TY - GEN
T1 - AI-Driven Reverse Engineering of QML Models
AU - Ghosh, Archisman
AU - Ghosh, Swaroop
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Quantum machine learning (QML) is a rapidly emerging area of research, driven by the capabilities of Noisy Intermediate-Scale Quantum (NISQ) devices. With the progress in the research of QML models, there is a rise in third-party quantum cloud services to cater to the increasing demand for resources. New security concerns surface, specifically regarding the protection of intellectual property (IP) from untrustworthy service providers. One of the most pressing risks is the potential for reverse engineering (RE) by malicious actors who may steal proprietary quantum IPs such as trained parameters and QML architecture, modify them to remove additional watermarks or signatures, and re-transpile them for other quantum hardware. Prior work presents a brute force approach to RE the QML parameters which takes exponential time overhead. In this paper, we introduce an autoencoder-based approach to extract the parameters from transpiled QML models deployed on untrusted third-party vendors. We experiment on multi-qubit classifiers and note that they can be reverse-engineered under restricted conditions with a mean error of order 102-1. The amount of time taken to prepare the dataset and train the model to reverse engineer the QML circuit being of the order 103 seconds (which is 102× better than the previously reported value for 4-layered 4-qubit classifiers) makes the threat of RE highly potent, underscoring the need for continued development of effective defenses.
AB - Quantum machine learning (QML) is a rapidly emerging area of research, driven by the capabilities of Noisy Intermediate-Scale Quantum (NISQ) devices. With the progress in the research of QML models, there is a rise in third-party quantum cloud services to cater to the increasing demand for resources. New security concerns surface, specifically regarding the protection of intellectual property (IP) from untrustworthy service providers. One of the most pressing risks is the potential for reverse engineering (RE) by malicious actors who may steal proprietary quantum IPs such as trained parameters and QML architecture, modify them to remove additional watermarks or signatures, and re-transpile them for other quantum hardware. Prior work presents a brute force approach to RE the QML parameters which takes exponential time overhead. In this paper, we introduce an autoencoder-based approach to extract the parameters from transpiled QML models deployed on untrusted third-party vendors. We experiment on multi-qubit classifiers and note that they can be reverse-engineered under restricted conditions with a mean error of order 102-1. The amount of time taken to prepare the dataset and train the model to reverse engineer the QML circuit being of the order 103 seconds (which is 102× better than the previously reported value for 4-layered 4-qubit classifiers) makes the threat of RE highly potent, underscoring the need for continued development of effective defenses.
UR - https://www.scopus.com/pages/publications/105007544088
UR - https://www.scopus.com/pages/publications/105007544088#tab=citedBy
U2 - 10.1109/ISQED65160.2025.11014316
DO - 10.1109/ISQED65160.2025.11014316
M3 - Conference contribution
AN - SCOPUS:105007544088
T3 - Proceedings - International Symposium on Quality Electronic Design, ISQED
BT - Proceedings of the 26th International Symposium on Quality Electronic Design, ISQED 2025
PB - IEEE Computer Society
T2 - 26th International Symposium on Quality Electronic Design, ISQED 2025
Y2 - 23 April 2025 through 25 April 2025
ER -