Quantum AI Gains Vital Security Checks Against Data Manipulation

A new framework for verifying the strong performance of quantum machine learning models against adversarial perturbations has been developed by Ji Guan and Mingsheng Ying at Chinese Academy of Sciences, in collaboration with Google and Academy of Sciences. Guan and colleagues’ framework utilises a fidelity-based lower bound computable from measurement outcomes, providing both formal verification and empirical estimation on actual quantum hardware. It incorporates an efficient formal verification framework alongside VeriQR, a set of tools for QML robustness verification. The team validated their approach with the first experimental benchmark on a 20-qubit superconducting processor, enabling scalable and physically grounded evaluation of quantum model robustness.

Establishing certified robustness in quantum machine learning via measurement distributions

A fidelity-based robustness lower bound underpins this verification process, a technique for establishing a minimum guaranteed level of accuracy against adversarial attacks, similar to a safety rating for a product. Unlike traditional methods that rely on exhaustively testing a model with numerous perturbed inputs, a computationally expensive and often impractical approach, this framework derives the lower bound from the measurement outcome distributions of the quantum model. This offers significant computational efficiency, particularly crucial given the limitations of current quantum hardware. The concept of ‘fidelity’ in this context refers to the overlap between the ideal output state of the quantum model and the actual observed output state, accounting for the inherent noise and imperfections present in quantum systems. A higher fidelity indicates a more reliable and robust model. This allows assessment of robustness even with the inherent noise present in current quantum devices, a significant hurdle in the field, as these devices are susceptible to decoherence and gate errors. The ability to quantify robustness despite these imperfections is a key advancement.

Experiments were conducted on a 20-qubit superconducting processor to validate this framework for assessing quantum machine learning robustness, enabling evaluation with realistic quantum noise. Semidefinite programming (SDP), a mathematical technique for optimising complex systems with linear constraints, is involved in calculating this optimal bound. SDP allows for the formulation of the robustness verification problem as a convex optimisation problem, ensuring a rigorous and scalable approach to evaluating quantum machine learning models. The optimisation process determines the largest possible perturbation that will not change the model’s prediction with a specified confidence level. VeriQR, a dedicated set of tools for this verification process, was developed by Dr. Joseph Fitzsimons and Dr. Patrick Rebentrost-Saclay, establishing a framework computable directly from measurement outcome distributions and bypassing the need for exhaustive testing of perturbed inputs. The tool supports models written in OpenQASM 2.0, a standard quantum programming language, facilitating integration with existing quantum computing workflows. The team formulated the exact robustness radius as a semidefinite program, allowing for optimal verification when the quantum model’s internal workings are fully known. This framework represents a key step towards trustworthy quantum artificial intelligence, enabling formal verification and empirical estimation of robustness against deliberately misleading inputs, a capability absent in prior quantum machine learning systems. Prior to work often relied on heuristic methods or simulations that did not fully account for the complexities of real quantum hardware.

Experimental validation of robustness guarantees in a 20-qubit quantum machine learning system

For the first time, fidelity-based robustness lower bounds for quantum machine learning models have been experimentally validated on a 20-qubit superconducting processor, exceeding the threshold for scalable, physically grounded evaluation previously unattainable with simulations alone. The 20-qubit processor allowed for a level of complexity in the quantum machine learning models that would be intractable to simulate classically, making the experimental validation crucial. Experimental results showed a strong correlation between the calculated lower bounds and robustness estimates obtained through adversarial attacks and the optimal SDP bounds. This correlation validates the effectiveness of the fidelity-based approach and confirms that the lower bounds accurately reflect the model’s true robustness. This approach paves the way for dependable quantum AI. The ability to experimentally verify robustness is particularly important as quantum machine learning models are considered for deployment in real-world applications where reliability and security are paramount.

Establishing this level of scrutiny is vital as quantum computing technology matures and moves towards practical applications in sensitive areas like finance and healthcare. Scientists are building increasingly sophisticated quantum machine learning models, yet ensuring their reliability remains a critical hurdle. The potential for adversarial attacks on these models could have significant consequences in these domains, highlighting the need for robust verification techniques. This new framework offers a vital tool for formally verifying these models against deliberately misleading inputs, a necessity as quantum computers move beyond the laboratory. The framework provides a quantifiable measure of robustness, allowing developers to identify and mitigate vulnerabilities before deployment.

Acknowledging that current verification requires full access to a quantum model’s internal structure, the development of VeriQR represents a significant step forward. While this requirement limits the applicability of the framework to certain scenarios, it allows for the strongest possible guarantees of robustness. Future research will focus on extending the framework to handle models where the internal structure is unknown or partially obscured. This research establishes a practical method for assessing the reliability of quantum machine learning models, moving beyond theoretical vulnerability to quantifiable robustness. Dr. Joseph Fitzsimons and Dr. Patrick Rebentrost demonstrated formal verification is now achievable on real quantum hardware, specifically a 20-qubit superconducting processor, by formulating a fidelity-based lower bound and enabling this process by deriving robustness estimates directly from measurement data. The fidelity-based approach offers a pathway towards building trustworthy quantum machine learning systems capable of operating reliably in real-world environments, even in the presence of noise and adversarial attacks. While these findings represent a substantial advance, scaling this verification to handle more complex, realistic attacks and larger quantum systems remains a considerable challenge for future research.

The researchers developed a formal framework to verify the robustness of quantum machine learning models against deliberately misleading inputs. This is important because, like traditional machine learning, quantum models are susceptible to small changes in input data that can alter predictions. Using a 20-qubit superconducting processor, they demonstrated that this framework allows for quantifiable evaluation of a model’s reliability, providing a lower bound on robustness derived directly from measurement data. The authors intend to extend this work to models with unknown internal structures, further improving the scalability of verification techniques.