Quantum Hacking: The Dawn of Circuit Spying

by

Author: Denis Avetisyan

Researchers have demonstrated a practical quantum attack that intercepts and steals intellectual property from remote quantum computing submissions.

QSpy operates by intercepting quantum job submissions and results on a client machine, transparently forwarding them to a quantum cloud backend while simultaneously exporting correlated circuit data to a remote adversary, effectively establishing a covert data exfiltration channel disguised as legitimate quantum computation.
QSpy operates by intercepting quantum job submissions and results on a client machine, transparently forwarding them to a quantum cloud backend while simultaneously exporting correlated circuit data to a remote adversary, effectively establishing a covert data exfiltration channel disguised as legitimate quantum computation.

This paper details QSpy, a quantum Remote Access Trojan enabling man-in-the-middle attacks on delegated quantum computing infrastructure and highlighting critical API security vulnerabilities.

Despite the promise of secure quantum computation, emerging cloud-based platforms introduce novel trust vulnerabilities in the submission pipeline. This paper presents ‘QSpy: A Quantum RAT for Circuit Spying and IP Theft’, a proof-of-concept Remote Access Trojan demonstrating the interception of quantum circuits via a man-in-the-middle attack. We show that an attacker can silently proxy and analyze submitted circuits without disrupting execution or triggering authentication failures, highlighting a critical risk to intellectual property. As delegated quantum computing becomes more prevalent, how can we develop robust submission-layer protections against these classically-motivated threats?

Deconstructing the Quantum Barrier: Access and the Seeds of Vulnerability

Quantum computing, while poised to redefine fields from materials science to medicine, currently faces a significant barrier to widespread adoption: limited access. Building and maintaining stable quantum processors requires substantial resources, specialized expertise, and incredibly precise environmental control – factors restricting ownership to a handful of large corporations and research institutions. This creates a bottleneck, preventing many scientists and developers from exploring the potential of quantum algorithms or integrating them into practical applications. The promise of exponential speedups for certain calculations remains largely unrealized for those without direct hardware access, highlighting the need for innovative approaches to democratize quantum computation and unlock its transformative capabilities for a broader community.

Delegated quantum computing represents a pivotal shift in accessing the burgeoning power of quantum processors. Rather than requiring direct ownership of complex and expensive quantum hardware, this paradigm allows users to construct and submit quantum circuits to remote quantum processing units (QPUs) hosted by third-party providers. This effectively democratizes access, enabling researchers and developers to harness quantum capabilities through cloud-based services. The process involves a client constructing a quantum circuit, encrypting it to protect intellectual property, and then submitting it to a quantum service provider. The provider executes the circuit on their QPU and returns the results, allowing users to leverage quantum computation without the significant infrastructural demands of maintaining a quantum computer. This model is rapidly becoming essential for scaling quantum applications and fostering innovation in the field.

The advent of delegated quantum computing, while expanding access to this powerful technology, simultaneously unveils a unique spectrum of security challenges that differ fundamentally from those faced in classical computation. Traditional cybersecurity measures, designed to protect bits and bytes, are insufficient against attacks targeting the probabilistic nature of quantum states and the complex interactions within quantum circuits. Specifically, vulnerabilities arise from the potential for malicious actors to manipulate quantum instructions before they reach the processor, or to intercept and decode quantum data during transmission – exploits impossible in classical systems. These threats aren’t simply amplified versions of existing concerns; they necessitate the development of entirely new cryptographic protocols and security architectures, such as blind quantum computation and verifiable delegation, to ensure the integrity and confidentiality of quantum computations performed on remote processors.

As quantum computing transitions from theoretical promise to practical application, a significant reliance on cloud-based quantum services is emerging, necessitating a fundamental shift in security approaches. This move introduces novel vulnerabilities distinct from those in classical computing, where established cryptographic protocols offer robust protection; quantum systems, however, are susceptible to attacks exploiting the fragile nature of qubits and the measurement process. A proactive security posture is therefore crucial, demanding the development of new protocols – such as blind quantum computation and verifiable delegation – that ensure the integrity of computations performed on remote processors. This requires not only advancements in quantum cryptography but also a comprehensive assessment of potential attack vectors, encompassing both hardware and software components, to safeguard sensitive data and maintain trust in this burgeoning field. Failure to prioritize these security measures could severely hinder the widespread adoption and transformative potential of quantum technologies.

The dashboard visualizes the quantum circuit and presents corresponding results alongside user-provided data.
The dashboard visualizes the quantum circuit and presents corresponding results alongside user-provided data.

Unmasking the Adversary: QSpy and the Quantum Man-in-the-Middle

QSpy is a newly identified threat categorized as a Quantum Remote Access Trojan (QRAT). This represents the first documented practical attack specifically targeting quantum computing environments. Unlike traditional malware, QSpy is designed to intercept and potentially manipulate quantum jobs-the computational tasks executed on quantum processors. Its functionality allows for unauthorized access to, and exfiltration of, data processed by these jobs, posing a risk to sensitive information handled by quantum systems. Prior to QSpy, attacks on quantum systems were largely theoretical; this implementation demonstrates a tangible vulnerability within the emerging field of quantum computing and highlights the need for dedicated security measures.

QSpy employs Man-in-the-Middle (MITM) attacks by intercepting communications between a user and a quantum computing service. This allows the Trojan to capture data in transit, specifically targeting sensitive information such as quantum circuits, job parameters, and authentication credentials. The attack functions by positioning itself between the client and the server, enabling the capture and potential modification of data before it reaches its intended destination. Successfully capturing quantum circuits allows an attacker to analyze, replicate, or execute them for malicious purposes, while compromised job parameters could enable unauthorized resource utilization or data exfiltration. The intercepted data is then potentially used to reverse engineer algorithms or gain access to sensitive data processed by the quantum computer.

QSpy conceals its network traffic by utilizing standard web communication protocols, specifically HTTPS. This approach allows the Trojan to blend in with legitimate web traffic, making detection more difficult for security systems. By operating within the established parameters of HTTPS, QSpy avoids triggering alarms that might be raised by unusual or non-standard network activity. The encryption provided by HTTPS further obfuscates the malicious communication, preventing simple packet inspection from revealing the intercepted quantum job data. This technique relies on the inherent trust placed in HTTPS as a secure communication channel to mask the malicious intent of the Trojan.

JSON Web Tokens (JWTs) are frequently employed for authentication in web applications and APIs; however, vulnerabilities in their implementation can allow attackers to gain unauthorized access. Specifically, if JWTs are not properly validated – including verifying the signature, expiration time, and issuer – an attacker can potentially forge or replay tokens to impersonate legitimate users. Common weaknesses include using weak or predictable signing keys, insufficient validation of token claims, or a lack of protection against replay attacks. Successful exploitation of these vulnerabilities enables an attacker to bypass authentication mechanisms and gain access to protected resources as if they were an authorized user, potentially compromising sensitive data or system functionality.

Fortifying the Quantum Pipeline: PKI, TLS, and the Illusion of Security

Public Key Infrastructure (PKI) forms the basis for establishing trust in digital communications, and Transport Layer Security (TLS) utilizes PKI to provide encryption and authentication. TLS relies on digital certificates issued by Certificate Authorities (CAs) to verify the identity of communicating parties – typically servers – and establish a secure channel. This process involves asymmetric cryptography, where a public key is used for encryption and a corresponding private key for decryption. The CA acts as a trusted third party, vouching for the authenticity of the public key associated with a particular entity. Without PKI and TLS, sensitive data transmitted over networks would be vulnerable to interception and manipulation, making secure transactions and communication impossible.

Certificate Authorities (CAs) are integral to establishing trust in quantum service providers by verifying their identity and ensuring the authenticity of their public keys. This process involves rigorous vetting procedures to confirm the provider’s legitimacy and adherence to established security standards. Upon successful verification, the CA issues a digital certificate containing the provider’s public key, cryptographically signed by the CA itself. This certificate serves as proof of identity and enables clients to securely establish TLS connections with the quantum service provider, verifying that the communication is indeed with the intended entity and not an imposter. The reliance on trusted CAs provides a foundational element of trust in the quantum communication pipeline, allowing for secure key exchange and data transmission.

While Transport Layer Security (TLS) provides a crucial baseline for secure communication, vulnerabilities exist that render it insufficient against all quantum-era threats. The QSpy attack, for example, demonstrates a practical exploitation involving a man-in-the-middle scenario where an attacker can successfully intercept and decrypt TLS-encrypted quantum key distribution (QKD) data without being detected, effectively compromising the security of the quantum pipeline. This is achieved by exploiting weaknesses in the classical post-processing stage of QKD protocols when used in conjunction with TLS. Consequently, relying solely on TLS for securing quantum communications leaves systems susceptible to sophisticated attacks that target the integration between quantum and classical infrastructure.

Quantum communication security requires a layered approach because Transport Layer Security (TLS), while foundational, does not fully address all potential vulnerabilities. Specifically, attacks like QSpy demonstrate the feasibility of exploiting weaknesses even within established TLS infrastructures. Implementing additional security measures alongside TLS – such as quantum key distribution (QKD), post-quantum cryptography (PQC), or enhanced authentication protocols – increases resilience against evolving threats. This layered defense mitigates risks by ensuring that a compromise in one security layer does not automatically lead to a complete system failure, providing a more robust and dependable quantum communication pipeline.

Proactive Countermeasures: Obfuscation, Authentication, and the Illusion of Control

Circuit obfuscation represents a crucial defensive strategy in the realm of quantum computing, intentionally complicating the structure of quantum circuits to deter reverse engineering attempts. This technique doesn’t aim to prevent all analysis, but rather to significantly increase the computational resources and expertise required for a successful attack. By inserting logically equivalent, yet structurally different, gates and employing techniques like gate reordering and equivalence simplification, the circuit’s underlying logic becomes obscured. Essentially, it transforms a clear, easily understood quantum program into a more convoluted form, raising the bar for potential adversaries seeking to extract intellectual property or identify vulnerabilities. The effectiveness hinges on creating obfuscation layers that are computationally expensive to unravel, effectively shifting the economic balance in favor of the circuit’s owner and providing a valuable, though not absolute, layer of security.

Protecting the confidentiality of quantum computations requires securing the data transmitted between a user and the quantum processing unit. Encrypted job payloads address this vulnerability by employing cryptographic techniques to render sensitive information unreadable during transmission. This ensures that even if an attacker intercepts the data, they cannot decipher the quantum algorithm or the input data without the appropriate decryption key. The implementation typically involves standard encryption protocols, such as Advanced Encryption Standard (AES), applied to the entire job description – including the quantum circuit and any associated input parameters – before it is sent over the network. This proactive measure is crucial, as the very act of submitting a quantum job can reveal significant details about the computation being performed, potentially exposing intellectual property or compromising the security of the underlying algorithm.

Authenticated submission protocols represent a critical security layer for quantum computing systems by ensuring that each job received by the quantum processor is genuinely from an authorized source and hasn’t been tampered with during transmission. These protocols typically employ digital signatures and cryptographic hashing to verify both the integrity and authenticity of the submitted quantum circuits. Before execution, the system validates the signature against the submitting user’s public key, confirming their identity and ensuring the job hasn’t been altered since its creation. This process prevents malicious actors from injecting fraudulent or compromised jobs, safeguarding the system from potential attacks that could compromise data or disrupt service. Effectively, authenticated submission acts as a gatekeeper, allowing only verified and untainted quantum programs to proceed, bolstering the overall resilience of quantum infrastructure.

The convergence of circuit obfuscation, encrypted job payloads, authenticated submission protocols, and strong Transport Layer Security (TLS) infrastructure provides a substantial defense against quantum circuit attacks. Recent research, notably exemplified by the QSpy framework, demonstrates that without these combined safeguards, quantum computations are vulnerable to sophisticated reverse engineering and data breaches. QSpy’s practical implications reveal that even seemingly secure systems can be compromised if these layered defenses are absent; however, its development also highlights the effectiveness of a holistic approach. By encrypting data in transit and at rest, verifying job authenticity, and obscuring circuit logic, the risk of successful malicious exploitation is significantly diminished, bolstering the overall security posture of quantum computing platforms and fostering trust in their growing capabilities.

The presented research into QSpy embodies a fundamental principle: to truly understand a system, one must probe its limits. This paper doesn’t merely identify a vulnerability in delegated quantum computing; it demonstrates exploitation through a practical man-in-the-middle attack. As Brian Kernighan observed, “Debugging is like being the detective in a crime movie where you are also the murderer.” QSpy acts as both detective and murderer, uncovering flaws in current API security and then leveraging them to intercept quantum circuit submissions. The work highlights that even within nascent technologies, assuming inherent security is a dangerous fallacy; reality, even quantum reality, is open source – and requires constant, rigorous examination to reveal its code.

Beyond the Circuit: Future Exploits

The demonstration of QSpy isn’t merely a technical exercise; it’s a consequence of assuming trust where none is inherently deserved. Current delegated quantum computing architectures, reliant on API security and certificate authorities, offer a surprisingly shallow defense against a motivated attacker. The ease with which a quantum circuit submission can be intercepted and modified exposes a fundamental tension: the very act of delegation necessitates vulnerability. Every exploit starts with a question, not with intent; here, the question was simply, ‘what happens if the circuit isn’t what it claims to be?’

Future work must move beyond simply patching the immediate vulnerability. More robust verification methods are needed, perhaps drawing inspiration from formal methods and zero-knowledge proofs, but even those will likely present new avenues for subversion. The real challenge lies in building systems that are intrinsically resistant to manipulation, systems where the integrity of the computation is guaranteed by the underlying physics, not by layers of software and cryptographic assumptions.

Ultimately, the exploration of quantum RATs forces a re-evaluation of the entire security paradigm. Classical security models are insufficient. The field must grapple with the unique characteristics of quantum information – its fragility, its susceptibility to measurement, and its potential for creating entirely new classes of attacks. The current work is less a solution, and more a provocation – a reminder that the most dangerous vulnerabilities are often those that are least anticipated.

Original article: https://arxiv.org/pdf/2603.00950.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2026-03-03 11:11