Quantum Machine Learning (QML) has emerged as a promising field of research, aiming to leverage the capabilities of quantum computing to enhance existing machine learning methodologies. Recent studies have revealed that, like their classical counterparts, QML models based on Parametrized Quantum Circuits (PQCs) are also vulnerable to adversarial attacks. Moreover, the existence of Universal Adversarial Perturbations (UAPs) in the quantum domain has been demonstrated theoretically in the context of quantum classifiers. In this work, we introduce QuGAP: a novel framework for generating UAPs for quantum classifiers. We conceptualize the notion of additive UAPs for PQC-based classifiers and theoretically demonstrate their existence. We then utilize generative models (QuGAP-A) to craft additive UAPs and experimentally show that quantum classifiers are susceptible to such attacks. Moreover, we formulate a new method for generating unitary UAPs (QuGAP-U) using quantum generative models and a novel loss function based on fidelity constraints. We evaluate the performance of the proposed framework and show that our method achieves state-of-the-art misclassification rates, while maintaining high fidelity between legitimate and adversarial samples.

翻译：量子机器学习（QML）已成为一个前景广阔的研究领域，旨在利用量子计算的能力增强现有机器学习方法。近期研究表明，与传统机器学习模型类似，基于参数化量子电路（PQC）的QML模型也易受对抗性攻击。此外，量子域中通用对抗扰动（UAP）的存在已在量子分类器背景下从理论上得到证明。本文提出QuGAP：一个为量子分类器生成UAP的新颖框架。我们概念化基于PQC分类器的加性UAP概念，并从理论上证明其存在性。随后利用生成模型（QuGAP-A）生成加性UAP，并通过实验证明量子分类器易受此类攻击。此外，我们提出一种基于量子生成模型和保真度约束的新型损失函数生成幺正UAP（QuGAP-U）的方法。通过评估所提框架的性能，我们证明该方法在实现最高误分类率的同时，仍能保持合法样本与对抗样本之间的高保真度。