Guardado en:
| Autores principales: | , |
|---|---|
| Formato: | Preprint |
| Publicado: |
2026
|
| Materias: | |
| Acceso en línea: | https://arxiv.org/abs/2603.00950 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| _version_ | 1866912934519635968 |
|---|---|
| author | Raj, Amal Balachandran, Vivek |
| author_facet | Raj, Amal Balachandran, Vivek |
| contents | As quantum computing platforms increasingly adopt cloud-based execution, users submit quantum circuits to remote compilers and backends, trusting that what they submit is exactly what will be run. This shift introduces new trust assumptions in the submission pipeline, which remain largely unexamined. In this paper, we present QSpy, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit. Once deployed on a user's machine, QSpy silently installs a rogue certificate authority and proxies outgoing API traffic, enabling a man-in-the-middle (MITM) attack on submitted quantum circuits. We show that the intercepted quantum circuits may be forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures. Our prototype targets IBM Qiskit APIs on a Windows system, but the attack model generalizes to other delegated quantum computing workflows. This work highlights the urgent need for submission-layer protections and demonstrates how even classical attack primitives can pose critical threats to quantum workloads. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2603_00950 |
| institution | arXiv |
| publishDate | 2026 |
| record_format | arxiv |
| spellingShingle | QSpy: A Quantum RAT for Circuit Spying and IP Theft Raj, Amal Balachandran, Vivek Cryptography and Security As quantum computing platforms increasingly adopt cloud-based execution, users submit quantum circuits to remote compilers and backends, trusting that what they submit is exactly what will be run. This shift introduces new trust assumptions in the submission pipeline, which remain largely unexamined. In this paper, we present QSpy, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit. Once deployed on a user's machine, QSpy silently installs a rogue certificate authority and proxies outgoing API traffic, enabling a man-in-the-middle (MITM) attack on submitted quantum circuits. We show that the intercepted quantum circuits may be forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures. Our prototype targets IBM Qiskit APIs on a Windows system, but the attack model generalizes to other delegated quantum computing workflows. This work highlights the urgent need for submission-layer protections and demonstrates how even classical attack primitives can pose critical threats to quantum workloads. |
| title | QSpy: A Quantum RAT for Circuit Spying and IP Theft |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2603.00950 |