Quantum noise protects quantum classifiers against adversaries

Yuxuan Du,Min-Hsiu Hsieh,Tongliang Liu,Dacheng Tao,Nana Liu
DOI: https://doi.org/10.1103/PhysRevResearch.3.023153
2021-05-28
Physical Review Research
Abstract:Noise in quantum information processing is often viewed as a disruptive and difficult-to-avoid feature, especially in near-term quantum technologies. However, noise has often played beneficial roles, from enhancing weak signals in stochastic resonance to protecting the privacy of data in differential privacy. It is then natural to ask: Can we harness the power of quantum noise that is beneficial to quantum computing? An important current direction for quantum computing is its application to machine learning, such as classification problems. One outstanding problem in machine learning for classification is its sensitivity to adversarial examples. These are small, undetectable perturbations from the original data where the perturbed data is completely misclassified in otherwise extremely accurate classifiers. They can also be considered as worst-case perturbations by unknown noise sources. We show that by taking advantage of depolarization noise in quantum circuits for classification, a robustness bound against adversaries can be derived where the robustness improves with increasing noise. This robustness property is intimately connected with an important security concept called differential privacy, which can be extended to quantum differential privacy. For the protection of quantum data, this quantum protocol can be used against the most general adversaries. Furthermore, we show how the robustness in the classical case can be sensitive to the details of the classification model, but in the quantum case the details of the classification model are absent, thus also providing a potential quantum advantage for classical data. This opens the opportunity to explore other ways in which quantum noise can be used in our favor, as well as identifying other ways quantum algorithms can be helpful in a way which is distinct from quantum speedups. https://doi.org/10.1103/PhysRevResearch.3.023153 Published by the American Physical Society under the terms of the Creative Commons Attribution 4.0 International license. Further distribution of this work must maintain attribution to the author(s) and the published article's title, journal citation, and DOI. Published by the American Physical Society
What problem does this paper attempt to address?