Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Certifiably Robust Encoding Schemes

Aman Saxena, Tom Wollschläger, Nicola Franco, Jeanette Miriam Lorenz, Stephan Günnemann

TL;DR

This work addresses certifiable robustness of quantum classifiers against perturbations in classical data for near-term encoding schemes. It introduces a randomized smoothing framework implemented via quantum noise channels, showing equivalence to smoothed classifiers and extending from parallel to sequential encoding blocks. The authors derive CPTP-smoothing constructions, Kraus representations, and explicit trace-distance bounds, including Gaussian smoothing, and validate the approach on TwoMoons, Annular, and MNIST datasets, highlighting both improved robustness certificates and practical limitations. The findings demonstrate a principled path to certify QML pipelines under classical data perturbations, with implications for reliable deployment and future work on strengthening guarantees and understanding training dynamics under smoothing."

Abstract

Quantum machine learning uses principles from quantum mechanics to process data, offering potential advances in speed and performance. However, previous work has shown that these models are susceptible to attacks that manipulate input data or exploit noise in quantum circuits. Following this, various studies have explored the robustness of these models. These works focus on the robustness certification of manipulations of the quantum states. We extend this line of research by investigating the robustness against perturbations in the classical data for a general class of data encoding schemes. We show that for such schemes, the addition of suitable noise channels is equivalent to evaluating the mean value of the noiseless classifier at the smoothed data, akin to Randomized Smoothing from classical machine learning. Using our general framework, we show that suitable additions of phase-damping noise channels improve empirical and provable robustness for the considered class of encoding schemes.

Certifiably Robust Encoding Schemes

TL;DR

This work addresses certifiable robustness of quantum classifiers against perturbations in classical data for near-term encoding schemes. It introduces a randomized smoothing framework implemented via quantum noise channels, showing equivalence to smoothed classifiers and extending from parallel to sequential encoding blocks. The authors derive CPTP-smoothing constructions, Kraus representations, and explicit trace-distance bounds, including Gaussian smoothing, and validate the approach on TwoMoons, Annular, and MNIST datasets, highlighting both improved robustness certificates and practical limitations. The findings demonstrate a principled path to certify QML pipelines under classical data perturbations, with implications for reliable deployment and future work on strengthening guarantees and understanding training dynamics under smoothing."

Abstract

Quantum machine learning uses principles from quantum mechanics to process data, offering potential advances in speed and performance. However, previous work has shown that these models are susceptible to attacks that manipulate input data or exploit noise in quantum circuits. Following this, various studies have explored the robustness of these models. These works focus on the robustness certification of manipulations of the quantum states. We extend this line of research by investigating the robustness against perturbations in the classical data for a general class of data encoding schemes. We show that for such schemes, the addition of suitable noise channels is equivalent to evaluating the mean value of the noiseless classifier at the smoothed data, akin to Randomized Smoothing from classical machine learning. Using our general framework, we show that suitable additions of phase-damping noise channels improve empirical and provable robustness for the considered class of encoding schemes.
Paper Structure (17 sections, 7 theorems, 13 equations, 7 figures)

This paper contains 17 sections, 7 theorems, 13 equations, 7 figures.

Table of Contents

  1. Introduction
  2. Background
  3. Parallel Encoding Schemes
  4. Sequential Encoding Schemes
  5. Related Works
  6. Methods
  7. Randomized Smoothing as Quantum Noise
  8. Smoothing single-qubit Pauli rotation gates
  9. Additional Remarks
  10. Smoothing $RY$ and $RZ$ data encoding blocks
  11. Nonlinear features
  12. Guarantees vs Computational cost
  13. Experiments
  14. TwoMoons Dataset
  15. Annular Dataset
  16. ...and 2 more sections

Key Result

Theorem 1

Let $\boldsymbol{\delta} \sim \phi$ such that $\mathbb E_{\boldsymbol{\delta}}[\boldsymbol{\delta}] = 0$ and $E_{\boldsymbol{\delta}}[\boldsymbol{\delta}^2] < \infty$. Define $\boldsymbol{\rho}(\mathbf{x}) := \boldsymbol{U}(\mathbf{x})\lvert \gamma \rangle\langle \gamma \rvert \boldsymbol{U}(\mathbf

Figures (7)

  • Figure 1: Parallel Encoding maps data to parallel quantum subsystems while sequential encoding is just a stack of parallel layers.
  • Figure 2: Accuracy upon gradient-based attacks for smooth classifiers on TwoMoons Dataset with different values of $\sigma$. (a) All data encoding blocks are smoothed using the Phase-Damping noise channels with parameter $\lambda = 1 - \exp(-\sigma^2)$. (b) All data encoding blocks encoding $\alpha x$ are smoothed using Phase-Damping noise channels with parameter $\lambda = 1 - \exp(-\alpha^2 \sigma^2)$.
  • Figure 3: Fraction of test dataset correctly classified and certified against the radius of perturbation for smooth classifiers on TwoMoons Dataset with different values of $\sigma$. (a) All data encoding blocks are smoothed using phase damping noise channels with parameter $\lambda = 1 - \exp(-\sigma^2)$. (b) All data encoding blocks encoding $\alpha x$ are smoothed using phase damping noise channels with parameter $\lambda = 1 - \exp(-\alpha^2 \sigma^2)$.
  • Figure 4: Accuracy upon gradient-based attacks for smooth classifiers on artificially generated Annular Dataset with different values of $\sigma$. (a) All data encoding blocks are smoothed using phase damping noise channels with parameter $\lambda = 1 - \exp(-\sigma^2)$. (b) All data encoding blocks encoding $\alpha x$ are smoothed using Phase-Damping noise channels with parameter $\lambda = 1 - \exp(-\alpha^2 \sigma^2)$.
  • Figure 5: Kernel functions obtained from the Quantum circuit without smoothing(approximation of Gaussian), with exponential smoothing and uniform smoothing for $\sigma = 1.5$. The smooth kernels are scaled back to 0, 1.
  • ...and 2 more figures

Theorems & Definitions (16)

  • Definition 1: Quantum Binary Classifier
  • Definition 2: $(\mathbf{D}, \epsilon)$-Robust
  • Theorem 1: Smooth Parallel Encoding: Smoothing is a CPTP map
  • Theorem 2: Smooth Parallel Encoding: Upper bound of the Trace distance
  • Corollary 1: Gaussian parallel smooth encoding scheme: Infinite sampling
  • Definition 3: Smooth Sequential Encoding
  • Theorem 3: Smooth Sequential Encoding: Infinite Sampling
  • Corollary 2: Gaussian sequential Smooth Encoding Scheme: Infinite Sampling
  • Theorem 4: Smooth $RZ$ data encoding block
  • Lemma 1
  • ...and 6 more