Salvato in:
Dettagli Bibliografici
Autori principali: Upadhyay, Suryansh, Ghosh, Swaroop
Natura: Preprint
Pubblicazione: 2024
Soggetti:
Accesso online:https://arxiv.org/abs/2407.14687
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866916331309236224
author Upadhyay, Suryansh
Ghosh, Swaroop
author_facet Upadhyay, Suryansh
Ghosh, Swaroop
contents Quantum computing (QC) has the potential to revolutionize fields like machine learning, security, and healthcare. Quantum machine learning (QML) has emerged as a promising area, enhancing learning algorithms using quantum computers. However, QML models are lucrative targets due to their high training costs and extensive training times. The scarcity of quantum resources and long wait times further exacerbate the challenge. Additionally, QML providers may rely on a third-party quantum cloud for hosting the model, exposing the models and training data. As QML-as-a-Service (QMLaaS) becomes more prevalent, reliance on third party quantum clouds can pose a significant threat. This paper shows that adversaries in quantum clouds can use white-box access of the QML model during training to extract the state preparation circuit (containing training data) along with the labels. The extracted training data can be reused for training a clone model or sold for profit. We propose a suite of techniques to prune and fix the incorrect labels. Results show that $\approx$90\% labels can be extracted correctly. The same model trained on the adversarially extracted data achieves approximately $\approx$90\% accuracy, closely matching the accuracy achieved when trained on the original data. To mitigate this threat, we propose masking labels/classes and modifying the cost function for label obfuscation, reducing adversarial label prediction accuracy by $\approx$70\%.
format Preprint
id arxiv_https___arxiv_org_abs_2407_14687
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Quantum Data Breach: Reusing Training Dataset by Untrusted Quantum Clouds
Upadhyay, Suryansh
Ghosh, Swaroop
Quantum Physics
Quantum computing (QC) has the potential to revolutionize fields like machine learning, security, and healthcare. Quantum machine learning (QML) has emerged as a promising area, enhancing learning algorithms using quantum computers. However, QML models are lucrative targets due to their high training costs and extensive training times. The scarcity of quantum resources and long wait times further exacerbate the challenge. Additionally, QML providers may rely on a third-party quantum cloud for hosting the model, exposing the models and training data. As QML-as-a-Service (QMLaaS) becomes more prevalent, reliance on third party quantum clouds can pose a significant threat. This paper shows that adversaries in quantum clouds can use white-box access of the QML model during training to extract the state preparation circuit (containing training data) along with the labels. The extracted training data can be reused for training a clone model or sold for profit. We propose a suite of techniques to prune and fix the incorrect labels. Results show that $\approx$90\% labels can be extracted correctly. The same model trained on the adversarially extracted data achieves approximately $\approx$90\% accuracy, closely matching the accuracy achieved when trained on the original data. To mitigate this threat, we propose masking labels/classes and modifying the cost function for label obfuscation, reducing adversarial label prediction accuracy by $\approx$70\%.
title Quantum Data Breach: Reusing Training Dataset by Untrusted Quantum Clouds
topic Quantum Physics
url https://arxiv.org/abs/2407.14687