-
Jailbreaking Quantum Computers
Authors:
Chuanqi Xu,
Jakub Szefer
Abstract:
This work presented the first thorough exploration of the attacks on the interface between gate-level and pulse-level quantum circuits and pulse-level quantum circuits themselves. Typically, quantum circuits and programs that execute on quantum computers, are defined using gate-level primitives. However, to improve the expressivity of quantum circuits and to allow better optimization, pulse-level…
▽ More
This work presented the first thorough exploration of the attacks on the interface between gate-level and pulse-level quantum circuits and pulse-level quantum circuits themselves. Typically, quantum circuits and programs that execute on quantum computers, are defined using gate-level primitives. However, to improve the expressivity of quantum circuits and to allow better optimization, pulse-level circuits are now often used. The attacks presented in this work leverage the inconsistency between the gate-level description of the custom gate, and the actual, low-level pulse implementation of this gate. By manipulating the custom gate specification, this work proposes numerous attacks: qubit plunder, qubit block, qubit reorder, timing mismatch, frequency mismatch, phase mismatch, and waveform mismatch. This work demonstrates these attacks on the real quantum computer and simulator, and shows that most current software development kits are vulnerable to these new types of attacks. In the end, this work proposes a defense framework. The exploration of security and privacy issues of the rising pulse-level quantum circuits provides insight into the future development of secure quantum software development kits and quantum computer systems.
△ Less
Submitted 9 June, 2024;
originally announced June 2024.
-
A Thorough Study of State Leakage Mitigation in Quantum Computing with One-Time Pad
Authors:
Chuanqi Xu,
Jamie Sikora,
Jakub Szefer
Abstract:
The ability for users to access quantum computers through the cloud has increased rapidly in recent years. Despite still being Noisy Intermediate-Scale Quantum (NISQ) machines, modern quantum computers are now being actively employed for research and by numerous startups. Quantum algorithms typically produce probabilistic results, necessitating repeated execution to produce the desired outcomes. I…
▽ More
The ability for users to access quantum computers through the cloud has increased rapidly in recent years. Despite still being Noisy Intermediate-Scale Quantum (NISQ) machines, modern quantum computers are now being actively employed for research and by numerous startups. Quantum algorithms typically produce probabilistic results, necessitating repeated execution to produce the desired outcomes. In order for the execution to begin from the specified ground state each time and for the results of the prior execution not to interfere with the results of the subsequent execution, the reset mechanism must be performed between each iteration to effectively reset the qubits. However, due to noise and errors in quantum computers and specifically these reset mechanisms, a noisy reset operation may lead to systematic errors in the overall computation, as well as potential security and privacy vulnerabilities of information leakage. To counter this issue, we thoroughly examine the state leakage problem in quantum computing, and then propose a solution by employing the classical and quantum one-time pads before the reset mechanism to prevent the state leakage, which works by randomly applying simple gates for each execution of the circuit. In addition, this work explores conditions under which the classical one-time pad, which uses fewer resources, is sufficient to protect state leakage. Finally, we study the role of various errors in state leakage, by evaluating the degrees of leakage under different error levels of gate, measurement, and sampling errors. Our findings offer new perspectives on the design of reset mechanisms and secure quantum computing systems.
△ Less
Submitted 27 January, 2024;
originally announced January 2024.
-
Classification of Quantum Computer Fault Injection Attacks
Authors:
Chuanqi Xu,
Ferhat Erata,
Jakub Szefer
Abstract:
The rapid growth of interest in quantum computing has brought about the need to secure these powerful machines against a range of physical attacks. As qubit counts increase and quantum computers achieve higher levels of fidelity, their potential to execute novel algorithms and generate sensitive intellectual property becomes more promising. However, there is a significant gap in our understanding…
▽ More
The rapid growth of interest in quantum computing has brought about the need to secure these powerful machines against a range of physical attacks. As qubit counts increase and quantum computers achieve higher levels of fidelity, their potential to execute novel algorithms and generate sensitive intellectual property becomes more promising. However, there is a significant gap in our understanding of the vulnerabilities these computers face in terms of security and privacy attacks. Among the potential threats are physical attacks, including those orchestrated by malicious insiders within data centers where the quantum computers are located, which could compromise the integrity of computations and resulting data. This paper presents an exploration of fault-injection attacks as one class of physical attacks on quantum computers. This work first introduces a classification of fault-injection attacks and strategies, including the domain of fault-injection attacks, the fault targets, and fault manifestations in quantum computers. The resulting classification highlights the potential threats that exist. By shedding light on the vulnerabilities of quantum computers to fault-injection attacks, this work contributes to the development of robust security measures for this emerging technology.
△ Less
Submitted 11 September, 2023;
originally announced September 2023.
-
Hardware Architecture for a Quantum Computer Trusted Execution Environment
Authors:
Theodoros Trochatos,
Chuanqi Xu,
Sanjay Deshpande,
Yao Lu,
Yongshan Ding,
Jakub Szefer
Abstract:
The cloud-based environments in which today's and future quantum computers will operate, raise concerns about the security and privacy of user's intellectual property. Quantum circuits submitted to cloud-based quantum computer providers represent sensitive or proprietary algorithms developed by users that need protection. Further, input data is hard-coded into the circuits, and leakage of the circ…
▽ More
The cloud-based environments in which today's and future quantum computers will operate, raise concerns about the security and privacy of user's intellectual property. Quantum circuits submitted to cloud-based quantum computer providers represent sensitive or proprietary algorithms developed by users that need protection. Further, input data is hard-coded into the circuits, and leakage of the circuits can expose users' data. To help protect users' circuits and data from possibly malicious quantum computer cloud providers, this work presented the first hardware architecture for a trusted execution environment for quantum computers. To protect the user's circuits and data, the quantum computer control pulses are obfuscated with decoy control pulses. While digital data can be encrypted, analog control pulses cannot and this paper proposed the novel decoy pulse approach to obfuscate the analog control pulses. The proposed decoy pulses can easily be added to the software by users. Meanwhile, the hardware components of the architecture proposed in this paper take care of eliminating, i.e. attenuating, the decoy pulses inside the superconducting quantum computer's dilution refrigerator before they reach the qubits. The hardware architecture also contains tamper-resistant features to protect the trusted hardware and users' information. The work leverages a new metric of variational distance to analyze the impact and scalability of hardware protection. The variational distance of the circuits protected with our scheme, compared to unprotected circuits, is in the range of only $0.16$ to $0.26$. This work demonstrates that protection from possibly malicious cloud providers is feasible and all the hardware components needed for the proposed architecture are available today.
△ Less
Submitted 7 August, 2023;
originally announced August 2023.
-
Exploration of Quantum Computer Power Side-Channels
Authors:
Chuanqi Xu,
Ferhat Erata,
Jakub Szefer
Abstract:
With the rapidly growing interest in quantum computing also grows the importance of securing these quantum computers from various physical attacks. Constantly increasing qubit counts and improvements to the fidelity of the quantum computers hold great promise for the ability of these computers to run novel algorithms with highly sensitive intellectual property. However, in today's cloud-based quan…
▽ More
With the rapidly growing interest in quantum computing also grows the importance of securing these quantum computers from various physical attacks. Constantly increasing qubit counts and improvements to the fidelity of the quantum computers hold great promise for the ability of these computers to run novel algorithms with highly sensitive intellectual property. However, in today's cloud-based quantum computer setting, users lack physical control over the computers. Physical attacks, such as those perpetrated by malicious insiders in data centers, could be used to extract sensitive information about the circuits being executed on these computers. Indeed, this work shows for the first time that power-based side-channel attacks could be deployed against quantum computers. Such attacks can be used to recover information about the control pulses sent to these computers. By analyzing these control pulses, attackers can reverse-engineer the equivalent gate-level description of the circuits, and possibly even the secret algorithms being run. This work introduces five new types of attacks, and evaluates them using control pulse information available from cloud-based quantum computers. This work demonstrates how and what circuits could be recovered, and then in turn how to defend from the newly demonstrated side-channel attacks on quantum~computers.
△ Less
Submitted 9 May, 2023; v1 submitted 6 April, 2023;
originally announced April 2023.
-
Fast Fingerprinting of Cloud-based NISQ Quantum Computers
Authors:
Kaitlin N. Smith,
Joshua Viszlai,
Lennart Maximilian Seifert,
Jonathan M. Baker,
Jakub Szefer,
Frederic T. Chong
Abstract:
Cloud-based quantum computers have become a reality with a number of companies allowing for cloud-based access to their machines with tens to more than 100 qubits. With easy access to quantum computers, quantum information processing will potentially revolutionize computation, and superconducting transmon-based quantum computers are among some of the more promising devices available. Cloud service…
▽ More
Cloud-based quantum computers have become a reality with a number of companies allowing for cloud-based access to their machines with tens to more than 100 qubits. With easy access to quantum computers, quantum information processing will potentially revolutionize computation, and superconducting transmon-based quantum computers are among some of the more promising devices available. Cloud service providers today host a variety of these and other prototype quantum computers with highly diverse device properties, sizes, and performances. The variation that exists in today's quantum computers, even among those of the same underlying hardware, motivate the study of how one device can be clearly differentiated and identified from the next. As a case study, this work focuses on the properties of 25 IBM superconducting, fixed-frequency transmon-based quantum computers that range in age from a few months to approximately 2.5 years. Through the analysis of current and historical quantum computer calibration data, this work uncovers key features within the machines that can serve as basis for unique hardware fingerprint of each quantum computer. This work demonstrates a new and fast method to reliably fingerprint cloud-based quantum computers based on unique frequency characteristics of transmon qubits. Both enrollment and recall operations are very fast as fingerprint data can be generated with minimal executions on the quantum machine. The qubit frequency-based fingerprints also have excellent inter-device separation and intra-device stability.
△ Less
Submitted 14 November, 2022;
originally announced November 2022.