Obfuscating Quantum Hybrid-Classical Algorithms for Security and Privacy

TL;DR

This paper introduces an obfuscation technique for hybrid quantum-classical algorithms like QAOA to protect intellectual property when using untrusted hardware, achieving security with minimal performance loss.

Contribution

The paper proposes a novel edge pruning obfuscation method combined with split iteration to secure quantum algorithm IP on untrusted hardware without significant performance impact.

Findings

Obfuscation increases difficulty of circuit reconstruction.

Performance degradation is limited to about 10%.

Overhead costs are kept below 0.5X for single-layer QAOA.

Abstract

As the quantum computing ecosystem grows in popularity and utility it is important to identify and address the security and privacy vulnerabilities before they can be widely exploited. One major concern is the involvement of third party tools and hardware. Usage of untrusted hardware could present the risk of intellectual property (IP) theft. For example the hybrid quantum classical algorithms like QAOA encodes the graph properties e.g. number of nodes edges and connectivity in the parameterized quantum circuit to solve a graph maxcut problem. QAOA employs a classical computer which optimizes the parameters of a parametric quantum circuit (which encodes graph structure) iteratively by executing the circuit on a quantum hardware and measuring the output. The graph properties can be readily retrieved by analyzing the QAOA circuit by the untrusted quantum hardware provider. To mitigate this risk, we propose an edge pruning obfuscation method for QAOA along with a split iteration methodology. The basic idea is to (i) create two flavors of QAOA circuit each with few distinct edges eliminated from the problem graph for obfuscation (ii) iterate the circuits alternately during optimization process to uphold the optimization quality and (iii) send the circuits to two different untrusted hardware provider so that the adversary has access to partial graph protecting the IP. We demonstrate that combining edge pruning obfuscation with split iteration on two different hardware secures the IP and increases the difficulty of reconstruction while limiting performance degradation to a maximum of 10 percent (approximately 5 percent on average) and maintaining low overhead costs (less than 0.5X for QAOA with single layer implementation).