DyLoC: A Dual-Layer Architecture for Secure and Trainable Quantum Machine Learning Under Polynomial-DLA constraint

TL;DR

The paper tackles the privacy-trainability dilemma in variational quantum circuits by introducing DyLoC, a dual-layer defense that decouples privacy from the trainable core constrained to a polynomial dynamical Lie algebra. Privacy is externalized to the input and output interfaces through Truncated Chebyshev Graph Encoding (TCGE) and Dynamic Local Scrambling (DLS), while a polynomial-DLA core preserves trainability. Theoretical analysis shows the privacy components modify boundary conditions without expanding the trainable space, and experiments demonstrate comparable convergence to unprotected baselines while significantly impeding gradient-based reconstruction and snapshot inversion. This approach offers a practical route to secure and trainable quantum machine learning under realistic resource constraints, with potential hardware-friendly implementations leveraging shallow graph-state encodings.

Abstract

Variational quantum circuits face a critical trade-off between privacy and trainability. High expressivity required for robust privacy induces exponentially large dynamical Lie algebras. This structure inevitably leads to barren plateaus. Conversely, trainable models restricted to polynomial-sized algebras remain transparent to algebraic attacks. To resolve this impasse, DyLoC is proposed. This dual-layer architecture employs an orthogonal decoupling strategy. Trainability is anchored to a polynomial-DLA ansatz while privacy is externalized to the input and output interfaces. Specifically, Truncated Chebyshev Graph Encoding (TCGE) is employed to thwart snapshot inversion. Dynamic Local Scrambling (DLS) is utilized to obfuscate gradients. Experiments demonstrate that DyLoC maintains baseline-level convergence with a final loss of 0.186. It outperforms the baseline by increasing the gradient reconstruction error by 13 orders of magnitude. Furthermore, snapshot inversion attacks are blocked when the reconstruction mean squared error exceeds 2.0. These results confirm that DyLoC effectively establishes a verifiable pathway for secure and trainable quantum machine learning.

Figures (7)

• Figure 1: DyLoC architecture. The DyLoC architecture secures the trainable polynomial-DLA core by deploying TCGE at the input to create a rugged landscape against inversion attacks and DLS at the output to dynamically obfuscate gradients. This orthogonal design achieves dual-layer privacy protection while strictly preserving the gradient signal essential for model convergence.
• Figure 2: Standard vulnerable VQC. The baseline 3-qubit VQC architecture employs separable product encoding and static global measurements. This configuration establishes a deterministic linear mapping that exposes the model to algebraic snapshot recovery and inversion attacks.
• Figure 3: DyLoC-enhanced VQC. The DyLoC architecture integrates TCGE for enforced global entanglement and Dynamic Local Scrambling for gradient obfuscation. These components synergistically defend against algebraic attacks while preserving the trainability of the polynomial-DLA ansatz.
• Figure 4: Utility Comparison. The training loss convergence demonstrates that DyLoC (red) maintains a stable descent trajectory comparable to the Standard baseline (black), whereas the QDP model (green) suffers from significant oscillation and fails to reach the optimal solution due to noise injection.
• Figure 5: Weak Privacy Evaluation. The gradient reconstruction MSE indicates that DyLoC imposes a persistent structural mismatch for the adversary, maintaining a high error magnitude ($10^{-2}\sim 10^{-3}$) compared to the negligible error ($10^{-16}$) of the Standard baseline.

Theorems & Definitions (3)

• Definition 1: The Dynamical Lie Algebra (DLA)
• Definition 2: Weak Privacy MSE
• Definition 3: Strong privacy MSE