A new measure of information leakage for quantum encoding of classical data is defined. An adversary can access a single copy of the state of a quantum system that encodes some classical data and is interested in correctly guessing a general randomized or deterministic function of the data (e.g., a specific feature or attribute of the data in quantum machine learning) that is unknown to the security analyst. The resulting measure of information leakage, referred to as maximal quantum leakage, is the multiplicative increase of the probability of correctly guessing any function of the classical data upon observing measurements of the quantum state. Maximal quantum leakage is shown to satisfy post-processing inequality (i.e., applying a quantum channel reduces information leakage) and independence property (i.e., leakage is zero if the quantum state is independent of the classical data), which are fundamental properties required for privacy and security analysis. It also bounds accessible information. Effects of global and local depolarizing noise models on the maximal quantum leakage are established.

翻译：针对经典数据的量子编码，本文定义了一种新的信息泄露度量方法。攻击者可以获取编码了某些经典数据的量子系统的单份副本状态，并试图正确猜测该数据的一个通用随机或确定函数（例如量子机器学习中数据的特定特征或属性），而该函数对安全分析人员而言是未知的。由此产生的信息泄露度量被称为最大量子泄露，它是指在观测量子态测量结果后，正确猜测经典数据任意函数的概率的乘性增长。研究表明，最大量子泄露满足后处理不等式（即应用量子信道会降低信息泄露）和独立性性质（即如果量子态与经典数据无关，则泄露为零），这些是隐私与安全分析所需的基本特性。该度量同时约束了可访问信息。本文还确立了全局和局部去极化噪声模型对最大量子泄露的影响。