The term ‘Quantum Machine Learning’ (QML) describes a dynamic field of research that combines approaches from machine learning and quantum information processing. The use of quantum computers has the potential to make machine learning methods more efficient and to solve problems that could not previously be solved in practice. Although QML does not yet have any practical relevance, significant progress is expected in the coming years, particularly as a result of investments and developments in the field of quantum computing. Therefore, scenarios in which the practice of machine learning is permanently changed by the use of quantum computers should already be discussed. QML presents both opportunities and risks that need to be addressed with foresight, particularly with regard to IT security.

Foundational study on QML in the Context of IT Security

The BSI has commissioned Capgemini and the Fraunhofer Institute for Intelligent Analysis and Information Systems IAIS to produce a study that provides a fundamental discussion of QML from the perspective of IT security. As an introduction, existing QML methods are categorised, explained and evaluated on the basis of algorithmic and hardware-related criteria with regard to their current and expected future practical feasibility (Part I). The subsequent analysis of IT security focuses on two aspects: On the one hand, the security properties of QML methods are analysed, i.e. in particular the transferability of attack vectors and defence measures already known for classical machine learning (Part II). Secondly, the potential use of QML in various application scenarios from IT security (detection of spam and malware, analysis of network data) is discussed (Part III).

Quantum Machine Learning in the Context of IT Security

(Date of publication: 16.09.2022)

Practical demonstration: QML for spam detection

The study was accompanied by practical tests of a selected QML method for classifying spam mails. The experiment explores the intriguing question of whether QML methods may be inherently more robust to input perturbations and certain attacks (e.g. adversarial attacks). The details of the implementation of a quantum SVM and the results are described in the following document:

Quantum Machine Learning in the Context of IT Security – Demonstrator

(Date of publication: 16.09.2022)

Security Aspects of Quantum Machine Learning

After a thorough review of the QML literature landscape, it should be noted that the security concerns of the new technology itself tend to be of secondary importance in current QML research and are only considered selectively. The BSI has therefore commissioned adesso SE, the Fraunhofer Institute for Cognitive Systems IKS and Quantagonia GmbH to carry out an in-depth analysis of security-relevant aspects of QML (see also the literature review ‘Predominant Aspects on Security for Quantum Machine Learning’). Based on a comprehensive risk analysis, potential threat scenarios were developed and subsequently analysed using practical experiments. These include both the attacks known in the context of classic machine learning as well as new, quantum-related attack surfaces. The experiments focussed on testing the robustness of QML-specific data encodings (for quantum support vector machines), testing the execution of noise-based attacks (on quantum neural networks) and investigating manipulations associated with the transpiling and readout processes required for quantum circuits and computers.

The study thus makes a significant contribution to QML security research and serves as a source of inspiration for deepening and expanding existing research approaches. The document contains research ideas developed by the BSI to stimulate further research activities.

Security Aspects of Quantum Machine Learning (SecQML)

(Date of publication: 13.03.2025)

Extended security analysis of quantum machine learning (QML-ESA)

The BSI has already started a next project to further analyse the security aspects of QML (status: early 2025). The project will conduct practical experiments to investigate further threat scenarios that could potentially arise when using QML. The results of the project are expected to be made available here next year.

Note: The publications described here are a scientific contribution aimed primarily at the international expert community in the research field of QML and are in the context of other English-language publications on this topic. The publications are therefore exclusively in English.