Certified Robustness of Quantum Classifiers against Adversarial Examples through Quantum Noise

TL;DR

This paper introduces a method to enhance the robustness of quantum classifiers against adversarial attacks by adding quantum noise, linking it to differential privacy and providing certified robustness bounds supported by simulations.

Contribution

It is the first to theoretically demonstrate that quantum noise can improve classifier robustness and establish a certified robustness bound against adversarial examples.

Findings

Quantum noise improves classifier robustness against adversarial attacks.

Differential privacy is linked to quantum classifier training with noise.

Experimental simulations support the theoretical robustness bounds.

Abstract

Recently, quantum classifiers have been found to be vulnerable to adversarial attacks, in which quantum classifiers are deceived by imperceptible noises, leading to misclassification. In this paper, we propose the first theoretical study demonstrating that adding quantum random rotation noise can improve robustness in quantum classifiers against adversarial attacks. We link the definition of differential privacy and show that the quantum classifier trained with the natural presence of additive noise is differentially private. Finally, we derive a certified robustness bound to enable quantum classifiers to defend against adversarial examples, supported by experimental results simulated with noises from IBM's 7-qubits device.