Quantum adversarial machine learning is an emerging field that studies the vulnerability of quantum learning systems against adversarial perturbations and develops possible defense strategies. Quantum universal adversarial perturbations are small perturbations, which can make different input samples into adversarial examples that may deceive a given quantum classifier. This is a field that was rarely looked into but worthwhile investigating because universal perturbations might simplify malicious attacks to a large extent, causing unexpected devastation to quantum machine learning models. In this paper, we take a step forward and explore the quantum universal perturbations in the context of heterogeneous classification tasks. In particular, we find that quantum classifiers that achieve almost state-of-the-art accuracy on two different classification tasks can be both conclusively deceived by one carefully-crafted universal perturbation. This result is explicitly demonstrated with well-designed quantum continual learning models with elastic weight consolidation method to avoid catastrophic forgetting, as well as real-life heterogeneous datasets from hand-written digits and medical MRI images. Our results provide a simple and efficient way to generate universal perturbations on heterogeneous classification tasks and thus would provide valuable guidance for future quantum learning technologies.

翻译：量子对抗机器学习是一个新兴领域，研究量子学习系统对对抗扰动的脆弱性并开发可能的防御策略。量子通用对抗扰动是一种微小扰动，能使不同输入样本变成可能欺骗特定量子分类器的对抗样本。这一领域此前鲜少被探索，但值得深入研究，因为通用扰动可能在很大程度上简化恶意攻击，对量子机器学习模型造成难以预料的破坏。本文进一步探索了异质分类任务背景下的量子通用扰动。特别地，我们发现：在两个不同分类任务上达到接近最优准确率的量子分类器，均可被精心设计的单一通用扰动彻底欺骗。这一结果通过精心设计的量子连续学习模型（采用弹性权重巩固方法避免灾难性遗忘）以及来自手写数字和医学MRI图像的真实异质数据集得到了明确验证。我们的研究为异质分类任务上生成通用扰动提供了简单高效的方法，从而为未来量子学习技术提供宝贵指导。