Bojia Duan,Chang-Yu Hsieh

DOI: https://doi.org/10.1103/physreva.110.012616

2024-01-01

Abstract:Quantum random access memory (QRAM) is an essential ingredient for many quantum algorithms, such as quantum machine learning models. The quantum resources (qubit counts and circuit depths) required to load classical data into a circuit severely prohibit many reasonably sophisticated demonstrations in the near term. To this end, we propose a method to construct a compact QRAM circuit, leveraging classical preprocessing to design as shallow a circuit with as few auxiliary qubits as possible. The underlying idea is to map data-encoded quantum states into an orthogonal set of quantum states (characterized by a family of parametrized circuits); then one can straightforwardly entangle the data qubits with the address qubits using CNOT gates to realize a data-loading QRAM circuit. The nonunitary transformation to convert the orthogonalized quantum states back to the original data-encoded quantum states can be easily achieved with the help of a small set of auxiliary qubits and postselections. Numerical simulations on handwritten digits and Iris data sets are performed to assess the effectiveness of the proposed method, and we also highlight how noise influences quantum circuit performance across diverse configurations using random data sets. The proposed method for constructing a QRAM circuit can potentially facilitate the development and testing of many quantum machine learning methods in the near term.

Amit Kumar Chauhan,Abhishek Kumar,Somitra Kumar Sanadhya

DOI: https://doi.org/10.46586/tosc.v2021.i1.316-336

2021-03-19

IACR Transactions on Symmetric Cryptology

Abstract:Recently, Hosoyamada and Sasaki (EUROCRYPT 2020), and Xiaoyang Dong et al. (ASIACRYPT 2020) proposed quantum collision attacks against AES-like hashing modes AES-MMO and AES-MP. Their collision attacks are based on the quantum version of the rebound attack technique exploiting the differential trails whose probabilities are too low to be useful in the classical setting but large enough in the quantum setting. In this work, we present dedicated quantum free-start collision attacks on Hirose’s double block length compression function instantiated with AES-256, namely HCF-AES-256. The best publicly known classical attack against HCF-AES-256 covers up to 9 out of 14 rounds. We present a new 10-round differential trail for HCF-AES-256 with probability 2−160, and use it to find collisions with a quantum version of the rebound attack. Our attack succeeds with a time complexity of 285.11 and requires 216 qRAM in the quantum-attack setting, where an attacker can make only classical queries to the oracle and perform offline computations. We also present a quantum free-start collision attack on HCF-AES-256 with a time complexity of 286.07 which outperforms Chailloux, Naya-Plasencia, and Schrottenloher’s generic quantum collision attack (ASIACRYPT 2017) in a model when large qRAM is not available.

Zhiyu Zhang,Siwei Sun,Caibing Wang,Lei Hu

DOI: https://doi.org/10.46586/tosc.v2023.i2.224-252

2023-06-16

IACR Transactions on Symmetric Cryptology

Abstract:At EUROCRYPT 2006, Kelsey and Kohno proposed the so-called chosen target forced-prefix (CTFP) preimage attack, where for any challenge prefix P, the attacker can generate a suffix S such that H(P∥S) = y for some hash value y published in advance by the attacker. Consequently, the attacker can pretend to predict some event represented by P she did not know before, and thus this type of attack is also known as the Nostradamus attack. At ASIACRYPT 2022, Benedikt et al. convert Kelsey et al.’s attack to a quantum one, reducing the time complexity from O(√n · 22n/3) to O( 3√n · 23n/7). CTFP preimage attack is less investigated in the literature than (second-)preimage and collision attacks and lacks dedicated methods. In this paper, we propose the first dedicated Nostradamus attack based on the meet-in-the-middle (MITM) attack, and the MITM Nostradamus attack could be up to quadratically accelerated in the quantum setting. According to the recent works on MITM preimage attacks on AES-like hashing, we build an automatic tool to search for optimal MITM Nostradamus attacks and model the tradeoff between the offline and online phases. We apply our method to AES-MMO and Whirlpool, and obtain the first dedicated attack on round-reduced version of these hash functions. Our method and automatic tool are applicable to other AES-like hashings.

Beomgeun Cho,Minki Hhan,Taehyun Kim,Jeonghoon Lee,Yixin Shen

2024-10-21

Abstract:In this paper, we study the requirement for quantum random access memory (QRAM) in quantum lattice sieving, a fundamental algorithm for lattice-based cryptanalysis. First, we obtain a lower bound on the cost of quantum lattice sieving with a bounded size QRAM. We do so in a new query model encompassing a wide range of lattice sieving algorithms similar to those in the classical sieving lower bound by Kirshanova and Laarhoven [CRYPTO 21]. This implies that, under reasonable assumptions, quantum speedups in lattice sieving require the use of QRAM. In particular, no quantum speedup is possible without QRAM. Second, we investigate the trade-off between the size of QRAM and the quantum speedup. We obtain a new interpolation between classical and quantum lattice sieving. Moreover, we show that further improvements require a novel way to use the QRAM by proving the optimality of some subroutines. An important caveat is that this trade-off requires a strong assumption on the efficient replacement of QRAM data, indicating that even speedups with a small QRAM are already challenging. Finally, we provide a circuit for quantum lattice sieving without using QRAM. Our circuit has a better depth complexity than the best classical algorithms but requires an exponential amount of qubits. To the best of our knowledge, this is the first quantum speedup for lattice sieving without QRAM in the standard quantum circuit model. We explain why this circuit does not contradict our lower bound, which considers the query complexity.

Quantum Physics,Cryptography and Security

Shifan Xu,Connor T. Hann,Ben Foxman,Steven M. Girvin,Yongshan Ding

DOI: https://doi.org/10.1145/3613424.3614270

2023-09-30

Abstract:Operating on the principles of quantum mechanics, quantum algorithms hold the promise for solving problems that are beyond the reach of the best-available classical algorithms. An integral part of realizing such speedup is the implementation of quantum queries, which read data into forms that quantum computers can process. Quantum random access memory (QRAM) is a promising architecture for realizing quantum queries. However, implementing QRAM in practice poses significant challenges, including query latency, memory capacity and fault-tolerance. In this paper, we propose the first end-to-end system architecture for QRAM. First, we introduce a novel QRAM that hybridizes two existing implementations and achieves asymptotically superior scaling in space (qubit number) and time (circuit depth). Like in classical virtual memory, our construction enables queries to a virtual address space larger than what is actually available in hardware. Second, we present a compilation framework to synthesize, map, and schedule QRAM circuits on realistic hardware. For the first time, we demonstrate how to embed large-scale QRAM on a 2D Euclidean space, such as a grid layout, with minimal routing overhead. Third, we show how to leverage the intrinsic biased-noise resilience of the proposed QRAM for implementation on either Noisy Intermediate-Scale Quantum (NISQ) or Fault-Tolerant Quantum Computing (FTQC) hardware. Finally, we validate these results numerically via both classical simulation and quantum hardware experimentation. Our novel Feynman-path-based simulator allows for efficient simulation of noisy QRAM circuits at a larger scale than previously possible. Collectively, our results outline the set of software and hardware controls needed to implement practical QRAM.

Quantum Physics,Hardware Architecture

Ákos Nagy,Cindy Zhang

2024-06-13

Abstract:We present new designs for quantum random access memory. More precisely, for each function, $f : \mathbb{F}_2^n \rightarrow \mathbb{F}_2^d$, we construct oracles, $\mathcal{O}_f$, with the property \begin{equation} \mathcal{O}_f \left| x \right\rangle_n \left| 0 \right\rangle_d = \left| x \right\rangle_n \left| f(x) \right\rangle_d. \end{equation} Our methods are based on the Walsh-Hadamard Transform of $f$, viewed as an integer valued function. In general, the complexity of our method scales with the sparsity of the Walsh-Hadamard Transform and not the sparsity of $f$, yielding more favorable constructions in cases such as binary optimization problems and function with low-degree Walsh-Hadamard Transforms. Furthermore, our design comes with a tuneable amount of ancillas that can trade depth for size. In the ancilla-free design, these oracles can be $\epsilon$-approximated so that the Clifford + $T$ depth is $O \left( \left( n + \log_2 \left( \tfrac{d}{\epsilon} \right) \right) \mathcal{W}_f \right)$, where $\mathcal{W}_f$ is the number of nonzero components in the Walsh-Hadamard Transform. The depth of the shallowest version is $O \left( n + \log_2 \left( \tfrac{d}{\epsilon} \right) \right)$, using $n + d \mathcal{W}_f$ qubit. The connectivity of these circuits is also only logarithmic in $\mathcal{W}_f$. As an application, we show that for boolean functions with low approximate degrees (as in the case of read-once formulas) the complexities of the corresponding QRAM oracles scale only as $2^{\widetilde{O} \left( \sqrt{n} \log_2 \left( n \right) \right)}$.

Quantum Physics

Xiaoyang Dong,Jian Guo,Shun Li,Phuong Pham,Tianyu Zhang

DOI: https://doi.org/10.46586/tosc.v2024.i1.158-187

2024-01-01

IACR Transactions on Symmetric Cryptology

Abstract:The Nostradamus attack was originally proposed as a security vulnerability for a hash function by Kelsey and Kohno at EUROCRYPT 2006. It requires the attacker to commit to a hash value y of an iterated hash function H. Subsequently, upon being provided with a message prefix P, the adversary’s task is to identify a suffix S such that H(P∥S) equals y. Kelsey and Kohno demonstrated a herding attack requiring O(√n · 22n/3) evaluations of the compression function of H, where n represents the output and state size of the hash, placing this attack between preimage attacks and collision searches in terms of complexity. At ASIACRYPT 2022, Benedikt et al. transform Kelsey and Kohno’s attack into a quantum variant, decreasing the time complexity from O(√n · 22n/3) to O( 3√n · 23n/7). At ToSC 2023, Zhang et al. proposed the first dedicated Nostradamus attack on AES-like hashing in both classical and quantum settings. In this paper, we have made revisions to the multi-target technique incorporated into the meet-in-the-middle automatic search framework. This modification leads to a decrease in time complexity during the online linking phase, effectively reducing the overall attack time complexity in both classical and quantum scenarios. Specifically, we can achieve more rounds in the classical setting and reduce the time complexity for the same round in the quantum setting.

Zhao-Yun Chen,Cheng Xue,Yun-Jie Wang,Tai-Ping Sun,Huan-Yu Liu,Xi-Ning Zhuang,Meng-Han Dou,Tian-Rui Zou,Yuan Fang,Yu-Chun Wu,Guo-Ping Guo

2023-06-21

Abstract:Quantum Random Access Memory (QRAM) is a critical component for loading classical data into quantum computers. While constructing a practical QRAM presents several challenges, including the impracticality of an infinitely large QRAM size and a fully error-correction implementation, it is essential to consider a practical case where the QRAM has a limited size. In this work, we focus on the access of larger data sizes without keeping on increasing the size of the QRAM. Firstly, we address the challenge of word length, as real-world datasets typically have larger word lengths than the single-bit data that most previous studies have focused on. We propose a novel protocol for loading data with larger word lengths $k$ without increasing the number of QRAM levels $n$. By exploiting the parallelism in the data query process, our protocol achieves a time complexity of $O(n+k)$ and improves error scaling performance compared to existing approaches. Secondly, we provide a data-loading method for general-sized data access tasks when the number of data items exceeds $2^n$, which outperforms the existing hybrid QRAM+QROM architecture. Our method contributes to the development of time and error-optimized data access protocols for QRAM devices, reducing the qubit count and error requirements for QRAM implementation, and making it easier to construct practical QRAM devices with a limited number of physical qubits.

Quantum Physics

Zhao-Yun Chen,Cheng Xue,Tai-Ping Sun,Huan-Yu Liu,Xi-Ning Zhuang,Meng-Han Dou,Tian-Rui Zou,Yuan Fang,Yu-Chun Wu,Guo-Ping Guo

2023-01-01

Abstract: Quantum Random Access Memory (QRAM) is a critical component for loading classical data into quantum computers. However, constructing a practical QRAM presents several challenges, including the impracticality of an infinitely large QRAM size and a fully error-correction implementation. In this work, we address the challenge of word length, as real-world datasets typically have larger word lengths than the single-bit data that most previous studies have focused on. We propose a novel protocol for loading data with larger word length $k$ without increasing the number of QRAM levels $n$. By exploiting the parallelism in the data query process, our protocol achieves a time complexity of $O(n+k)$ and improves error scaling performance compared to existing approaches. We also provide a data-loading method for general-sized data access tasks when the number of data items exceeds $2^n$, which outperforms the existing hybrid QRAM+QROM architecture. Our protocol contributes to the development of time and error-optimized data access protocols for QRAM devices, reducing the qubit count and error requirements for QRAM implementation, and making it easier to construct practical QRAM devices with physical qubits.

Yunfei Wang,Yuri Alexeev,Liang Jiang,Frederic T. Chong,Junyu Liu

2023-07-25

Abstract:Quantum devices should operate in adherence to quantum physics principles. Quantum random access memory (QRAM), a fundamental component of many essential quantum algorithms for tasks such as linear algebra, data search, and machine learning, is often proposed to offer $\mathcal{O}(\log N)$ circuit depth for $\mathcal{O}(N)$ data size, given $N$ qubits. However, this claim appears to breach the principle of relativity when dealing with a large number of qubits in quantum materials interacting locally. In our study we critically explore the intrinsic bounds of rapid quantum memories based on causality, employing the relativistic quantum field theory and Lieb-Robinson bounds in quantum many-body systems. In this paper, we consider a hardware-efficient QRAM design in hybrid quantum acoustic systems. Assuming clock cycle times of approximately $10^{-3}$ seconds and a lattice spacing of about 1 micrometer, we show that QRAM can accommodate up to $\mathcal{O}(10^7)$ logical qubits in 1 dimension, $\mathcal{O}(10^{15})$ to $\mathcal{O}(10^{20})$ in various 2D architectures, and $\mathcal{O}(10^{24})$ in 3 dimensions. We contend that this causality bound broadly applies to other quantum hardware systems. Our findings highlight the impact of fundamental quantum physics constraints on the long-term performance of quantum computing applications in data science and suggest potential quantum memory designs for performance enhancement.

Quantum Physics,Artificial Intelligence,Machine Learning

Răzvan Roşie

DOI: https://doi.org/10.48550/arXiv.1412.3164

2016-01-26

Abstract:We propose a preimage attack against cryptographic hash functions based on the speedup enabled by quantum computing. Preimage resistance is a fundamental property cryptographic hash functions must possess. The motivation behind this work relies in the lack of conventional attacks against newly introduced hash schemes such as the recently elected SHA-3 standard. The proposed algorithm consists of two parts: a classical one running in O(log |S|), where S represents the searched space, and a quantum part that contains the bulk of the Deutsch-Jozsa circuit. The mixed approach we follow makes use of the quantum parallelism concept to check the existence of an argument (preimage) for a given hash value (image) in the preestablished search space. For this purpose, we explain how a non-unitary measurement gate can be used to determine if S contains the target value. Our method is entirely theoretical and is based on the assumptions that a hash function can be implemented by a quantum computer and the key measurement gate we describe is physically realizable. Finally, we present how the algorithm finds a solution on S.

Cryptography and Security,Quantum Physics

Shoichi HIROSE,Hidenori KUWAKADO

DOI: https://doi.org/10.1587/transfun.2023dmp0007

2024-01-01

Abstract:In 2005, Nandi introduced a class of double-block-length compression functions hπ (x) := (h(x) , h( π(x) ) ), where h is a random oracle with an n-bit output and π is a non-cryptographic public permutation. Nandi demonstrated that the collision resistance of hπ is optimal if π has no fixed point in the classical setting. Our study explores the collision resistance of hπ and the Merkle-Damåard hash function using hπ in the quantum random oracle model. Firstly, we reveal that the quantum collision resistance of hπ may not be optimal even if π has no fixed point. If π is an involution, then a colliding pair of inputs can be found for hπ with only O(2n/2) queries by the Grover search. Secondly, we present a sufficient condition on π for the optimal quantum collision resistance of hπ. This condition states that any collision attack needs Ω(22n/3) queries to find a colliding pair of inputs. The proof uses the recent technique of Zhandry's compressed oracle. Thirdly, we show that the quantum collision resistance of the Merkle-Damgård hash function using hπ can be optimal even if π is an involution. Finally, we discuss the quantum collision resistance of double-block-length compression functions using a block cipher.

computer science, information systems,engineering, electrical & electronic, hardware & architecture

Yizhuo Tan,Hrvoje Kukina,Jakub Szefer

2024-10-10

Abstract:As the quantum research community continues to grow and new algorithms are designed, developed, and implemented, it is crucial to start thinking about security aspects and potential threats that could result in misuse of the algorithms, or jeopardize the information processed with these quantum algorithms. This work focuses on exploration of two types of potential attacks that could be deployed on a cloud-based quantum computer by an attacker circuit trying to interfere with victim circuit. The two attacks, called Improper Initialization Attack (IIA) and Higher Energy Attack (HEA), are for the first time applied to a well-known and widely used quantum algorithm: HHL. The HHL algorithm is used in the field of machine learning and big data for solving systems of linear equations. This work evaluates the effect of the attacks on different qubits within the HHL algorithm: ancilla qubit, clock qubit, and b qubit. This work demonstrates that the two attacks are able to cause incorrect results, even when only one of the qubits in the victim algorithm is attacked. Having discovered the vulnerabilities, the work motivates the need for future work to develop defense strategies for each of these attack scenarios.

Cryptography and Security,Quantum Physics

Seungjun Baek,Sehee Cho,Jongsung Kim

DOI: https://doi.org/10.1007/s11128-022-03499-5

IF: 1.965

2022-04-27

Quantum Information Processing

Abstract:Recently, Hosoyamada and Sasaki (Eurocrypt'20) proposed dedicated quantum collision attacks on AES-MMO and AES-MP and revealed that a differential trail that is not available in the classical setting due to a low probability can be utilized in the quantum settings. Their works encouraged cryptographers to actively perform security analysis of concrete hash functions in the quantum settings, which had not received much attention before. Xiaoyang Dong et al. (Asiacrypt'20) proposed improved dedicated quantum collision attacks on AES-MMO and AES-MP, and Chauhan et al. (ToSC'21) proposed quantum rebound attacks on the double-block-length hash function Hirose instantiated with 10-round reduced AES-256. In this paper, we propose a quantum collision attack on the Davies–Meyer (DM) hash function instantiated with full-round AES-256. We construct a new chosen-key differential trail for AES-256 based on the trail of Biryukov et al. proposed in 2009 and use it to find collisions of the full AES-256-based DM in a quantum setting. We also present quantum free-start collision attacks on the Hirose and MJH hash functions instantiated with full-round AES-256. These attacks are significant in that they are the first algorithms to find full-round (free-start) collisions. In particular, in the case of Hirose-AES-256, our attacks can cover a larger number of constant c than previously proposed attacks and also cover more rounds.

physics, multidisciplinary,quantum science & technology, mathematical

Qing Zhou,Xueming Tang,Songfeng Lu,And Hao Yang

DOI: https://doi.org/10.1109/TQE.2024.3368073

2024-01-01

IEEE Transactions on Quantum Engineering

Abstract:In this paper, we develop a generic controlled alternate quantum-walk model (called CQWMP) by combining parity-dependent quantum walks with distinct arbitrary memory lengths and propose a hash function (called QHFM-P) based on this model. The statistical properties of the proposed scheme are stable with respect to the coin parameters of the underlying controlled quantum walks; with certain parameter values, the collision resistance property of QHFM-P is better than that of the state-of-the-art hash functions based on discrete quantum walks. Moreover, the proposed hash function can also maintain near-ideal statistical performance when the input message is of small length. Additionally, we derive a type of inappropriate initial states of hash functions based on one-dimensional one-particle quantum walks (with ordinary shift operator) on cycles, with which all messages will be mapped to the same hash value, regardless of the angles adopted by the coin parameters.

Qing Zhou,Songfeng Lu

DOI: https://doi.org/10.1109/tqe.2021.3130256

2021-01-01

IEEE Transactions on Quantum Engineering

Abstract:We propose a Quantum inspired Hash Function using controlled alternate quantum walks with Memory on cycles (QHFM), where the $j$th message bit decides whether to run quantum walk with one-step memory or to run quantum walk with two-step memory at the $j$th time step, and the hash value is calculated from the resulting probability distribution of the walker. Numerical simulation shows that the proposed hash function has near-ideal statistical performance and is at least on a par with the state-of-the-art hash functions based on quantum walks in terms of sensitivity of hash value to message, diffusion and confusion properties, uniform distribution property, and collision resistance property; and theoretical analysis indicates that the time and space complexity of the new scheme are not greater than those of its peers. The good performance of QHFM suggests that quantum walks that differ not only in coin operators but also in memory lengths can be combined to build good hash functions, which, in turn, enriches the construction of controlled alternate quantum walks.

Lu Xiaojuan,Li Bohan,Liu Meicheng,Lin Dongdai

DOI: https://doi.org/10.1186/s42400-021-00108-3

2022-01-01

Abstract:Nonlinear feedback shift register (NFSR) is one of the most important cryptographic primitives in lightweight cryptography. At ASIACRYPT 2010, Knellwolf et al. proposed conditional differential attack to perform a cryptanalysis on NFSR-based cryptosystems. The main idea of conditional differential attack is to restrain the propagation of the difference and obtain a detectable bias of the difference of the output bit. QUARK is a lightweight hash function family which is designed by Aumasson et al. at CHES 2010. Then the extended version of QUARK was published in Journal of Cryptology 2013. In this paper, we propose an improved conditional differential attack on QUARK. One improvement is that we propose a method to select the input difference. We could obtain a set of good input differences by this method. Another improvement is that we propose an automatic condition imposing algorithm to deal with the complicated conditions efficiently and easily. It is shown that with the improved conditional differential attack on QUARK, we can detect the bias of output difference at a higher round of QUARK. Compared to the current literature, we find a distinguisher of U-QUARK/D-QUARK/S-QUARK/C-QUARK up to 157/171/292/460 rounds with increasing 2/5/33/8 rounds respectively. We have performed the attacks on each instance of QUARK on a 3.30 GHz Intel Core i5 CPU, and all these attacks take practical complexities which have been fully verified by our experiments. As far as we know, all of these results have been the best thus far.

Luís Bugalho,Emmanuel Zambrini Cruzeiro,Kevin C. Chen,Wenhan Dai,Dirk Englund,Yasser Omar

DOI: https://doi.org/10.1038/s41534-023-00773-x

2023-12-04

Abstract:Giovannetti, Lloyd, and Maccone [Phys. Rev. Lett. 100, 160501] proposed a quantum random access memory (QRAM) architecture to retrieve arbitrary superpositions of $N$ (quantum) memory cells via $O(\log(N))$ quantum switches and $O(\log(N))$ address qubits. Towards physical QRAM implementations, Chen et al. [PRX Quantum 2, 030319] recently showed that QRAM maps natively onto optically connected quantum networks with $O(\log(N))$ overhead and built-in error detection. However, modeling QRAM on large networks has been stymied by exponentially rising classical compute requirements. Here, we address this bottleneck by: (i) introducing a resource-efficient method for simulating large-scale noisy entanglement, allowing us to evaluate hundreds and even thousands of qubits under various noise channels; and (ii) analyzing Chen et al.'s network-based QRAM as an application at the scale of quantum data centers or near-term quantum internet; and (iii) introducing a modified network-based QRAM architecture to improve quantum fidelity and access rate. We conclude that network-based QRAM could be built with existing or near-term technologies leveraging photonic integrated circuits and atomic or atom-like quantum memories.

Quantum Physics

D. K. Weiss,Shruti Puri,S. M. Girvin

2024-03-26

Abstract:Quantum random access memory (QRAM) is a common architecture resource for algorithms with many proposed applications, including quantum chemistry, windowed quantum arithmetic, unstructured search, machine learning, and quantum cryptography. Here we propose two bucket-brigade QRAM architectures based on high-coherence superconducting resonators, which differ in their realizations of the conditional-routing operations. In the first, we directly construct controlled-$\mathsf{SWAP}$ ($\textsf{CSWAP}$) operations, while in the second we utilize the properties of giant-unidirectional emitters (GUEs). For both architectures we analyze single-rail and dual-rail implementations of a bosonic qubit. In the single-rail encoding we can detect first-order ancilla errors, while the dual-rail encoding additionally allows for the detection of photon losses. For parameter regimes of interest the post-selected infidelity of a QRAM query in a dual-rail architecture is nearly an order of magnitude below that of a corresponding query in a single-rail architecture. These findings suggest that dual-rail encodings are particularly attractive as architectures for QRAM devices in the era before fault tolerance.

Quantum Physics

Wenbo Shi,Neel Kanth Kundu,Matthew R. McKay,Robert Malaney

2024-10-21

Abstract:As an alternative to quantum error correction, quantum error mitigation methods, including Zero-Noise Extrapolation (ZNE), have been proposed to alleviate run-time errors in current noisy quantum devices. In this work, we propose a modified version of ZNE that provides for a significant performance enhancement on current noisy devices. Our modified ZNE method extrapolates to zero-noise data by evaluating groups of noisy data obtained from noise-scaled circuits and selecting extrapolation functions for each group with the assistance of estimated noisy simulation results. To quantify enhancement in a real-world quantum application, we embed our modified ZNE in Quantum Random Access Memory (QRAM) - a memory system important for future quantum networks and computers. Our new ZNE-enhanced QRAM designs are experimentally implemented on a 27-qubit noisy superconducting quantum device, the results of which demonstrate QRAM fidelity can be improved significantly relative to traditional ZNE usage. Our results demonstrate the critical role the extrapolation function plays in ZNE - judicious choice of that function on a per-measurement basis can make the difference between a quantum application being functional or non-functional.

Quantum Physics