Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services

Chao Lu, Esha Telang, Aydin Aysu, Kanad Basu

TL;DR

This work investigates timing-based side-channel attacks on cloud-based quantum services, introducing five attacks (UC, CO, CA, QM, QP) under a realistic, non-physical-access threat model. Using both simulations and real IBM devices, it shows that an attacker needs as few as 10 measurements to identify the executing quantum processor and around 500 measurements to recover a Grover oracle, with broader circuit identifications achievable across broader measurement budgets. The study compares timing SCAs to prior power-based analyses and discusses mitigations such as randomness in compilation, multi-programming, circuit modifications, timer noise, and access controls. The findings underscore urgent security considerations for quantum cloud providers and offer concrete defensive strategies to safeguard sensitive quantum computations. The work thus advances understanding of practical cloud-era quantum security and points to concrete directions for hardening quantum cloud infrastructure.

Abstract

Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing. In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.

Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services

TL;DR

This work investigates timing-based side-channel attacks on cloud-based quantum services, introducing five attacks (UC, CO, CA, QM, QP) under a realistic, non-physical-access threat model. Using both simulations and real IBM devices, it shows that an attacker needs as few as 10 measurements to identify the executing quantum processor and around 500 measurements to recover a Grover oracle, with broader circuit identifications achievable across broader measurement budgets. The study compares timing SCAs to prior power-based analyses and discusses mitigations such as randomness in compilation, multi-programming, circuit modifications, timer noise, and access controls. The findings underscore urgent security considerations for quantum cloud providers and offer concrete defensive strategies to safeguard sensitive quantum computations. The work thus advances understanding of practical cloud-era quantum security and points to concrete directions for hardening quantum cloud infrastructure.

Abstract

Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing. In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.
Paper Structure (25 sections, 1 equation, 9 figures, 1 table)

This paper contains 25 sections, 1 equation, 9 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. Quantum Computing
  4. Quantum Computing Basics
  5. Quantum Compilation
  6. Quantum computer architecture
  7. Statistical Analysis for SCAs
  8. T-test and Difference-of-Mean Test
  9. Power Analysis
  10. Related Works
  11. Threat Model
  12. Results
  13. Experimental Setup
  14. Experimental Results for the Evaluated Attacks
  15. User Circuit Identification (UC)
  16. ...and 10 more sections

Figures (9)

  • Figure 1: (a) X gate (b) CX gate (c) SWAP gate (d) CCX gate. (e) Routing Map of the IBM Quantum Computer ibmq_belem: Only connected qubits can perform 2-qubit gates like the CX gate. If a CX gate is required between two unconnected qubits, SWAP gates are introduced to assist with the computation.
  • Figure 2: Quantum computer execution process: The quantum circuits submitted by users are processed in the application layer, following the workflow shown in the Figure. In this paper, we will only evaluate the time consumption in the Quantum Processing Unit, as the time consumption during calibration and tuning interactions between the Classical Processing section and the Digital Processing section is unstable.
  • Figure 3: Demonstration of the overlapping coefficient of two Gaussian distributed curves. The shaded area represents the overlapping coefficient of the two curves. When the overlapping coefficient of the two curves is higher, it indicates that the two curves are more similar to each other.
  • Figure 4: Demonstration of the threat model that combining the advantage of ccspscaquantum and quantumcloudsca. The attacker measures the time interval between two circuit submissions to the cloud service and uses a statistical analysis tool to perform SCAs. Our analysis assumes that the time consumed within these intervals is either neglected or treated as a constant. This assumption ensures that the variable $\Delta T_n$, as referenced in the Figure, does not impact the statistical characterization of the execution of diverse quantum circuits.
  • Figure 5: Grover search circuit with one iteration. The circuit demonstrates three different parts and separated by dashed lines, which are qubits preparation, Grover oracle, and the diffusion operation. More iterations are done by repeating the Grover oracle and the diffusion operation.
  • ...and 4 more figures