Black-Box Auditing of Quantum Model: Lifted Differential Privacy with Quantum Canaries

Quantum machine learning (QML) promises significant computational advantages, yet models trained on sensitive data risk memorizing individual records, creating serious privacy vulnerabilities. While Quantum Differential Privacy (QDP) mechanisms provide theoretical worst-case guarantees, they critically lack empirical verification tools for deployed models. We introduce the first black-box privacy auditing framework for QML based on Lifted Quantum Differential Privacy, leveraging quantum canaries (strategically offset-encoded quantum states) to detect memorization and precisely quantify privacy leakage during training. Our framework establishes a rigorous mathematical connection between canary offset and trace distance bounds, deriving empirical lower bounds on privacy budget consumption that bridge the critical gap between theoretical guarantees and practical privacy verification. Comprehensive evaluations across both simulated and physical quantum hardware demonstrate our framework's effectiveness in measuring actual privacy loss in QML models, enabling robust privacy verification in QML systems.

Key Contributions

• First black-box privacy auditing framework for QML using Lifted Quantum Differential Privacy and quantum canaries (offset-encoded quantum states) to detect memorization
• Rigorous mathematical connection between canary offset and trace distance bounds, enabling empirical lower bounds on the privacy budget (ε) that bridge theory and practice
• Comprehensive evaluation on both simulated and physical quantum hardware demonstrating the framework's effectiveness at measuring actual privacy loss

🛡️ Threat Analysis

Details

Similar Papers