Certified Robustness of Quantum Classifiers against Adversarial Examples through Quantum Noise
This addresses security concerns for quantum machine learning systems, though it is incremental as it builds on existing differential privacy concepts.
The paper tackles the vulnerability of quantum classifiers to adversarial attacks by showing that adding quantum random rotation noise improves robustness, and it derives a certified robustness bound supported by experiments on IBM's 7-qubit device.
Recently, quantum classifiers have been found to be vulnerable to adversarial attacks, in which quantum classifiers are deceived by imperceptible noises, leading to misclassification. In this paper, we propose the first theoretical study demonstrating that adding quantum random rotation noise can improve robustness in quantum classifiers against adversarial attacks. We link the definition of differential privacy and show that the quantum classifier trained with the natural presence of additive noise is differentially private. Finally, we derive a certified robustness bound to enable quantum classifiers to defend against adversarial examples, supported by experimental results simulated with noises from IBM's 7-qubits device.