Quantum computing is a promising paradigm to solve computationally intractable problems. Various companies such as, IBM, Rigetti and D-Wave offer quantum computers using a cloud-based platform that possess several interesting features namely, (i) quantum hardware with various number of qubits and coupling maps exist at the cloud end that offer different computing capabilities; (ii) multiple hardware with identical coupling maps exist in the suite; (iii) coupling map of larger hardware with more number of qubits can fit the coupling map of many smaller hardware; (iv) the quality of each of the hardware is distinct; (v) user cannot validate the origination of the result obtained from a quantum hardware. In other words, the user relies on the scheduler of the cloud provider to allocate the requested hardware; (vi) the queue of quantum programs at the cloud end is typically long and maximizing the throughput, which is the key to reducing costs and helping the scientific community in their explorations. The above factors motivate a new threat model with following possibilities: (a) in future, less-trustworthy quantum computers from 3rd parties can allocate poor quality hardware to save on cost or towards satisfying their falsely-advertised qubit or quantum hardware specifications; (b) the workload scheduling algorithm could have a bug or malicious code segment which will try to maximize throughput at the cost of allocation to poor fidelity hardware. Such bugs are possible for trustworthy providers; (c) a rogue employee in trusted cloud vendor could try to sabotage the vendor’s reputation by degrading the user compute fidelity just by tampering with the scheduling algorithm or rerouting the program; (d) a rogue employee can steal information by redirecting the programs to a 3rd party quantum hardware where they have full control. If the allocated hardware is inferior in quality, the user will suffer from poor quality result or longer convergence time. We propose two flavors of a Quantum Physically Unclonable Function (QuPUF) to address this issue- one based on superposition and another based on decoherence. Our experiments on real quantum hardware reveal that temporal variations in qubit quality can degrade the quality of the proposed QuPUF. We add a parametric rotation to the QuPUF for stability. Experiments on real IBM quantum hardware show that the proposed QuPUF can achieve inter-die Hamming Distance (HD) of 55% and intra-HD as low as 4%, as compared to ideal cases of 50% and 0% respectively. The proposed QuPUFs can also be used as a standalone solution for any other application.

中文翻译：

---

用于量子计算安全和信任的量子 PUF

量子计算是解决计算上难以处理的问题的有前途的范例。IBM、Rigetti 和 D-Wave 等各种公司使用基于云的平台提供量子计算机，这些平台具有几个有趣的功能，即（i）具有各种量子位和耦合图的量子硬件存在于云端，提供不同的计算能力；(ii) 套件中存在多个具有相同耦合映射的硬件；(iii) 具有更多量子比特的较大硬件的耦合图可以拟合许多较小硬件的耦合图；(iv) 每个硬件的质量都是不同的；(v) 用户无法验证从量子硬件获得的结果的来源。换句话说，用户依赖于云提供商的调度器来分配请求的硬件；(vi) 云端的量子程序队列通常很长，并最大限度地提高吞吐量，这是降低成本和帮助科学界探索的关键。上述因素催生了具有以下可能性的新威胁模型：（a）未来，来自第 3 方的可信度较低的量子计算机可以分配质量较差的硬件以节省成本或满足其虚假宣传的量子位或量子硬件规范；(b) 工作负载调度算法可能存在错误或恶意代码段，这些代码段将尝试以分配给低保真硬件为代价来最大化吞吐量。值得信赖的提供商可能会出现此类错误；(c) 受信任的云供应商的流氓员工可能会试图通过篡改调度算法或重新路由程序来降低用户计算保真度，从而破坏供应商的声誉；(d) 流氓员工可以通过将程序重定向到他们完全控制的第 3 方量子硬件来窃取信息。如果分配的硬件质量较差，用户将遭受质量较差的结果或较长的收敛时间。我们提出了两种量子物理不可克隆函数 (QuPUF) 来解决这个问题——一种基于叠加，另一种基于退相干。我们在真实量子硬件上的实验表明，量子比特质量的时间变化会降低所提出的 QuPUF 的质量。我们为 QuPUF 添加了参数旋转以确保稳定性。在真实 IBM 量子硬件上的实验表明，与理想情况下分别为 50% 和 0% 的理想情况相比，所提出的 QuPUF 可以实现 55% 的芯片间汉明距离 (HD) 和低至 4% 的内部 HD。建议的 QuPUF 也可以用作任何其他应用程序的独立解决方案。