Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services

Chao Lu; Esha Telang; Aydin Aysu; Kanad Basu

doi:10.1145/3716368.3735264

Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services

Chao Lu
, Esha Telang
, Aydin Aysu
, Kanad Basu

Advanced Computing for Life Sciences and

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing.In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.

Original language	English
Title of host publication	GLSVLSI 2025 - Proceedings of the Great Lakes Symposium on VLSI 2025
Publisher	Association for Computing Machinery
Pages	252-257
Number of pages	6
ISBN (Electronic)	9798400714962
DOIs	https://doi.org/10.1145/3716368.3735264
State	Published - Jun 29 2025
Event	35th Edition of the Great Lakes Symposium on VLSI 2025, GLSVLSI 2025 - New Orleans, United States Duration: Jun 30 2025 → Jul 2 2025

Publication series

Name	Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI

Conference

Conference	35th Edition of the Great Lakes Symposium on VLSI 2025, GLSVLSI 2025
Country/Territory	United States
City	New Orleans
Period	06/30/25 → 07/2/25

Funding

This research is partially supported by NSF grant #2413049

Access to Document

10.1145/3716368.3735264

Cite this

@inproceedings{4c94dea800e145c2ab851c61bbfa9f89,

title = "Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services",

abstract = "Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing.In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.",

author = "Chao Lu and Esha Telang and Aydin Aysu and Kanad Basu",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 35th Edition of the Great Lakes Symposium on VLSI 2025, GLSVLSI 2025 ; Conference date: 30-06-2025 Through 02-07-2025",

year = "2025",

month = jun,

day = "29",

doi = "10.1145/3716368.3735264",

language = "English",

series = "Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI",

publisher = "Association for Computing Machinery",

pages = "252--257",

booktitle = "GLSVLSI 2025 - Proceedings of the Great Lakes Symposium on VLSI 2025",

}

Lu, C, Telang, E, Aysu, A & Basu, K 2025, Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services. in GLSVLSI 2025 - Proceedings of the Great Lakes Symposium on VLSI 2025. Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI, Association for Computing Machinery, pp. 252-257, 35th Edition of the Great Lakes Symposium on VLSI 2025, GLSVLSI 2025, New Orleans, United States, 06/30/25. https://doi.org/10.1145/3716368.3735264

Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services. / Lu, Chao; Telang, Esha; Aysu, Aydin et al.
GLSVLSI 2025 - Proceedings of the Great Lakes Symposium on VLSI 2025. Association for Computing Machinery, 2025. p. 252-257 (Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Quantum Leak

T2 - 35th Edition of the Great Lakes Symposium on VLSI 2025, GLSVLSI 2025

AU - Lu, Chao

AU - Telang, Esha

AU - Aysu, Aydin

AU - Basu, Kanad

PY - 2025/6/29

Y1 - 2025/6/29

N2 - Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing.In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.

AB - Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing.In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.

UR - https://www.scopus.com/pages/publications/105017774432

U2 - 10.1145/3716368.3735264

DO - 10.1145/3716368.3735264

M3 - Conference contribution

AN - SCOPUS:105017774432

T3 - Proceedings of the ACM Great Lakes Symposium on VLSI, GLSVLSI

SP - 252

EP - 257

BT - GLSVLSI 2025 - Proceedings of the Great Lakes Symposium on VLSI 2025

PB - Association for Computing Machinery

Y2 - 30 June 2025 through 2 July 2025

ER -

Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services

Abstract

Publication series

Conference

Funding

Access to Document

Other files and links

Fingerprint

Cite this