Quantum computer architecture security research is a new and active research field. As the new year and semester is under way, this article looks back at the recent quantum computer architecture security papers published or posted online in the prior year 2022. Many of the papers are peer-reviewed research papers, while number of them are non-peer-reviewed research papers posted on web sites such as arXiv. By summarizing and reviewing the recent research papers, this article hops to give some insights and analysis of how the field of quantum computer architecture security is evolving.
Recent Research Papers on Quantum Computer Architecture Security
As may be typical of any computer security research sub-filed, the research papers on quantum computer architecture security focused both on threats as well as defenses. The research papers are discussed in the order of their publication, either online posting date, or conference or a journal publication date. The references to the papers discussed below are available in a Bibtex file linked here, which is freely available for download and use. The Bibtex is actively maintained and new papers will be added every few months in hopes that this can be an active resource for researchers exploring this new area.
In March 2022, Deshpande, et al. posted online work on an antivirus for quantum computers. The work on the antivirus for quantum computers was motivated by various examples of malicious quantum computer circuits which could generate cross-talk and noise, in a multi-tenant quantum computer. Although multi-tenant quantum computers are not available today, the antivirus anticipates future deployments of such computers. The defense does not require hardware modification, but does require active maintenance of a database of quantum computer “viruses”.
In June 2022, Kundu, et al. published work security-related uses of Quantum Machine Learning (QML). The authors investigate the use of QML to classify Printed Circuit Board (PCB) defects, which can severely affect system performance and security. They also propose use of QML for use hardware Trojan detection and recycled chip detection, but do not provide any evaluation results. In the case of PCB defects, the authors utilize QML for image detection to identify PCB images that show some damage or defect, for example, using both Convolutional Autoencoder (CAE) and Quantum Neural Network (QNN). They manually add defects to images of PCBs to create the training data set. Authors found that QML works as well as classical ML.
Also in June 2022, Pirnay, et al. published work analyzing security of Quantum Physical Unclonable Functions (PUFs). They formalize a class of Classical Readout Quantum PUFs (CR-QPUFs), which only use single qubit gates in the PUF circuit. The authors demonstrate insufficient security for CR-QPUFs based on single qubit rotation gates. They show that attacker who has access to query the PUFs is able to learn the characteristics of the PUFs and model the PUF. Once attacker has a model of the PUF, they generate same responses as the real PUF.
In August 2022, Beaudoin, et al. posted online work where they demonstrate an application of Quantum Neural Network (QNN) to the hardware security task of Hardware Trojan (HT) detection using a set of power and area Trojan features. The authors used publicly available dataset of Trojan free (TF) and Trojan infected (TI) circuits. The data set contains area and power characteristics of the TI and TF circuits. The authors modified the data set to balance the numbers of TF and TI circuits. They also used non-linear dimensionality reduction technique, the T-distributed Stochastic Neighbor Embedding (t-SNE), to reduce the feature size from 50 to 2 features for training on QNN, due to the size limit of today’s quantum computers, which have only a few qubits. With feature size of 2, QNN came close to the accuracy of classical SVM, for example.
In September 2022, Bell, et al. published a paper which explored side-channel information that can be extracted from circuits running sequentially on a quantum computer. The authors considered future scenario of multi-tenant quantum computers. To achieve this, for each job submitted to IBM quantum computers, they generated sequences of circuits consisting a probe circuit, target circuit, probe circuit, target circuits, etc. Although not specified, it is assumed that default reset strategy was used between the shots of each circuit. The authors showed that they could train neural network to identify whether target circuit was circuit A, B, or none, with accuracy up to 70%, when selecting from 3 fully known victim options (A, B, or none).
Also in September 2022, Upadhyay, et al. posted online work considering untrusted quantum computer providers manipulating user’s execution on the quantum computers. In their work, they model and simulate adversarial tampering of input parameters and measurement outcomes on an exemplary hybrid quantum classical algorithm Quantum Approximate Optimization Algorithm (QAOA). In the QAOA the users execute a circuit on a quantum computer, then use the outcome as input to a local, classical optimization routing, and set parameters for the next execution of the circuit on the quantum computer. The authors considered that the quantum computer provider could be malicious and either modify the parameters from what was requested by user, or to report wrong results from the quantum computation. In this case the malicious quantum computer can significantly degrade the performance of the QAOA. As solution, authors propose to split the computation among different quantum computer providers.
In November 2022, Mi, et al. published work on securing reset operations in quantum computers. A reset gate available in quantum computers such as from IBM, can be used to reset the state of the qubits. However, the authors however that the reset gate is not perfect. In particular, the state of the qubit prior to the reset can be learned by the adversary by measuring the state of the qubit right after the reset operation. As a solution, the authors presented a secure reset operation which randomizes the number of resets used. By randomizing the number of resets, the adversary cannot as easily learn the state of the qubit, since they do not know how many resets were applied. The authors also ensured that the total reset sequence, regardless of the number of random resets used, is constant in time. This say the adversary cannot learn the number of reset gates used in the reset sequence base on its timing.
Also in November 2022, Smith, et al. posted online work focusing on developing a new and simple quantum computer fingerprinting method based on qubit frequencies. The authors analyzed historical data from IBM quantum computers and showed that the qubit frequencies are stable over long periods. Further, the qubit frequencies are unique to different quantum computers. The quantum computer fingerprint was then defined as a set of qubit frequencies. Following ideas similar to Jaccard index, the authors then developed a simple metric of computing the similarity of different fingerprints based on the number of qubit frequencies they differed at.
In December 2022, Topaloglu posted online work which discussed Quantum Logic Locking. Following ideas from classical computing and logic locking, the author suggests to add additional qubits whose operation is locked by a secret input. The resulting locked logic is demonstrated on IBM quantum computers to have similar output probabilities to the unlocked version. The article, however, does not discuss how to supply the secret input such that the cloud provider cannot learn it by observing the control signals of the quantum computer.
Trends in Research Papers
The research papers from this year span all different topics, from attacks to defenses. So far, much of research focuses on application of classical ideas to quantum computers, for example with PUFs or logic locking. Use of machine learning is also prominent, although at this point, due to size of quantum computers, the machine learning approaches do not yet give better results than classical approaches. Also, now researchers are beginning to explore attacking the security primitives, such as the quantum PUFs, that have been earlier proposed for quantum computers.
About the author: Prof. Jakub Szefer’s research focuses on computer architecture and hardware security. His research encompasses secure processor architectures, cloud security, FPGA attacks and defenses, hardware FPGA implementation of cryptographic algorithms, and most recently quantum computer cybersecurity. Among others, Jakub is the author of first book focusing on processor architecture security: “Principles of Secure Processor Architecture Design”, published in 2018. And since 2022 he maintains a newsletter focusing on security of quantum computers: https://quantumcybersecurity.substack.com
Disclaimer: These posts are written by individual contributors to share their thoughts on the Computer Architecture Today blog for the benefit of the community. Any views or opinions represented in this blog are personal, belong solely to the blog author and do not represent those of ACM SIGARCH or its parent organization, ACM.