QNBAD: Quantum Noise-induced Backdoor Attacks against Zero Noise Extrapolation
Cheng Chu
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Attacks
Current quantum computers operate in the **Noisy Intermediate-Scale Quantum (NISQ)** era, where qubit decoherence times are extremely short (hundreds of microseconds on IBM devices) and gate error rates are high (approximately **1% for two-qubit gates**). To make quantum computing practical despite this noise, **Zero Noise Extrapolation (ZNE)** has become one of the most widely deployed error mitigation techniques, integrated into major quantum libraries including **IBM Qiskit**, **PennyLane**, and **Mitiq**. This talk introduces **QNBAD**, a novel backdoor attack that exploits the quantum noise itself as a trigger mechanism. The attack trains **variational quantum circuits (VQCs)** that behave normally under standard conditions and even under ZNE with arbitrary noise models, but produce incorrect results when a specific, attacker-defined **compilation setting** induces a predetermined noise pattern. Three attack variants -- **Free Drift**, **Mimic Slope**, and **Silent Shift** -- demonstrate different strategies for manipulating the ZNE extrapolation curve, with implications for safety-critical quantum applications including **drug discovery**, **material science**, and **quantum machine learning**.
AI review
A novel quantum computing backdoor that uses noise patterns from specific compilation settings as a trigger mechanism, targeting the widely-deployed Zero Noise Extrapolation technique. Creative attack design with real-hardware validation, though the practical threat is limited by the current state of quantum computing adoption.