Trusted Execution Environments for Quantum Computers

Theodoros Trochatos ^* Chuanqi Xu Sanjay Deshpande Yao Lu Yongshan Ding Jakub Szefer

• Yale University, New Haven, United States

The cloud-based environments in which today's and future quantum computers will operate, raise concerns about the security and privacy of user's intellectual property, whether code, or data, or both. Without dedicated security protections, quantum circuits submitted to cloud-based quantum computer providers could be accessed by the cloud provider, or malicious insiders working in the cloud provider's data centers. Further, data embedded in these circuits can likewise be accessed as it is encoded using quantum gates inside the circuit. This work presents various hardware and architecture modifications that could be deployed in today's quantum computers, based on superconducting qubits, to protect both the code and data from potentially untrusted quantum computer providers or malicious insiders. Motivated by existing Trusted Execution Environments (TEEs) in classical computers, this work introduces the notion of Quantum Trusted Execution Environments (QTEEs) which leverage trusted hardware to hide or obfuscate quantum circuits executing on a remote, cloud-based quantum computer. This work presents multiple, different approaches to design of QTEEs and considers both hardware and architecture, as well as system software and operating system support necessary for realization of QTEEs. Overall, this work presents three hardware architectures, QC-TEE, SoteriaQ, and CASQUE, that have been designed to protect users' circuits and data from potential threats originating from both malicious quantum computer cloud providers or insider attackers. This work further outlines a roadmap for other possible QTEEs that can be developed in the future, to account for different threat models, or to support different types of quantum computer architectures.