv. By summarizing and reviewing recent research papers, this article aims to provide some insights and analysis on how the field of quantum computing architecture security is evolving.
Recent research papers on the security of quantum computer architecture
As may be typical of any cybersecurity research sub-archive, quantum computing architecture security research papers have focused on both threats and defenses. Research papers are discussed in the order of their publication, online publication date, conference or journal publication date. References to the documents discussed below are available in a linked Bibtex file Here, which is freely available for you to download and use. The Bibtex is actively maintained and new papers will be added every few months in the hope that this will be an active resource for researchers exploring this new area.
In March 2022, Deshpande, et al. published an online work on an antivirus for quantum computers. The work on antivirus for quantum computers has been motivated by various examples of harmful quantum computer circuits that could generate crosstalk and noise, in a multi-tenant quantum computer. Although multi-tenant quantum computers are not available today, the antivirus anticipates future deployments of such computers. The defense requires no hardware modifications, but does require active maintenance of a database of quantum computer « viruses ».
In June 2022, Kundu, et al. security-related published uses of Quantum Machine Learning (QML) work. The authors study the use of QML to classify printed circuit board (PCB) defects, which can severely impact system performance and safety. They also propose the use of QML for the use of hardware trojan detection and chip laundering detection, but do not provide any evaluation results. In the case of PCB defects, the authors use QML for image detection to identify PCB images showing some damage or defects, for example, using both Convolutional Autoencoder (CAE) and Quantum Neural Network (QNN). They manually add defects to the PCB images to create the training dataset. The authors found that QML works like classic ML.
Also in June 2022, Pirnay, et al. published work analyzing the security of Quantum Physical Unclonable Functions (PUF). They formalize a class of Classical Readout Quantum PUFs (CR-QPUFs), which use only single qubit gates in the PUF circuit. The authors demonstrate insufficient safety for single-qubit spin-gate based CR-QPUFs. They show that the attacker who has access to interrogate the PUFs is able to learn the characteristics of the PUFs and model the PUFs. Once the attacker has a model of the PUF, he generates the same responses as the real PUF.
In August 2022, Beaudoin, et al. have published a work online demonstrating an application of Quantum Neural Network (QNN) to the hardware security task of hardware Trojan (HT) detection using a set of Trojan power and area features. The authors used a publicly available data set of Trojan free (TF) and Trojan infected (TI) circuits. The data set contains the area and power characteristics of the TI and TF circuits. The authors modified the dataset to balance the number of TF and TI circuits. They also used the nonlinear dimensionality reduction technique, T-distributed Stochastic Neighbor Embedding (t-SNE), to reduce the feature size from 50 to 2 features for training on QNNs, due to the feature size limit. quantum computers of today, which have only a few qubits. With a feature size of 2, QNN has come close to the accuracy of classic SVM, for example.
In September 2022, Bell, et al. published a paper that explored the side-channel information that can be extracted from circuits running sequentially on a quantum computer. The authors considered the future scenario of multi-tenant quantum computers. To achieve this, for each job sent to the IBM quantum computers, they generated sequences of circuits consisting of a probe circuit, a target circuit, a probe circuit, target circuits, etc. While not specified, it is assumed that the default reset strategy was used between each circuit trip. The authors demonstrated that they could train the neural network to identify whether the target circuit was circuit A, B, or none, with up to 70% accuracy, by selecting from 3 fully known victim options (A, B, or none).
Also in September 2022, Upadhyay, et al. published a work online considering untrusted quantum computer vendors manipulating user execution on quantum computers. In their work, they model and simulate the contradictory tampering of input parameters and measurement results on an exemplary hybrid quantum classical algorithm Quantum Approximate Optimization Algorithm (QAOA). In QAOA, users run a circuit on a quantum computer, then use the result as input to a local classical optimization route and set the parameters for subsequent execution of the circuit on the quantum computer. The authors felt that the supplier of the quantum computer could be malicious and change the parameters from what the user requested or report incorrect results from the quantum computation. In this case, the malicious quantum computer can significantly degrade the performance of the QAOA. As a solution, the authors propose splitting the computation among different quantum computer vendors.
In November 2022, Mi, et al. Published work on securing restore operations in quantum computers. A reset gate available in quantum computers such as those from IBM can be used to reset the state of qubits. However, the authors still state that the recovery gate isn’t perfect. In particular, the state of the qubit before the reset can be learned from the adversary by measuring the state of the qubit immediately after the reset operation. As a workaround, the authors presented a secure reset operation that randomizes the number of resets used. By randomizing the number of resets, the adversary can’t easily learn the state of the qubit, since he doesn’t know how many resets have been applied. The authors also ensured that the full reset sequence, regardless of the number of random resets used, is constant over time. This means that the opponent cannot learn the number of reset gates used in the reset sequence based on its timing.
Also in November 2022, Smith, et al. published an online work focused on developing a new and simple quantum computer fingerprinting method based on qubit frequencies. The authors analyzed historical data from IBM quantum computers and demonstrated that the frequencies of the qubits are stable over long periods. Also, qubit frequencies are unique to different quantum computers. The quantum computer fingerprint was then defined as a set of qubit frequencies. Following similar ideas to the Jaccard index, the authors then developed a simple metric to calculate the similarity of different fingerprints based on the number of qubit frequencies in which they differed.
In December 2022, Topaloglu posted a work online discussing Quantum Logic Locking. Following the ideas of classical computation and logic blocking, the author suggests adding additional qubits whose operation is blocked by a secret input. The resulting locked logic is demonstrated on IBM quantum computers to have similar output probabilities to the unlocked version. The article, however, does not discuss how to provide the secret input so that the cloud provider cannot learn it by observing the quantum computer’s control signals.
Trends in research papers
This year’s research papers span all different topics, from attacks to defenses. So far, much of the research is focused on applying classical ideas to quantum computers, for example with PUF or logic block. The use of machine learning is also important, although at this point, due to the size of quantum computers, machine learning approaches still do not perform better than classical approaches. Furthermore, researchers are now starting to explore attacking security primitives, such as quantum PUFs, that have been proposed previously for quantum computers.
About the author: Prof. Jakub Szefer’s research focuses on computer architecture and hardware security. His research includes secure processor architectures, cloud security, FPGA attacks and defenses, FPGA hardware implementation of cryptographic algorithms, and most recently quantum computing security of computers. Among others, Jakub is the author of the first book focused on processor architecture security: « Principles of Secure Processor Architecture Design », published in 2018. And since 2022 he maintains a newsletter focused on quantum computer security: https://quantumcybersecurity.substack.com
Disclaimer:These posts are written by individual contributors to share their thoughts on the Computer Architecture Today blog for the benefit of the community. Any views or opinions represented in this blog are personal, belong solely to the blog author, and do not represent those of ACM SIGARCH or its parent organization, ACM.