Baobao Song

Baobao Song, Shiva Raj Pokhrel, Athanasios V. Vasilakos et al.

Quantum machine learning (QML) promises significant computational advantages, yet models trained on sensitive data risk memorizing individual records, creating serious privacy vulnerabilities. While Quantum Differential Privacy (QDP) mechanisms provide theoretical worst-case guarantees, they critically lack empirical verification tools for deployed models. We introduce the first black-box privacy auditing framework for QML based on Lifted Quantum Differential Privacy, leveraging quantum canaries (strategically offset-encoded quantum states) to detect memorization and precisely quantify privacy leakage during training. Our framework establishes a rigorous mathematical connection between canary offset and trace distance bounds, deriving empirical lower bounds on privacy budget consumption that bridge the critical gap between theoretical guarantees and practical privacy verification. Comprehensive evaluations across both simulated and physical quantum hardware demonstrate our framework's effectiveness in measuring actual privacy loss in QML models, enabling robust privacy verification in QML systems.

Baobao Song, Qiujun Lan, Yang Li et al.

Ranking aggregation is commonly adopted in cooperative decision-making to assist in combining multiple rankings into a single representative. To protect the actual ranking of each individual, some privacy-preserving strategies, such as differential privacy, are often used. This, however, does not consider the scenario where the curator, who collects all rankings from individuals, is untrustworthy. This paper proposed a mechanism to solve the above situation using the distribute differential privacy framework. The proposed mechanism collects locally differential private rankings from individuals, then randomly permutes pairwise rankings using a shuffle model to further amplify the privacy protection. The final representative is produced by hierarchical rank aggregation. The mechanism was theoretically analysed and experimentally compared against existing methods, and demonstrated competitive results in both the output accuracy and privacy protection.