Enigma: Application-Layer Privacy for Quantum Optimization on Untrusted Computers

📄 arXiv: 2311.13546v2 📥 PDF

作者: Ramin Ayanzadeh, Ahmad Mousavi, Amirhossein Basareh, Narges Alavisamani, Kazem Taram

分类: quant-ph, cs.AI, cs.CR, cs.DM, cs.ET

发布日期: 2023-11-22 (更新: 2025-12-17)


💡 一句话要点

提出Enigma以解决量子优化中的隐私保护问题

🎯 匹配领域: 支柱五:交互与反应 (Interaction & Reaction)

关键词: 量子优化 隐私保护 安全量子计算 应用层混淆 量子误差纠正 云计算安全 攻击防御

📋 核心要点

  1. 现有的安全量子计算方法在早期容错时代不够实用,难以有效保护量子优化工作负载的隐私。
  2. 论文提出了应用特定的安全量子计算原则,通过在应用层进行混淆,设计了Enigma系统以保护量子优化。
  3. 实验结果表明,在强攻击者模型下,Enigma系统的隐私保护效果显著,识别正确问题的概率仅为4.4%。

📝 摘要(中文)

随着早期容错(EFT)时代的到来,适度的量子误差纠正(QEC)能够在全面容错之前实现量子计算的实用性。量子优化作为早期应用的主要候选者,其工作负载的保护至关重要,因为这些工作将运行在昂贵的云服务上,服务提供商可能会获取敏感问题细节。现有的安全量子计算(SQC)方法在EFT时代不够实用,因此我们提出了应用特定的SQC原则,通过在应用层进行混淆,支持实际部署。Enigma是这一原则在量子优化中的首次实现,集成了三种互补的混淆技术,确保原始解决方案的恢复,并抵御匹配攻击。实验结果显示,在强攻击者模型下,识别正确问题的概率仅为4.4%。

🔬 方法详解

问题定义:本论文旨在解决量子优化在不可信计算环境中的隐私保护问题。现有的安全量子计算方法在EFT时代面临实用性不足的挑战,无法有效保护敏感数据。

核心思路:论文提出应用特定的安全量子计算(SQC)原则,通过在应用层进行混淆,确保量子优化的隐私保护。这种方法不依赖于特定的算法或硬件架构,具有广泛适用性。

技术框架:Enigma系统集成了三种主要的混淆技术:ValueGuard(混淆系数)、StructureCamouflage(插入诱饵)和TopologyTrimmer(修剪变量)。这些模块共同工作,确保原始解决方案的恢复并增强安全性。

关键创新:Enigma的主要创新在于其应用层混淆策略,能够在不依赖于大规模量子网络或完全量子误差纠正的情况下,提供有效的隐私保护。这与现有方法的根本区别在于其实用性和灵活性。

关键设计:在设计中,混淆和解码过程在大规模问题上都能在几秒内完成,混淆后问题规模和T门计数平均增加1.07倍和1.13倍,确保了性能与安全性的平衡。

🖼️ 关键图片

fig_0
fig_1
fig_2

📊 实验亮点

在与七种最先进的AI模型进行对比实验中,Enigma在强攻击者模型下的表现令人瞩目,识别正确问题的概率仅为4.4%。这一结果表明,Enigma在隐私保护方面具有显著的优势,能够有效抵御复杂的攻击。

🎯 应用场景

该研究的潜在应用领域包括量子计算云服务、金融优化、物流调度等需要保护敏感数据的场景。通过提供有效的隐私保护,Enigma能够促进量子优化技术的广泛应用,推动量子计算的商业化进程,提升行业的安全性和信任度。

📄 摘要(原文)

The Early Fault-Tolerant (EFT) era is emerging, where modest Quantum Error Correction (QEC) can enable quantum utility before full-scale fault tolerance. Quantum optimization is a leading candidate for early applications, but protecting these workloads is critical since they will run on expensive cloud services where providers could learn sensitive problem details. Experience with classical computing systems has shown that treating security as an afterthought can lead to significant vulnerabilities. Thus, we must address the security implications of quantum computing before widespread adoption. However, current Secure Quantum Computing (SQC) approaches, although theoretically promising, are impractical in the EFT era: blind quantum computing requires large-scale quantum networks, and quantum homomorphic encryption depends on full QEC. We propose application-specific SQC, a principle that applies obfuscation at the application layer to enable practical deployment while remaining agnostic to algorithms, computing models, and hardware architectures. We present Enigma, the first realization of this principle for quantum optimization. Enigma integrates three complementary obfuscations: ValueGuard scrambles coefficients, StructureCamouflage inserts decoys, and TopologyTrimmer prunes variables. These techniques guarantee recovery of original solutions, and their stochastic nature resists repository-matching attacks. Evaluated against seven state-of-the-art AI models across five representative graph families, even combined adversaries, under a conservatively strong attacker model, identify the correct problem within their top five guesses in only 4.4% of cases. The protections come at the cost of problem size and T-gate counts increasing by averages of 1.07x and 1.13x, respectively, with both obfuscation and decoding completing within seconds for large-scale problems.