Quantum adversarial machine learning is an emerging field that studies the vulnerability of quantum learning systems against adversarial perturbations and develops possible defense strategies. Quantum universal adversarial perturbations are small perturbations, which can make different input samples into adversarial examples that may deceive a given quantum classifier. This is a field that was rarely looked into but worthwhile investigating because universal perturbations might simplify malicious attacks to a large extent, causing unexpected devastation to quantum machine learning models. In this paper, we take a step forward and explore the quantum universal perturbations in the context of heterogeneous classification tasks. In particular, we find that quantum classifiers that achieve almost state-of-the-art accuracy on two different classification tasks can be both conclusively deceived by one carefully-crafted universal perturbation. This result is explicitly demonstrated with well-designed quantum continual learning models with elastic weight consolidation method to avoid catastrophic forgetting, as well as real-life heterogeneous datasets from hand-written digits and medical MRI images. Our results provide a simple and efficient way to generate universal perturbations on heterogeneous classification tasks and thus would provide valuable guidance for future quantum learning technologies.

翻译：量子对抗机器学习是一个新兴领域，研究量子学习系统对抗对抗扰动的脆弱性，并探索可能的防御策略。量子通用对抗扰动是一种微小的扰动，能够使不同输入样本转化为可欺骗特定量子分类器的对抗样本。这一领域此前鲜有研究，但极具探究价值，因为通用扰动可能极大简化恶意攻击，对量子机器学习模型造成意想不到的破坏。本文进一步探索了异质分类任务场景下的量子通用扰动。具体而言，我们发现，两个在不同分类任务上达到近乎最优精确度的量子分类器，均可被同一精心设计的通用扰动彻底欺骗。这一结果通过采用弹性权重巩固方法以避免灾难性遗忘的精心设计量子持续学习模型，以及手写数字和医学MRI图像等真实异质数据集得到了明确验证。我们的研究为在异质分类任务上生成通用扰动提供了一种简单高效的方法，从而为未来量子学习技术提供有价值的指导。