Recently, quantum classifiers have been found to be vulnerable to adversarial attacks, in which quantum classifiers are deceived by imperceptible noises, leading to misclassification. In this paper, we propose the first theoretical study demonstrating that adding quantum random rotation noise can improve robustness in quantum classifiers against adversarial attacks. We link the definition of differential privacy and show that the quantum classifier trained with the natural presence of additive noise is differentially private. Finally, we derive a certified robustness bound to enable quantum classifiers to defend against adversarial examples, supported by experimental results simulated with noises from IBM's 7-qubits device.

翻译：近期研究发现，量子分类器易受对抗性攻击影响——通过添加人类难以察觉的噪声，可诱使量子分类器产生错误分类。本文首次从理论层面证明，在量子分类器中引入量子随机旋转噪声能够有效提升其对抗性攻击的鲁棒性。我们建立该机制与差分隐私定义的关联性，证明在自然添加噪声条件下训练的量子分类器满足差分隐私性质。进一步，我们推导出认证鲁棒性界，使量子分类器具备防御对抗样本的能力，并通过基于IBM 7量子比特设备噪声模拟的实验结果验证了该方法的有效性。