A Cross-layer Provenance-Protection Architecture for Repeated Quantum Measurements in the Cloud

preprint OA: closed CC-BY-4.0
📄 Open PDF Full text JSON View at publisher
AI-generated deep summary by claude@2026-07, 2026-07-06 · read from full text

The paper studies privacy in Quantum-Computing-as-a-Service settings where users receive only classical measurement transcripts, and repeated shot execution can amplify hardware-specific variations into identifiable statistical fingerprints. Using IBM superconducting processor experiments, the authors show that a transcript-only adversary can infer the backend with up to 89.3% attack success at T = 20 repetition rounds under multi-interface aggregation. They propose a cross-layer provenance-protection architecture, introducing Measurement-Agnostic Quantum Differential Privacy (MA-QDP) as a transcript-level criterion and suppressing provenance inference via atomic outcome randomization plus context decorrelation at the orchestration layer, evaluating performance through simulations and reporting a privacy–utility frontier. As a preprint, it is explicitly not peer reviewed. The paper does not explicitly discuss endometriosis or adenomyosis; it was included in the corpus via a keyword match in the upstream search index.

Read from the paper's body, not the abstract. Not a substitute for reading the paper. No clinical advice. How this works

Abstract

Abstract Quantum cloud users access remote processors through classical measurement transcripts. The repeated shots that are operationally required for reliable quantum readout can systematically resolve microscopic, quasi-static hardware variations into stable statistical fingerprints. On IBM superconducting processors, we show that a transcript-only adversary can identify the backend with up to $89.3\%$ attack success rate at $T = 20$ repetition rounds under multi-interface aggregation. This exposes a privacy locus mismatch: many channel-centric quantum privacy formulations regulate distinguishability at the level of quantum states or channels, whereas the operational attack in Quantum-Computing-as-a-Service (QCaaS) targets repeated classical transcripts and the latent service provenance they reveal after measurement. We therefore formulate privacy for repeated quantum workloads as a cross-layer provenance-protection problem. We protect the latent service provenance behind a released transcript, namely the service provenance that jointly reflects backend realization and serving context in QCaaS settings where this provenance is not fully disclosed to the observing party. At the measurement interface, we formulate Measurement-Agnostic Quantum Differential Privacy (MA-QDP) as an operational transcript-level privacy criterion for repeated quantum workloads, uniform over physically admissible POVMs and arbitrary classical post-processing. MA-QDP specifies the privacy locus and protected secret appropriate to QCaaS transcript release, and is instantiated via atomic outcome randomization before aggregation. At the orchestration layer, we incorporate context decorrelation to suppress persistent linkage of repeated sessions to a stable service provenance. In controlled simulations, the integrated framework suppresses provenance inference under realistic shot budgets while preserving task-relevant information, yielding a favorable privacy-utility frontier compared to channel-level and classical-level perturbations. Together, our results identify repetition as an intrinsic fingerprint amplifier in QCaaS and motivate a cross-layer provenance-protection architecture for secure, repeated quantum workloads.
Full text 14,827 characters · extracted from preprint-html · click to expand
A Cross-layer Provenance-Protection Architecture for Repeated Quantum Measurements in the Cloud | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Physical Sciences - Article A Cross-layer Provenance-Protection Architecture for Repeated Quantum Measurements in the Cloud Baihe Ma, Zhanning Wang, Xu Wang, Xuelei Qi, Chen Li, Guangsheng Yu, and 5 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-9185986/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Quantum cloud users access remote processors through classical measurement transcripts. The repeated shots that are operationally required for reliable quantum readout can systematically resolve microscopic, quasi-static hardware variations into stable statistical fingerprints. On IBM superconducting processors, we show that a transcript-only adversary can identify the backend with up to $89.3%$ attack success rate at $T = 20$ repetition rounds under multi-interface aggregation. This exposes a privacy locus mismatch: many channel-centric quantum privacy formulations regulate distinguishability at the level of quantum states or channels, whereas the operational attack in Quantum-Computing-as-a-Service (QCaaS) targets repeated classical transcripts and the latent service provenance they reveal after measurement. We therefore formulate privacy for repeated quantum workloads as a cross-layer provenance-protection problem. We protect the latent service provenance behind a released transcript, namely the service provenance that jointly reflects backend realization and serving context in QCaaS settings where this provenance is not fully disclosed to the observing party. At the measurement interface, we formulate Measurement-Agnostic Quantum Differential Privacy (MA-QDP) as an operational transcript-level privacy criterion for repeated quantum workloads, uniform over physically admissible POVMs and arbitrary classical post-processing. MA-QDP specifies the privacy locus and protected secret appropriate to QCaaS transcript release, and is instantiated via atomic outcome randomization before aggregation. At the orchestration layer, we incorporate context decorrelation to suppress persistent linkage of repeated sessions to a stable service provenance. In controlled simulations, the integrated framework suppresses provenance inference under realistic shot budgets while preserving task-relevant information, yielding a favorable privacy-utility frontier compared to channel-level and classical-level perturbations. Together, our results identify repetition as an intrinsic fingerprint amplifier in QCaaS and motivate a cross-layer provenance-protection architecture for secure, repeated quantum workloads. Physical sciences/Mathematics and computing/Information technology Physical sciences/Mathematics and computing/Computer science Physical sciences/Physics/Quantum physics/Quantum information Quantum security Quantum semantic information Fingerprint Privacy Full Text Additional Declarations There is NO Competing Interest. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-9185986","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Physical Sciences - Article","associatedPublications":[],"authors":[{"id":610562282,"identity":"1f23b960-03af-45bb-a8a4-cdb6e2234745","order_by":0,"name":"Baihe Ma","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA50lEQVRIie3QuwrCMBSA4VMKdSl0jRTxFRoEF5G+iiFDF0FHB4dM6SJ07WMIgrMQcCq4FrpYBF0cMjqIerzMTUeH/BBOC/lICIDN9ofF4EgcCoLvv2smVHzIBbrCbUmiHXg4nvjRltBUyaOGqj8oZ0rDYsREp4gaSeyzlOZQ0W3JPQJFwoQ/bSZUMBn6UDlvgk+hmAADiQ61DO+g4k3OXe08kARXAynxFHxktiYciCOQENPF8lp2V5HieXEaksk+GUhynjeSOEjO5LZQ4yxlJ62Xo14W8HUj+V3vNye4vBb7bTabzWboBbtaSSTQS1uYAAAAAElFTkSuQmCC","orcid":"https://orcid.org/0000-0003-4167-2797","institution":"University of Technology Sydney","correspondingAuthor":true,"prefix":"","firstName":"Baihe","middleName":"","lastName":"Ma","suffix":""},{"id":610562283,"identity":"6329595d-cebf-4ec6-b65d-da7723fbe967","order_by":1,"name":"Zhanning Wang","email":"","orcid":"","institution":"Consejo Superior de Investigaciones Científicas","correspondingAuthor":false,"prefix":"","firstName":"Zhanning","middleName":"","lastName":"Wang","suffix":""},{"id":610562284,"identity":"205ebe91-2161-45a9-a7a8-cf894c01cc5d","order_by":2,"name":"Xu Wang","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Xu","middleName":"","lastName":"Wang","suffix":""},{"id":610562285,"identity":"c1062c9c-3dc7-432f-9fa6-10de1ad8645b","order_by":3,"name":"Xuelei Qi","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Xuelei","middleName":"","lastName":"Qi","suffix":""},{"id":610562286,"identity":"bdb3ef77-f57e-4392-afee-b84f4c8fa8b4","order_by":4,"name":"Chen Li","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Chen","middleName":"","lastName":"Li","suffix":""},{"id":610562287,"identity":"6682005d-c487-48f6-a694-37fa6f53a371","order_by":5,"name":"Guangsheng Yu","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Guangsheng","middleName":"","lastName":"Yu","suffix":""},{"id":610562288,"identity":"05a83c2d-5260-450d-a0dc-e280593908dd","order_by":6,"name":"Yanna Jiang","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Yanna","middleName":"","lastName":"Jiang","suffix":""},{"id":610562289,"identity":"0bae90b5-e2a7-49f5-99f9-a9ae9b0313ed","order_by":7,"name":"Haiyu Deng","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Haiyu","middleName":"","lastName":"Deng","suffix":""},{"id":610562290,"identity":"dc9214d4-7362-4a42-bfd9-9e82c5e37d02","order_by":8,"name":"Qin Wang","email":"","orcid":"","institution":"CSIRO","correspondingAuthor":false,"prefix":"","firstName":"Qin","middleName":"","lastName":"Wang","suffix":""},{"id":610562291,"identity":"c6913605-f245-4d38-8718-5b9600073fa4","order_by":9,"name":"Ren Liu","email":"","orcid":"","institution":"University of Technology Sydney","correspondingAuthor":false,"prefix":"","firstName":"Ren","middleName":"","lastName":"Liu","suffix":""},{"id":610562292,"identity":"9465fb13-dc29-4803-be4a-35ca092659e4","order_by":10,"name":"Wei Ni","email":"","orcid":"","institution":"Edith Cowan University","correspondingAuthor":false,"prefix":"","firstName":"Wei","middleName":"","lastName":"Ni","suffix":""}],"badges":[],"createdAt":"2026-03-21 13:15:20","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-9185986/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-9185986/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":105567179,"identity":"f81120b0-6dcb-467f-92fd-6dc2a5ecca6d","added_by":"auto","created_at":"2026-03-27 12:58:33","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":8327010,"visible":true,"origin":"","legend":"Article File","description":"","filename":"ACrossLayerProvenanceProtectionArchitectureforRepeatedQuantumMeasurementsintheCloud.pdf","url":"https://assets-eu.researchsquare.com/files/rs-9185986/v1_covered_7b0e2cda-b3b0-4b8e-84a6-66598e01599d.pdf"}],"financialInterests":"There is \u003cb\u003eNO\u003c/b\u003e Competing Interest.","formattedTitle":"A Cross-layer Provenance-Protection Architecture for Repeated Quantum Measurements in the Cloud","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Quantum security, Quantum semantic information, Fingerprint, Privacy","lastPublishedDoi":"10.21203/rs.3.rs-9185986/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-9185986/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Quantum cloud users access remote processors through classical measurement transcripts. The repeated shots that are operationally required for reliable quantum readout can systematically resolve microscopic, quasi-static hardware variations into stable statistical fingerprints. On IBM superconducting processors, we show that a transcript-only adversary can identify the backend with up to $89.3\\%$ attack success rate at $T = 20$ repetition rounds under multi-interface aggregation. This exposes a privacy locus mismatch: many channel-centric quantum privacy formulations regulate distinguishability at the level of quantum states or channels, whereas the operational attack in Quantum-Computing-as-a-Service (QCaaS) targets repeated classical transcripts and the latent service provenance they reveal after measurement.\r\n\r\nWe therefore formulate privacy for repeated quantum workloads as a cross-layer provenance-protection problem. We protect the latent service provenance behind a released transcript, namely the service provenance that jointly reflects backend realization and serving context in QCaaS settings where this provenance is not fully disclosed to the observing party. At the measurement interface, we formulate Measurement-Agnostic Quantum Differential Privacy (MA-QDP) as an operational transcript-level privacy criterion for repeated quantum workloads, uniform over physically admissible POVMs and arbitrary classical post-processing. MA-QDP specifies the privacy locus and protected secret appropriate to QCaaS transcript release, and is instantiated via atomic outcome randomization before aggregation. At the orchestration layer, we incorporate context decorrelation to suppress persistent linkage of repeated sessions to a stable service provenance.\r\n\r\nIn controlled simulations, the integrated framework suppresses provenance inference under realistic shot budgets while preserving task-relevant information, yielding a favorable privacy-utility frontier compared to channel-level and classical-level perturbations. Together, our results identify repetition as an intrinsic fingerprint amplifier in QCaaS and motivate a cross-layer provenance-protection architecture for secure, repeated quantum workloads.","manuscriptTitle":"A Cross-layer Provenance-Protection Architecture for Repeated Quantum Measurements in the Cloud","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-03-27 07:35:10","doi":"10.21203/rs.3.rs-9185986/v1","editorialEvents":[],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"d3134f8c-a02c-417d-947e-810f6a363f6d","owner":[],"postedDate":"March 27th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":64958343,"name":"Physical sciences/Mathematics and computing/Information technology"},{"id":64958344,"name":"Physical sciences/Mathematics and computing/Computer science"},{"id":64958345,"name":"Physical sciences/Physics/Quantum physics/Quantum information"}],"tags":[],"updatedAt":"2026-03-27T07:35:10+00:00","versionOfRecord":[],"versionCreatedAt":"2026-03-27 07:35:10","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-9185986","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-9185986","identity":"rs-9185986","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2026) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00
unpaywall
last seen: 2026-05-26T02:00:01.498150+00:00
License: CC-BY-4.0