Reproducible Builds for Quantum Computing

TL;DR

The paper extends the classical notion of reproducible builds to the quantum computing domain, focusing on quantum transpilation and the risk of covert information leakage or corrupted results. It defines a formal framework around source code (quantum circuits), a quantum build toolchain (including a transpiler), and quantum artifacts (transpiled payloads), with a goal of bit-for-bit reproducibility across builds. Through confidentiality and integrity threat models, the work demonstrates how non-deterministic transpilation can enable data exfiltration and degraded computations, and provides concrete examples using layout, init, and scheduling stages as well as GHZ and Grover circuits. Practical contributions include identifying non-determinism sources in Qiskit (random seeds and QPY) and proposing concrete changes (buildinfo, OpenQASM3 encoding) to enable reproducible quantum builds, paving the way for independent verifiers and stronger trust in quantum cloud platforms.

Abstract

Reproducible builds are a set of software development practices that establish an independently verifiable path from source code to binary artifacts, helping to detect and mitigate certain classes of supply chain attacks. Although quantum computing is a rapidly evolving field of research, it can already benefit from adopting reproducible builds. This paper aims to bridge the gap between the quantum computing and reproducible builds communities. We propose a generalization of the definition of reproducible builds in the quantum setting, motivated by two threat models: one targeting the confidentiality of end users' data during circuit preparation and submission to a quantum computer, and another compromising the integrity of quantum computation results. This work presents three examples that show how classical information can be hidden in transpiled quantum circuits, and two cases illustrating how even minimal modifications to these circuits can lead to incorrect quantum computation results. Our work provides initial steps towards a framework for reproducibility in quantum software toolchains.

Figures (13)

• Figure 1: Illustration of a typical open-source software development workflow. Developers contribute by committing changes to a shared source code repository. When ready, they create a new release by tagging a specific version of the code, which triggers an automated build pipeline. This process generates the final executable or binary files intended for end users. These files are then distributed through package repositories or app stores.
• Figure 2: Illustration of the current quantum computing workflow. Quantum developers implement algorithms as quantum circuits using an SDK such as Qiskit qiskit2024. These circuits are transpiled (see Sec. \ref{['sec:transpilation']}) and sent to a quantum cloud, which provides access to a quantum backend. The quantum computer executes the circuit, and the results are returned via the cloud platform to the developers for further analysis.
• Figure 3: The six stages of the transpilation in Qiskitqiskit-transpiler-stages. The stages highlighted in red are modified in Sections \ref{['sec:attacks-confidentiality']} and \ref{['sec:attacks-integrity']} to implement our examples.
• Figure 4: Diagram of the threat model targeting confidentiality.
• Figure 5: Diagram of the threat model targeting integrity.