The potential national security applications and scientific and commercial opportunities of quantum computers have led to increased focus in the industry and amongst policy makers on the importance of protecting quantum computing efforts from IP theft and other attacks. One underexplored aspect of this security landscape is the potential for practical exploits targeting the classical-to-quantum interface.
Quantum processing units (QPUs) rely on classical computers to compile code, trigger control systems, and translate software gates into physical forces. This interface creates a unique attack surface, with several vulnerability categories:
1. Gate-to-Pulse Inconsistency (Software-Hardware Interface)
Quantum software development kits (SDKs) like Cirq or Qiskit involve writing circuits in the form of logical "gates". The software interface then translates these into raw electromagnetic microwave or laser pulses that physically manipulate the qubits. However, the software often doesn't verify if the physical pulses actually match the high-level gate instructions. This opens the door to a class of pulse-level exploits:
2. Physical Controller Side-Channels
The physical interface between the digital classical controller and the analog quantum environment can reveal information via a process known as Pulse Emission Analysis. The physical control boards generate massive amounts of radiofrequency (RF) or microwave energy. The power consumption and timing patterns of these classical control pulses can inadvertently leak the exact nature of the gate operations being performed, allowing an attacker to reconstruct proprietary quantum algorithms or sensitive embedded data.
3. Weak Reset Interfaces (Data Remanence)
Quantum algorithms are probabilistic; they require running the same circuit thousands of times ("shots") to get a statistically valid answer. Between every single shot, the physical interface has to completely reset the qubits back to their ground state. If the hardware reset mechanism has minor timing or calibration imperfections, trace elements of the previous computation’s quantum state carry over. In a multi-user environment, this data remanence can allow a subsequent user to map out data from the previous user's job.
4. Multi-Tenant Crosstalk in Cloud QPUs
Because quantum computers are incredibly expensive, the primary mode of access is and will be via cloud API networks. To maximize efficiency, providers may rely on multi-tenancy—running multiple users' circuits simultaneously on different sectors of the same large QPU. This can lead to hardware crosstalk, i.e. degradation of the gate fidelity of an adjacent user’s circuits, or event state dependencies that leak data across boundaries.
Applications are now open.
Submit by August 7, 2026 at 11:59:59pm AoE (UTC-12). Notification of decisions will be announced by October 30, 2026.
A primary challenge in quantum security is ensuring the integrity and confidentiality of the entire computation stack, particularly at the interface where high-level logical instructions are translated into physical control pulses. As quantum systems scale and move toward multi-tenant cloud environments, the attack surface expands beyond classical network security into physical layer vulnerabilities and cross-layer inconsistencies. We are seeking research proposals that advance our understanding of these threats and develop robust, verifiable defense mechanisms.
Example proposal focus areas could include (but are not limited to) the below, or some combination thereof:
Awards will be up to $100k, but we may consider larger amounts for exceptional proposals that demonstrate a clear and compelling rationale for the increased funding. Funds will be disbursed as unrestricted gifts to the university or degree-granting research institution and are not intended for overhead or indirect costs.
Eligibility
We will host informational sessions with live Q&A. RSVP to attend here.
See FAQ's here.
See past recipients.