Transferability of Quantum Adversarial Machine Learning

Quantum adversarial machine learning lies at the intersection of quantum computing and adversarial machine learning. As the attainment of quantum supremacy demonstrates, quantum computers have already outpaced classical computers in certain domains (Arute et al. in Nature 574:505-510, 2019 [3]). The study of quantum computation is becoming increasingly relevant in today's world. A field in which quantum computing may be applied is adversarial machine learning. A step toward better understanding quantum computing applied to adversarial machine learning has been taken recently by Lu et al. (Phys Rev Res 2:1-18, 2020 [13]), who have shown that gradient-based adversarial attacks can be transferred from classical to quantum neural networks. Inspired by Lu et al. (Phys Rev Res 2:1-18, 2020 [13]), we investigate the existence of the transferability of adversarial examples between different neural networks and the implications of that transferability. We find that, when the fast gradient sign attacks, as described by Goodfellow et al. (Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 [9]), is applied to a quantum neural network, the adversarially perturbed images produced with that method have transferability between quantum neural networks and from quantum to classical neural networks. In other words, adversarial images produced to deceive a quantum neural network can also deceive other quantum and classical neural networks. The results demonstrate that there exists transferability of adversarial examples in quantum machine learning. This transferability suggests a similarity in the decision boundaries of the different models, which may be an important subject of future study in quantum machine learning theory.