Crosstalk-induced Side Channel Threats in Multi-Tenant NISQ Computers

TL;DR

This paper reveals a novel security vulnerability in multi-tenant NISQ quantum computers, demonstrating how crosstalk can be exploited as a side-channel to identify quantum algorithms with high accuracy.

Contribution

It introduces the first known crosstalk-based side-channel attack on NISQ devices, using minimal privileges and machine learning to infer victim algorithms.

Findings

Achieved up to 85.7% accuracy in identifying quantum algorithms.

Demonstrated crosstalk as a practical attack vector in multi-tenant quantum environments.

Validated attack effectiveness on 336 benchmark circuits.

Abstract

As quantum computing rapidly advances, its near-term applications are becoming increasingly evident. However, the high cost and under-utilization of quantum resources are prompting a shift from single-user to multi-user access models. In a multi-tenant environment, where multiple users share one quantum computer, protecting user confidentiality becomes crucial. The varied uses of quantum computers increase the risk that sensitive data encoded by one user could be compromised by others, rendering the protection of data integrity and confidentiality essential. In the evolving quantum computing landscape, it is imperative to study these security challenges within the scope of realistic threat model assumptions, wherein an adversarial user can mount practical attacks without relying on any heightened privileges afforded by physical access to a quantum computer or rogue cloud services. In this paper, we demonstrate the potential of crosstalk as an attack vector for the first time on a Noisy Intermediate Scale Quantum (NISQ) machine, that an adversarial user can exploit within a multi-tenant quantum computing model. The proposed side-channel attack is conducted with minimal and realistic adversarial privileges, with the overarching aim of uncovering the quantum algorithm being executed by a victim. Crosstalk signatures are used to estimate the presence of CNOT gates in the victim circuit, and subsequently, this information is encoded and classified by a graph-based learning model to identify the victim quantum algorithm. When evaluated on up to 336 benchmark circuits, our attack framework is found to be able to unveil the victim's quantum algorithm with up to 85.7\% accuracy.