Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secret extraction attacks against obfuscated IQP circuits

David Gross, Dominik Hangleiter

TL;DR

This work provides a comprehensive cryptanalytic assessment of obfuscated IQP-based verification schemes for quantum advantage, showing that multiple secret-extraction attacks can recover hidden secrets under broad parameter regimes. The Radical Attack, supported by a normal-form analysis, demonstrates high-probability recovery for challenging parameters and complements by exposing parameter regions where existing attacks fail. Additional strategies, including Lazy Linearity, Double Meyer, and Hamming’s Razor, expand the attacker’s toolkit and push the boundary toward quasi-polynomial-time recovery in many cases, while also indicating regions where security remains plausible. The results underscore that secure, efficiently verifiable quantum-supremacy demonstrations remain difficult to achieve and motivate design principles for more robust obfuscation and verification frameworks.

Abstract

Quantum computing devices can now perform sampling tasks which, according to complexity-theoretic and numerical evidence, are beyond the reach of classical computers. This raises the question of how one can efficiently verify that a quantum computer operating in this regime works as intended. In 2008, Shepherd and Bremner proposed a protocol in which a verifier constructs a unitary from the comparatively easy-to-implement family of so-called IQP circuits, and challenges a prover to execute it on a quantum computer. The challenge problem is designed to contain an obfuscated secret, which can be turned into a statistical test that accepts samples from a correct quantum implementation. It was conjectured that extracting the secret from the challenge problem is NP-hard, so that the ability to pass the test constitutes strong evidence that the prover possesses a quantum device and that it works as claimed. Unfortunately, about a decade later, Kahanamoku-Meyer found an efficient classical secret extraction attack. Bremner, Cheng, and Ji very recently followed up by constructing a wide-ranging generalization of the original protocol. Their IQP Stabilizer Scheme has been explicitly designed to circumvent the known weakness. They also suggested that the original construction can be made secure by adjusting the problem parameters. In this work, we develop a number of secret extraction attacks which are effective against both new approaches in a wide range of problem parameters. In particular, we find multiple ways to recover the 300-bit secret hidden in a challenge data set published by Bremner, Cheng, and Ji. The important problem of finding an efficient and reliable verification protocol for sampling-based proofs of quantum supremacy thus remains open.

Secret extraction attacks against obfuscated IQP circuits

TL;DR

This work provides a comprehensive cryptanalytic assessment of obfuscated IQP-based verification schemes for quantum advantage, showing that multiple secret-extraction attacks can recover hidden secrets under broad parameter regimes. The Radical Attack, supported by a normal-form analysis, demonstrates high-probability recovery for challenging parameters and complements by exposing parameter regions where existing attacks fail. Additional strategies, including Lazy Linearity, Double Meyer, and Hamming’s Razor, expand the attacker’s toolkit and push the boundary toward quasi-polynomial-time recovery in many cases, while also indicating regions where security remains plausible. The results underscore that secure, efficiently verifiable quantum-supremacy demonstrations remain difficult to achieve and motivate design principles for more robust obfuscation and verification frameworks.

Abstract

Quantum computing devices can now perform sampling tasks which, according to complexity-theoretic and numerical evidence, are beyond the reach of classical computers. This raises the question of how one can efficiently verify that a quantum computer operating in this regime works as intended. In 2008, Shepherd and Bremner proposed a protocol in which a verifier constructs a unitary from the comparatively easy-to-implement family of so-called IQP circuits, and challenges a prover to execute it on a quantum computer. The challenge problem is designed to contain an obfuscated secret, which can be turned into a statistical test that accepts samples from a correct quantum implementation. It was conjectured that extracting the secret from the challenge problem is NP-hard, so that the ability to pass the test constitutes strong evidence that the prover possesses a quantum device and that it works as claimed. Unfortunately, about a decade later, Kahanamoku-Meyer found an efficient classical secret extraction attack. Bremner, Cheng, and Ji very recently followed up by constructing a wide-ranging generalization of the original protocol. Their IQP Stabilizer Scheme has been explicitly designed to circumvent the known weakness. They also suggested that the original construction can be made secure by adjusting the problem parameters. In this work, we develop a number of secret extraction attacks which are effective against both new approaches in a wide range of problem parameters. In particular, we find multiple ways to recover the 300-bit secret hidden in a challenge data set published by Bremner, Cheng, and Ji. The important problem of finding an efficient and reliable verification protocol for sampling-based proofs of quantum supremacy thus remains open.
Paper Structure (30 sections, 5 theorems, 43 equations, 4 figures, 4 algorithms)

This paper contains 30 sections, 5 theorems, 43 equations, 4 figures, 4 algorithms.

Table of Contents

  1. Introduction
  2. Notation and definitions
  3. Symmetric bilinear forms
  4. The IQP Stabilizer Scheme
  5. Hiding a secret string in an IQP circuit
  6. Stabilizer construction
  7. Extended QRC construction
  8. The Radical Attack
  9. Performance of the attack
  10. A normal form for generator matrices
  11. Accessing elements from the radical
  12. Reconstructing the support from random samples
  13. Global analysis
  14. Numerical experiments for the stabilizer construction
  15. Uncertainty quantification for the numerical experiments
  16. ...and 15 more sections

Key Result

Lemma 2

Assume $\mathbf{H}'$ results from $\mathbf{H}$ by a sequence of column operations that are directed to the left. Then: There is a sequence of column operations directed to the left such that:

Figures (4)

  • Figure 1: Probability of success of the Radical Attack given the "excess width" $w$ of the matrix $(\mathbf{B}\,|\,\mathbf{C})$. The solid sigmoidal curve is the simplified theoretical estimate $\mathop{\mathrm{Prob}}\nolimits[\text{success}\,|\,w]\approx (1-2^{-w})^{g+m-n}$. Red dots represent empirical success probabilities for all values of $w$ for which failures have been observed during 100k numerical runs. Each vertical bar is the acceptance region of a test for compatibility with the theory prediction at significance level $\alpha=5\%$. The plot is truncated at $w=18$, as this is the largest value for which RadicalAttack$()$ has failed at least once to recover the correct secret in the experiment. The mean value of $w$ is about $32.3$ and more than 96% of all instances were associated with a value of $w$ exceeding 18. The simplified theoretical analysis reproduces the behavior of the algorithm in a quantitatively correct way, including predicting the transition from likely failure to likely success at around $w\approx 6$.
  • Figure 2: Performance of the Radical Attack and the Linearity Attack kahanamoku-meyer_forging_2023 on the updated QRC construction of *bremner_iqp_2023_v1, using 100 random instances per point. Linearity Attack data from bremner_iqp_2023_v1. The two approaches are seen to complement each other almost perfectly.
  • Figure 3: (a) Dimension of $\ker (\mathbf{G}_{\mathbf d})$ (green) for the QRC construction with $q = 103$ and $m = 2q$ for 100 random instances and 1000 random choices of $\mathbf d$ per point. Shaded areas represent one standard deviation. This is compared to the simplified theoretical prediction $n - m/2$ (pink). The dotted line designates the minimum observed value of $\dim(\ker \mathbf{G}_{\mathbf d})$. The original Linear Attack runs in time roughly exponential in the green curve, whereas the "lazy" approach reduces this to about the exponential of the dotted one. Finally, the violet line depicts $\ker (\mathbf{G}_{\mathbf d}) / \ker(\mathbf{H}_{\mathbf d})$. The fact that it does not depend on $n$ is compatible with the expectation that the probability of finding the secret $\mathbf s$ in the kernel of any given Gram matrix $\mathbf{G}_{\mathbf d}$ is roughly independent of the size of the kernel. (b) Dimension of $\bigcap_{i \in [k]}\ker (\mathbf{G}_{\mathbf d^i})$ (green) for the QRC construction with $q = 103, n = q + r,r = (q+1)/2,m = 2q$. We used 100 random instances and 1000 random choices of $\mathbf d^1, \ldots, \mathbf d^k$ per point. The simple theoretical prediction of $2^{-k+1}(n - m/2)$ (dotted pink) is seen to be in good agreement with the numerical experiments up to a constant prefactor.
  • Figure 4: Performance of the Lazy Linearity Attack (solid lines) with ambition $A = 8$, endurance $E = 1000$, and significance threshold $g_{\text{th}} = 1$, and the Radical Attack (dashed lines) for values of $q = 103, 127, 151, 167$. $100$ instances per point. Compared to \ref{['fig:meyer vs radical']}, we find that the "lazy" approach has extended the range of $n$ for which the Linear Attack recovers the secret with near-certainty. The shift is sufficient that the two algorithms now cover the entire parameter range.

Theorems & Definitions (11)

  • Conjecture 1: Hidden Structured Code (HSC) Problem bremner_iqp_2023_v1
  • Lemma 2: Normal form
  • proof
  • Corollary 3
  • proof
  • Lemma 4
  • proof
  • Lemma 5
  • proof
  • Lemma 6
  • ...and 1 more