Quantum Leak: Timing Side-Channel Attacks on Cloud-Based Quantum Services

Quantum computing offers significant acceleration capabilities over its classical counterpart in various application domains. Consequently, there has been substantial focus on improving quantum computing capabilities. However, to date, the security implications of these quantum computing platforms have been largely overlooked. With the emergence of cloud-based quantum computing services, it is critical to investigate the extension of classical computer security threats to the realm of quantum computing. In this study, we investigated timing-based side-channel vulnerabilities within IBM's cloud-based quantum service. The proposed attack effectively subverts the confidentiality of the executed quantum algorithm, using a more realistic threat model compared to existing approaches. Our experimental results, conducted using IBM's quantum cloud service, demonstrate that with just 10 measurements, it is possible to identify the underlying quantum computer that executed the circuit. Moreover, when evaluated using the popular Grover circuit, we showcase the ability to leak the quantum oracle with a mere 500 measurements. These findings underline the pressing need to address timing-based vulnerabilities in quantum computing platforms and advocate for enhanced security measures to safeguard sensitive quantum algorithms and data.
Comment: 10 pages, 9 figures, submitted to IEEE HOST 2024