Constructing Optimal Noise Channels for Enhanced Robustness in Quantum Machine Learning

Abstract

With the rapid advancement of Quantum Machine Learning (QML), the critical need to enhance security measures against adversarial attacks and protect QML models becomes increasingly evident. In this work, we outline the connection between quantum noise channels and differential privacy (DP), by constructing a family of noise channels which are inherently $ε$-DP: $(α, γ)$-channels. Through this approach, we successfully replicate the $ε$-DP bounds observed for depolarizing and random rotation channels, thereby affirming the broad generality of our framework. Additionally, we use a semi-definite program to construct an optimally robust channel. In a small-scale experimental evaluation, we demonstrate the benefits of using our optimal noise channel over depolarizing noise, particularly in enhancing adversarial accuracy. Moreover, we assess how the variables $α$ and $γ$ affect the certifiable robustness and investigate how different encoding methods impact the classifier's robustness.