Quantum Computing Security

Overview

The potential national security applications and scientific and commercial opportunities of quantum computers have led to increased focus in the industry and amongst policy makers on the importance of protecting quantum computing efforts from IP theft and other attacks. One underexplored aspect of this security landscape is the potential for practical exploits targeting the classical-to-quantum interface.

Quantum processing units (QPUs) rely on classical computers to compile code, trigger control systems, and translate software gates into physical forces. This interface creates a unique attack surface, with several vulnerability categories:

1. Gate-to-Pulse Inconsistency (Software-Hardware Interface)

Quantum software development kits (SDKs) like Cirq or Qiskit involve writing circuits in the form of logical "gates". The software interface then translates these into raw electromagnetic microwave or laser pulses that physically manipulate the qubits. However, the software often doesn't verify if the physical pulses actually match the high-level gate instructions. This opens the door to a class of pulse-level exploits:

  • Qubit Plunder: A malicious actor can compromise an SDK or compiler to insert a custom gate. On paper, it looks like it operates on Qubit A, but at the pulse level, it routes signals to alter or extract data from Qubit B instead.
  • State-Hopping Sabotage (Higher-Energy Attacks): Qubits are abstracted as binary. However, physical qubits can exist in higher energy states. Attackers can alter control pulse frequencies or waveforms slightly to push qubits into these "forbidden" leakage states, completely disrupting calculations or creating covert communication channels within the system.
  • Timing & Phase Mismatches: Tiny adjustments to a pulse’s phase or timing window can silently inject phase errors or amplify decoherence (the breakdown of the quantum state), acting as a silent denial-of-service attack that invalidates research data without throwing a hard error.

2. Physical Controller Side-Channels

The physical interface between the digital classical controller and the analog quantum environment can reveal information via a process known as Pulse Emission Analysis. The physical control boards generate massive amounts of radiofrequency (RF) or microwave energy. The power consumption and timing patterns of these classical control pulses can inadvertently leak the exact nature of the gate operations being performed, allowing an attacker to reconstruct proprietary quantum algorithms or sensitive embedded data.

3. Weak Reset Interfaces (Data Remanence)

Quantum algorithms are probabilistic; they require running the same circuit thousands of times ("shots") to get a statistically valid answer. Between every single shot, the physical interface has to completely reset the qubits back to their ground state. If the hardware reset mechanism has minor timing or calibration imperfections, trace elements of the previous computation’s quantum state carry over. In a multi-user environment, this data remanence can allow a subsequent user to map out data from the previous user's job.

4. Multi-Tenant Crosstalk in Cloud QPUs

Because quantum computers are incredibly expensive, the primary mode of access is and will be via cloud API networks. To maximize efficiency, providers may rely on multi-tenancy—running multiple users' circuits simultaneously on different sectors of the same large QPU. This can lead to hardware crosstalk, i.e. degradation of the gate fidelity of an adjacent user’s circuits, or event state dependencies that leak data across boundaries.

×