SoK Paper: Security Concerns in Quantum Machine Learning as a Service

Abstract

Quantum machine learning (QML) is a category of algorithms that uses variational quantum circuits (VQCs) to solve machine learning tasks. Recent works have shown that QML models can effectively generalize from limited training data samples. This capability has led to an increased interest in deploying these models to address practical, real-world problems, resulting in the emergence of Quantum Machine Learning as a Service (QMLaaS). QMLaaS represents a hybrid model that utilizes both classical and quantum computing resources. Classical computers play a crucial role in this setup, handling initial pre-processing and subsequent post-processing of data to compensate for the current limitations of quantum hardware. Since this is a new area, very little work exists to paint the whole picture of QMLaaS in the context of known security threats in the domain of classical and quantum machine learning. This SoK paper is aimed to bridge this gap by outlining the complete QMLaaS workflow, which includes both the training and inference phases and highlighting security concerns involving untrusted classical and quantum providers. QML models contain several sensitive assets, such as the model architecture, training data, encoding techniques, and trained parameters. Unauthorized access to these components could compromise the model’s integrity and lead to intellectual property (IP) theft. We pinpoint the critical security issues that must be considered to pave the way for a secure QMLaaS deployment.