Note
This plugin was developed to demonstrate the importance of reproducible builds in the Qiskit quantum computing workflow. It shows that non-reproducibility in the transpilation process (specifically during the init stage) can be exploited to encode classical information into the transpiled quantum circuit. If an attacker subsequently gains access to the job description, this can lead to the leakage of confidential data.
A transpilation init plugin for Qiskit that demonstrates how a modified transpilation stage can be used to hide classical information in the final transpiled quantum circuit.
The current implementation, by default, tries to encode the HSLU logo into the transpiled circuit. The raw image is
encoded into large integers, which are saved as parameters of
RZGates. These gates are added to
an auxiliary QuantumRegister in the
first stage (init) of the
transpilation surrounded by
reset instructions. This guarantees that later
stages in the transpilation (e.g. routing, optimization, etc.) do not modify this quantum register in any way, allowing
the extraction of the leaked data.
Custom data can be encoded if builtins.data exists. In that case, the bytes from that variable are used instead of
the HSLU logo (see the example below).
The plugin is implemented as a subclass of
PassManagerStagePlugin,
which appends to the default init pass DefaultInitPassManager a new
TransformationPass, called
LeakyQubit.
Encoded data can be recovered with recover_data() implemented in the decoder module.
See the example below.
git clone https://github.com/iyanmv/qiskit-leaky-init.git
cd qiskit-leaky-init
pip install .import builtins
import io
import secrets
from pathlib import Path
from PIL import Image
from qiskit.circuit import QuantumCircuit
from qiskit.transpiler.preset_passmanagers import generate_preset_pass_manager
from qiskit.transpiler.preset_passmanagers.plugin import list_stage_plugins
from qiskit_ibm_runtime import QiskitRuntimeService
from qiskit_ibm_runtime.fake_provider import FakeBrisbane
from qiskit_leaky_init import recover_data
# Check that init plugin was installed correctly
assert "leaky_init" in list_stage_plugins("init")
# To encode custom data, store it in builtins.data. For example:
# builtins.data = secrets.token_bytes(256)
backend = FakeBrisbane()
pm = generate_preset_pass_manager(
optimization_level=3, backend=backend, init_method="leaky_init"
)
# 3-qubit GHZ circuit
qc = QuantumCircuit(3)
qc.h(0)
qc.cx(0, range(1, 3))
# Transpiled circuit with leaked data
isa_qc = pm.run(qc)
recovered_img = recover_data(isa_qc)
Image.open(io.BytesIO(recovered_img)).show()