Quantum One-Time Protection of any Randomized Algorithm

TL;DR

This paper introduces a quantum one-time token scheme that enables secure, single-use evaluation of any classical randomized algorithm, including AI models, with minimal quantum resources and broad practical applicability.

Contribution

It proposes a novel quantum one-time token scheme for classical randomized algorithms that does not require coherent quantum implementation of the program.

Findings

The scheme guarantees one-time security based on high min-entropy outputs.

Quantum resources depend only on security level, not program complexity.

Applicable to near-term quantum devices like NISQ systems.

Abstract

The meteoric rise in power and popularity of machine learning models dependent on valuable training data has reignited a basic tension between the power of running a program locally and the risk of exposing details of that program to the user. At the same time, fundamental properties of quantum states offer new solutions to data and program security that can require strikingly few quantum resources to exploit, and offer advantages outside of mere computational run time. In this work, we demonstrate such a solution with quantum one-time tokens. A quantum one-time token is a quantum state that permits a certain program to be evaluated exactly once. One-time security guarantees, roughly, that the token cannot be used to evaluate the program more than once. We propose a scheme for building quantum one-time tokens for any randomized classical program, which include generative AI models. We prove that the scheme satisfies an interesting definition of one-time security as long as outputs of the classical algorithm have high enough min-entropy, in a black box model. Importantly, the classical program being protected does not need to be implemented coherently on a quantum computer. In fact, the size and complexity of the quantum one-time token is independent of the program being protected, and additional quantum resources serve only to increase the security of the protocol. Due to this flexibility in adjusting the security, we believe that our proposal is parsimonious enough to serve as a promising candidate for a near-term useful demonstration of quantum computing in either the NISQ or early fault tolerant regime.