Black-Box Auditing of Quantum Model: Lifted Differential Privacy with Quantum Canaries

Baobao Song; Shiva Raj Pokhrel; Athanasios V. Vasilakos; Tianqing Zhu; Gang Li

arXiv:2512.14388·cs.LG·December 17, 2025

Black-Box Auditing of Quantum Model: Lifted Differential Privacy with Quantum Canaries

Baobao Song, Shiva Raj Pokhrel, Athanasios V. Vasilakos, Tianqing Zhu, Gang Li

PDF

Open Access

TL;DR

This paper introduces a black-box auditing framework for quantum machine learning models that uses quantum canaries to empirically verify privacy leakage, bridging the gap between theoretical privacy guarantees and practical verification.

Contribution

It presents the first empirical privacy auditing method for QML based on lifted quantum differential privacy and quantum canaries, enabling practical privacy assessment.

Findings

01

Effective detection of memorization in QML models

02

Quantification of privacy leakage during training

03

Validation on simulated and real quantum hardware

Abstract

Quantum machine learning (QML) promises significant computational advantages, yet models trained on sensitive data risk memorizing individual records, creating serious privacy vulnerabilities. While Quantum Differential Privacy (QDP) mechanisms provide theoretical worst-case guarantees, they critically lack empirical verification tools for deployed models. We introduce the first black-box privacy auditing framework for QML based on Lifted Quantum Differential Privacy, leveraging quantum canaries (strategically offset-encoded quantum states) to detect memorization and precisely quantify privacy leakage during training. Our framework establishes a rigorous mathematical connection between canary offset and trace distance bounds, deriving empirical lower bounds on privacy budget consumption that bridge the critical gap between theoretical guarantees and practical privacy verification.…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsQuantum Computing Algorithms and Architecture · Quantum Information and Cryptography · Physical Unclonable Functions (PUFs) and Hardware Security