A Quantum Circuit Obfuscation Methodology for Security and Privacy

TL;DR

A metric-based SWAP gate insertion process to ensure maximum corruption of functionality measured using Total Variation Distance (TVD) is proposed and validated using IBM default noisy simulation model.

Abstract

Optimization of quantum circuits using an efficient compiler is key to its success for NISQ computers. Several 3rd party compilers are evolving to offer improved performance for large quantum circuits. These 3rd parties, or just a certain release of an otherwise trustworthy compiler, may possibly be untrusted and this could lead to an adversary to Reverse Engineer (RE) the quantum circuit for extracting sensitive aspects e.g., circuit topology, program, and its properties. In this paper, we propose obfuscation of quantum circuits to hide the functionality. Quantum circuits have inherent margin between correct and incorrect outputs. Therefore, obfuscation (i.e., corruption of functionality) by inserting dummy gates is nontrivial. We insert dummy SWAP gates one at a time for maximum corruption of functionality before sending the quantum circuit to an untrusted compiler. If an untrusted party clones the design, they get incorrect functionality. The designer removes the dummy SWAP gate post-compilation to restore the correct functionality. Compared to a classical counterpart, the quantum chip does not reveal the circuit functionality. Therefore, an adversary cannot guess the SWAP gate and location/validate using an oracle model. Evaluation of realistic quantum circuit with/without SWAP insertion is impossible in classical computers. Therefore, we propose a metric-based SWAP gate insertion process. The objective of the metric is to ensure maximum corruption of functionality measured using Total Variation Distance (TVD). The proposed approach is validated using IBM default noisy simulation model. Our metric-based approach predicts the SWAP position to achieve TVD of upto 50%, and performs 7.5% better than average TVD, and performs within 12.3% of the best obtainable TVD for the benchmarks. We obtain an overhead of < 5% for the number of gates and circuit depth after SWAP addition.

Figures (7)

• Figure 1: Attack model proposed in this paper. The quantum circuit is sent by the user to the untrusted compiler, where the adversary can steal the IP or RE the circuit. Logic obfuscation is proposed as countermeasure.
• Figure 1: SWAP gate location selection metrics.
• Figure 2: Difference (%) between feature-based TVDs and (a) the Best TVD, and (b) the Average TVD.
• Figure 2: Design overhead for obfuscation in terms of circuit depth, number of basis operations, and compilation time for two benchmark circuits with the Qiskit compiler backend.
• Figure 3: Circuit diagram of 123 counter with annotated features. For example, SWAP gate position 12 has depth = 2, number of control qubits = 5, measured or not = 1, constant qubits involved or not = 1, and number of control qubits in paths = 2, as shown. The path shown in blue, starts from each qubit of SWAP gate 12, and is continued in links by the control qubits, ending in target qubit that is measured. Doing this for both qubits in SWAP gate 12, we get 2 control qubits in the paths.