ML Security PapersTrustworthy Quantum Machine Learning: A Roadmap for Reliability, Robustness, and Security in the NISQ Era
Ferhat Ozgur Catak 1, Jungwon Seo 1, Umit Cali 2
Published on arXiv
2511.02602
Input Manipulation Attack
OWASP ML Top 10 — ML01
Model Inversion Attack
OWASP ML Top 10 — ML03
Key Finding
Finds an asymmetry in attack vulnerability between classical and quantum-native perturbations on parameterized quantum circuits, with quantum state perturbations exploiting structurally distinct vulnerabilities
TQML (Trustworthy Quantum Machine Learning)
Novel technique introduced
Quantum machine learning (QML) is a promising paradigm for tackling computational problems that challenge classical AI. Yet, the inherent probabilistic behavior of quantum mechanics, device noise in NISQ hardware, and hybrid quantum-classical execution pipelines introduce new risks that prevent reliable deployment of QML in real-world, safety-critical settings. This research offers a broad roadmap for Trustworthy Quantum Machine Learning (TQML), integrating three foundational pillars of reliability: (i) uncertainty quantification for calibrated and risk-aware decision making, (ii) adversarial robustness against classical and quantum-native threat models, and (iii) privacy preservation in distributed and delegated quantum learning scenarios. We formalize quantum-specific trust metrics grounded in quantum information theory, including a variance-based decomposition of predictive uncertainty, trace-distance-bounded robustness, and differential privacy for hybrid learning channels. To demonstrate feasibility on current NISQ devices, we validate a unified trust assessment pipeline on parameterized quantum classifiers, uncovering correlations between uncertainty and prediction risk, an asymmetry in attack vulnerability between classical and quantum state perturbations, and privacy-utility trade-offs driven by shot noise and quantum channel noise. This roadmap seeks to define trustworthiness as a first-class design objective for quantum AI.
Key Contributions
- Unified TQML framework with quantum-specific trust metrics: variance-based predictive uncertainty decomposition, trace-distance-bounded adversarial robustness, and differential privacy for hybrid quantum learning channels
- Experimental validation on NISQ hardware revealing asymmetric attack vulnerability between classical input perturbations and quantum-native state perturbations on parameterized quantum circuits
- End-to-end trust assessment pipeline correlating uncertainty estimates with prediction risk and characterizing privacy-utility trade-offs under shot noise and quantum channel noise
🛡️ Threat Analysis
Central pillar of the paper is adversarial robustness of parameterized quantum classifiers against trace-distance-bounded quantum-state perturbations and classical input perturbations at inference time — directly analogous to adversarial examples research but formalized in Hilbert space.
Privacy preservation pillar addresses data reconstruction risks in federated and delegated quantum learning through differential privacy for hybrid quantum channels, with an explicit adversarial threat model involving gradient leakage in distributed QML settings.