Qubit Sensing: A New Attack Model for Multi-programming Quantum Computing

Abstract

Noisy quantum computers suffer from readout or measurement error. It is a classical bit-flip error due to which state"1"is read out as"0"and vice-versa. The probability of readout error shows a state dependence i.e., flipping probability of state"1"may differ from flipping probability of state"0". Moreover, the probability shows correlation across qubits. These state-dependent and correlated error probability introduces a signature of victim outputs on adversary output when two programs are run simultaneously on the same quantum computer. This can be exploited to sense victim output which may contain sensitive information. In this paper, we systematically show that such readout error-dependent signatures exist and that an adversary can use such signature to infer a user output. We experimentally demonstrate the attack (inference) on 3 public IBM quantum computers. Using Jensen-Shannon Distance (JSD) a measure for statistical inference, we show that our approach identifies victim output with an accuracy of 96% on real hardware. We also present randomized output flipping as a lightweight yet effective countermeasure to thwart such information leakage attacks. Our analysis shows the countermeasure incurs a minor penalty of 0.05% in terms of fidelity.