Constructing Optimal Noise Channels for Enhanced Robustness in Quantum Machine Learning

TL;DR

This paper introduces a family of quantum noise channels that are inherently differentially private and demonstrates their effectiveness in improving robustness and adversarial accuracy in quantum machine learning models.

Contribution

It constructs a new class of noise channels with differential privacy guarantees and develops an optimization method for robustness, validated through experiments.

Findings

Optimal noise channels improve adversarial accuracy.

The framework replicates known DP bounds for specific channels.

Variables influence certifiable robustness and encoding impacts.

Abstract

With the rapid advancement of Quantum Machine Learning (QML), the critical need to enhance security measures against adversarial attacks and protect QML models becomes increasingly evident. In this work, we outline the connection between quantum noise channels and differential privacy (DP), by constructing a family of noise channels which are inherently $\epsilon$-DP: $(\alpha, \gamma)$-channels. Through this approach, we successfully replicate the $\epsilon$-DP bounds observed for depolarizing and random rotation channels, thereby affirming the broad generality of our framework. Additionally, we use a semi-definite program to construct an optimally robust channel. In a small-scale experimental evaluation, we demonstrate the benefits of using our optimal noise channel over depolarizing noise, particularly in enhancing adversarial accuracy. Moreover, we assess how the variables $\alpha$ and $\gamma$ affect the certifiable robustness and investigate how different encoding methods impact the classifier's robustness.