A new framework for validating the robust performance of quantum machine learning models against adversarial perturbations has been developed by Ji Guan and Mingsheng Ying of the Chinese Academy of Sciences in collaboration with Google and the Academy of Sciences. Guan et al.’s framework leverages fidelity-based lower bounds that can be calculated from measurements and provides both formal validation and empirical estimation on real quantum hardware. It incorporates an efficient formal verification framework along with VeriQR, a set of tools for QML robustness verification. The team validated their approach using a first experimental benchmark on a 20-qubit superconducting processor, enabling a scalable and physically grounded assessment of the robustness of the quantum model.
Establishing certified robustness for quantum machine learning via measurement distributions
Fidelity-based robustness lower bounds underpin this validation process, which is a method for establishing a minimum guaranteed level of accuracy against adversarial attacks, similar to product safety evaluation. Unlike traditional methods that rely on exhaustively testing models with large numbers of perturbed inputs, an approach that is computationally expensive and often impractical, this framework derives lower bounds from the distribution of measurements of a quantum model. This provides significant computational efficiency, which is especially important given the limitations of current quantum hardware. The concept of “fidelity” in this context refers to the overlap between the ideal output state of a quantum model and the actually observed output state, taking into account the inherent noise and imperfections present in quantum systems. Higher fidelity indicates a more reliable and robust model. This allows us to assess their robustness despite the inherent noise present in these devices, which is a major hurdle in this field since current quantum devices are susceptible to decoherence and gate errors. Being able to quantify robustness despite these imperfections is an important advance.
To validate this framework for evaluating the robustness of quantum machine learning, experiments were performed on a 20-qubit superconducting processor, allowing evaluation with realistic quantum noise. Calculating this optimal limit involves semidefinite programming (SDP), a mathematical method for optimizing complex systems with linear constraints. SDP allows robustness verification problems to be formulated as convex optimization problems, ensuring a rigorous and scalable approach to evaluating quantum machine learning models. The optimization process determines the largest possible perturbation that does not change the model’s predictions at a specified confidence level. VeriQR, a toolset dedicated to this validation process, was developed by Dr. Joseph Fitzsimons and Dr. Patrick Rebentrost-Saclay to establish a framework that can be directly computed from the distribution of measurements, avoiding the need for exhaustive testing of perturbed inputs. The tool supports models written in OpenQASM 2.0, a standard quantum programming language, facilitating integration with existing quantum computing workflows. The team formulated the exact robustness radius as a semi-definite program, which allows for optimal validation when the internal workings of the quantum model are fully known. This framework represents an important step towards reliable quantum artificial intelligence, allowing formal verification and empirical estimation of robustness to intentionally misleading inputs, a feature not previously available in quantum machine learning systems. Previously, we often relied on heuristics and simulations that did not fully take into account the complexity of actual quantum hardware.
Experimental verification of robustness guarantees in a 20-qubit quantum machine learning system
For the first time, a lower bound on the fidelity-based robustness of quantum machine learning models has been experimentally verified on a 20-qubit superconducting processor, exceeding a threshold for scalable and physically-grounded evaluations previously achievable through simulation alone. 20-qubit processors enable a level of complexity in quantum machine learning models that is difficult to simulate classically, making experimental validation critical. Experimental results showed that there is a strong correlation between the computed lower bounds, the robustness estimates obtained through adversarial attacks, and the optimal SDP bounds. This correlation validates the effectiveness of the fidelity-based approach and ensures that the lower bound accurately reflects the true robustness of the model. This approach paves the way to reliable quantum AI. The ability to experimentally verify robustness is especially important as quantum machine learning models are considered for deployment in real-world applications where reliability and security are paramount.
Establishing this level of oversight is essential as quantum computing technology matures and moves toward practical application in sensitive areas such as finance and medicine. Scientists are building increasingly sophisticated quantum machine learning models, but ensuring their reliability remains a key hurdle. The potential for adversarial attacks on these models can have significant implications for these domains, highlighting the need for robust validation techniques. This new framework provides an important tool for formally validating these models against intentionally misleading input. This is essential as quantum computers move beyond the laboratory. The framework provides a quantifiable measure of robustness, allowing developers to identify and mitigate vulnerabilities before deployment.
Recognizing that current verification requires complete access to the inner workings of quantum models, the development of VeriQR is a major step forward. This requirement limits the applicability of the framework to specific scenarios, but ensures the strongest possible robustness. Future research will focus on extending the framework to handle models whose internal structure is unknown or partially obscured. This research establishes a practical method to assess the reliability of quantum machine learning models, moving beyond theoretical fragility to quantifiable robustness. Dr. Joseph Fitzsimons and Dr. Patrick Rebentrost have demonstrated that by formulating a fidelity-based lower bound and enabling this process by deriving robustness estimates directly from measured data, formal verification can be achieved on real quantum hardware, specifically a 20-qubit superconducting processor. Fidelity-based approaches provide a path to building reliable quantum machine learning systems that can operate reliably in real-world environments, even in the presence of noise and adversarial attacks. Although these findings represent a significant advance, extending this validation to address more complex and realistic attacks and large-scale quantum systems remains a major challenge for future research.
Researchers have developed a formal framework to test the robustness of quantum machine learning models to intentionally misleading inputs. This is important because, like traditional machine learning, quantum models are sensitive to small changes in input data, which can change their predictions. Using a 20-qubit superconducting processor, they demonstrated that this framework allows for a quantifiable assessment of model reliability and provides a lower bound on robustness that is directly derived from measured data. The authors plan to extend this research to models with unknown internal structures, further improving the scalability of the verification technique.
