The growing need for data privacy poses a major challenge for collaborative machine learning, especially when dealing with sensitive information distributed across multiple devices. Atit Pokharel, Ratun Rahman, Shaba Shaon and colleagues at the University of Alabama in Huntsville are addressing this issue by investigating new approaches to ensuring federated quantum learning. Their research strategically employs the inherent noise within current quantum computers to protect model information during training and provide a mechanism to differentiate privacy without the need for the exchange of raw data. This innovative method adjusts the noise level to achieve specific privacy goals, balances security with the need for accurate results, demonstrates robust defense against adversarial attacks, and paves the way for reliable, secure quantum computing applications.
Noise enhances privacy for quantum association learning
Researchers have developed a new framework for quantum federated learning (QFL) that utilizes the inherent noise within modern quantum devices to enhance data privacy and model security. This approach is differentially called prebate QFL (DP-QFL), effectively used as a mechanism of differential privacy without the need for additional artificial noise, exploiting the randomness already present in noisy intermediate-scale quantum (NISQ) devices. Federation Learning, a distributed machine learning technology, allows model training on multiple devices that hold local data samples, avoiding the need to centralize sensitive information. QFL could extend this paradigm into the quantum domain and unleash the advantages of computational power and model expressiveness, but the nature of quantum information exchange introduces new privacy challenges. The team has demonstrated that by carefully adjusting the adjustment to the measured shot and the strength of the depolarizing channels, as well as the strength of the quantum operations introducing errors, the team has demonstrated that the desired level of privacy can be achieved while balancing current quantum hardware limitations. This framework addresses a critical vulnerability in the QFL system. Here, the enemy can leverage shared model updates to infer the performance of sensitive or compromise models.
The experiments carried out quantum-based adversarial attacks, particularly target attacks designed to induce misclassification, simulating realistic threat scenarios, and assessing the resilience of DP-QFL to them. The results show an adjustable trade-off between privacy and robustness, which can be optimized based on specific security requirements and hardware constraints. Higher privacy levels generally correspond to a slight decrease in model accuracy. This is a common feature of methods that provide privacy. Training performance under different privacy budgets was assessed and quantified using Privacy Loss measures achieved using established datasets such as MNIST handwritten digit datasets and Fashion Mist datasets. By leveraging existing noise characteristics, teams avoid the need for technologies that provide the complex, resource-intensive privacy that is often employed in classical machine learning, such as the addition of Gaussian noise and the adoption of safe multi-party calculations. The findings have implications for reliable quantum computing applications, paving the way for safe and collaborative training of quantum models, particularly in distributed networks of devices, such as healthcare and finance, where data privacy is paramount.
.
