Quantum adversarial machine learning is an emerging field that studies the vulnerability of quantum learning systems against adversarial perturbations and develops possible defense strategies. Quantum universal adversarial perturbations are small perturbations, which can make different input samples into adversarial examples that may deceive a given quantum classifier. This is a field that was rarely looked into but worthwhile investigating because universal perturbations might simplify malicious attacks to a large extent, causing unexpected devastation to quantum machine learning models. In this paper, we take a step forward and explore the quantum universal perturbations in the context of heterogeneous classification tasks. In particular, we find that quantum classifiers that achieve almost state-of-the-art accuracy on two different classification tasks can be both conclusively deceived by one carefully-crafted universal perturbation. This result is explicitly demonstrated with well-designed quantum continual learning models with elastic weight consolidation method to avoid catastrophic forgetting, as well as real-life heterogeneous datasets from hand-written digits and medical MRI images. Our results provide a simple and efficient way to generate universal perturbations on heterogeneous classification tasks and thus would provide valuable guidance for future quantum learning technologies.

翻译：量子对抗机器学习是一个新兴领域，研究量子学习系统在对抗扰动下的脆弱性，并发展可能的防御策略。量子通用对抗扰动是一种微小的扰动，可以使不同的输入样本成为可能欺骗给定量子分类器的对抗样本。这是一个鲜少被研究但值得探讨的领域，因为通用扰动可能会在很大程度上简化恶意攻击，对量子机器学习模型造成不可预见的破坏。在本文中，我们进一步探索异构分类任务背景下的量子通用扰动。具体而言，我们发现，在两个不同分类任务上均达到接近最优准确率的量子分类器，可以被精心构造的单一通用扰动完全欺骗。这一结果通过精心设计的量子持续学习模型（采用弹性权重巩固方法以避免灾难性遗忘）以及来自手写数字和医学MRI图像的真实异构数据集得到了明确验证。我们的研究结果提供了一种简单高效的方法来生成面向异构分类任务的通用扰动，因此将为未来的量子学习技术提供宝贵的指导。