Certifying Adversarial Robustness in Quantum Machine Learning: From Theory to Physical Validation
Several foundational models in classical machine learning have been successfully extended to the quantum domain, offering potential advantages in training efficiency and enabling novel applications in quantum data analysis on near-term quantum hardware. However, the issue of adversarial robustness has become a critical concern in quantum machine learning (QML), especially given the presence of unavoidable noise on current quantum devices. In this talk, I will present a formal framework for certifying adversarial robustness in QML algorithms. We establish theoretical guarantees using fidelity-based robustness bounds, which are shown to be optimally computable via semidefinite programming, and we demonstrate their feasibility on existing quantum hardware. Building on this foundation, we introduce VeriQR, the first dedicated robustness verification tool for QML. VeriQR integrates both exact and approximate methods to support robustness certification, detect adversarial examples, and facilitate adversarial training to enhance model robustness. Finally, I will report on the first experimental benchmarking of adversarial robustness conducted on a 20-qubit superconducting quantum processor, validating the effectiveness of our certification framework in a real-device setting. These results collectively demonstrate a scalable, end-to-end methodology for formally verifying and improving the robustness of quantum learning models in both theory and practice.