Context Switching for Secure Multi-programming of Near-Term Quantum Computers

TL;DR

Secure multi-programming on near-term quantum computers is challenged by crosstalk-based attacks that can tamper with co-running programs without hardware error models. The authors propose Quantum ContextSwitching (QONTEXTS), which distributes a program across multiple contexts using MFCS scheduling, and QONTEXTS+AD, which detects attacks via Hold-Out using distribution distances. They demonstrate Zero Knowledge Tampering Attacks (ZKTAs) on IBMQ devices, achieving up to 40% success in tampering cases, and show that QONTEXTS reduces attack exposure and improves resilience by orders of magnitude while preserving throughput (~2×) and improving fidelity (up to $1.33\times$ on average). The framework scales to larger programs and multiple devices, and QONTEXTS+AD can approach isolated-mode fidelity in favorable scenarios, offering a practical path to secure multi-programming on noisy quantum hardware.

Abstract

Multi-programming quantum computers improve device utilization and throughput. However, crosstalk from concurrent two-qubit CNOT gates poses security risks, compromising the fidelity and output of co-running victim programs. We design Zero Knowledge Tampering Attacks (ZKTAs), using which attackers can exploit crosstalk without knowledge of the hardware error profile. ZKTAs can alter victim program outputs in 40% of cases on commercial systems. We identify that ZKTAs succeed because the attacker's program consistently runs with the same victim program in a fixed context. To mitigate this, we propose QONTEXTS: a context-switching technique that defends against ZKTAs by running programs across multiple contexts, each handling only a subset of trials. QONTEXTS uses multi-programming with frequent context switching while identifying a unique set of programs for each context. This helps limit only a fraction of execution to ZKTAs. We enhance QONTEXTS with attack detection capabilities that compare the distributions from different contexts against each other to identify noisy contexts executed with ZKTAs. Our evaluations on real IBMQ systems show that QONTEXTS increases program resilience by three orders of magnitude and fidelity by 1.33$\times$ on average. Moreover, QONTEXTS improves throughput by 2$\times$, advancing security in multi-programmed environments.

Figures (22)

• Figure 1: (a) A multi-programmed quantum system. (b) Existing solutions always runs the same set of programs together (context) for all trials. (c) QONTEXTS runs each program over many contexts, each with a unique program for a subset of trials.
• Figure 2: Multi-programming improves system utilization, but programs are vulnerable to crosstalk-based attacks.
• Figure 3: Micro-benchmarks (a) $\mu_{b1}$ and (b) $\mu_{b2}$ to profile crosstalk on IBM systems. CNOTs between $q_2$ and $q_3$ in $\mu_{b2}$ generate crosstalk and fidelity of $\mu_{b1}$ is compared with $\mu_{b2}$.
• Figure 4: Increased number of links used for CNOTs heightens crosstalk and degrades the RF of the micro-benchmarks.
• Figure 5: High crosstalk pairs on IBM Hanoi shows substantial crosstalk exists even between non-neighboring links.