Quantum Computing Security Threat: How Calibration Attacks Exploit Cloud-Based Quantum Services

On April 5, 2025, researchers Subrata Das and Swaroop Ghosh published Impact of Error Rate Misreporting on Resource Allocation in Multi-tenant Quantum Computing and Defense. They revealed how adversarial manipulation of error rates can disrupt resource allocation in shared quantum computing systems, leading to a 24% increase in execution latency and a 7.8% drop in successful trial probability.

Cloud-based quantum computing services allocate qubits among users based on hardware calibration data provided by third parties. An adversary manipulating these error rates can degrade system performance, increasing execution latency by 24% and reducing the probability of successful trials (PST) by 7.8%. The study demonstrates vulnerabilities in Greedy and COMDAP allocation frameworks under such attacks. To mitigate this threat, researchers propose detecting inconsistencies through statistical analysis of calibration cycles.

In quantum computing, efficient resource allocation is paramount, especially in multi-tenant environments where multiple users share resources. The integrity of this process hinges on accurate error calibration, which ensures that qubits are allocated optimally to minimize execution latency and maintain computational fidelity.

The Threat of Adversarial Misreporting

A critical concern arises when third-party calibration services misreport error values strategically without altering physical hardware. This manipulation can skew resource allocation, benefiting adversaries or causing system-wide inefficiencies. Two heuristics were developed to explore this threat:

1. Over-reporting Errors on High-Demand Qubits: By making these qubits appear less reliable, adversaries might aim to monopolize them or cause general inefficiency by reducing their usage.
2. Under-reporting Errors on Low-Demand Qubits: This could overload these qubits, potentially causing degradation and incorrect results as the system is tricked into believing they are more reliable than they are.

Using benchmark circuits on the Fake27QPulseV1 backend, both Greedy and COMDAP allocation frameworks were tested. Results indicated significant negative impacts, with Greedy being more affected, while COMDAP showed slight resilience but still experienced degradation.

Traditional threshold-based detection is ineffective due to natural error variations. Instead, the paper proposes using Kullback-Leibler (KL) divergence to compare historical and new error distributions, identifying systematic changes indicative of manipulation.

While theoretically robust, practical implementation challenges include setting thresholds for significant divergence and managing computational demands of maintaining historical records. Additionally, exploring other potential attack vectors beyond misreporting is essential.

As quantum computing becomes more accessible, ensuring the integrity of error reporting is crucial to prevent malicious disruptions and maintain trust in shared resources. This research highlights a significant theoretical concern, urging proactive measures to safeguard against adversarial attacks in future quantum ecosystems.