The same machines that could one day break parts of the modern encryption system are themselves exposed to new forms of attack, error and information leakage, according to a new arXiv survey by researchers from the Indian Institute of Information Technology Guwahati and Trellix R&D who set out to map a fast-growing security problem for quantum computing.
The study reviews recent work on both sides of the issue. It looks at the security of quantum computers, the threats quantum computers pose to classical cybersecurity, and the tools being developed to protect data, networks and software in a post-quantum world.
The researchers write that quantum computing has moved from a mostly theoretical field into a practical engineering race. Cloud-based systems from major technology companies have made quantum processors available to more users. But those systems remain fragile. Today’s noisy intermediate-scale quantum devices, often called NISQ machines, are vulnerable to noise, decoherence, gate instability, measurement errors and hardware imperfections.
In plain terms, quantum computers are powerful because they use qubits, which can represent information in ways classical bits cannot. But qubits are also delicate. Small disturbances from the environment, hardware or neighboring qubits can change the state of a computation. That creates reliability problems. The survey reports that it may also create security problems.
The paper frames the issue as a dual challenge. Researchers must secure quantum systems against new kinds of attacks while also preparing classical cybersecurity systems for a future in which quantum computers can defeat widely used encryption.
That tension is becoming more urgent as governments, banks, cloud providers, telecom operators and critical infrastructure companies prepare for the post-quantum transition. A powerful enough quantum computer could undermine public-key cryptography, including RSA and elliptic-curve systems, that protects online banking, digital signatures, software updates, blockchains and secure web traffic. At the same time, the quantum systems being built to address these problems may introduce attack surfaces of their own.
Quantum Computers Have Their Own Security Problem
The survey identifies several major risks inside quantum computing systems, including noise exploitation, information leakage, malicious circuit manipulation, quantum side-channel attacks, untrusted third-party compilers and crosstalk in shared quantum hardware.
Noise is one of the central problems. In quantum computing, noise refers to unwanted disturbances that cause errors in a calculation. Some noise comes from imperfect gates, which are the quantum version of logic operations. Some comes from decoherence, which occurs when a qubit loses its quantum state through interaction with its surroundings. Other errors arise during measurement, when the system reads out the final result.
The researchers report that noise can do more than make computations wrong. It can also become a security weakness. An attacker may be able to design circuits that exploit noise-induced effects or use repeated executions to infer information from output patterns. This is especially important because quantum computers often run the same circuit many times, known as shots, to build up a statistical picture of the result.
The study also highlights information leakage through residual quantum states. If traces of a previous computation persist across repeated runs, an attacker could use systematic error patterns to infer partial information. That risk is not the same as a conventional data breach, but the practical effect could still matter. Sensitive circuit behavior or output bias could be exposed through the system’s physical behavior.
Quantum side-channel attacks are another concern because classical computers have long been vulnerable to attacks that infer secrets from timing, power use or other indirect signals. The survey reports that similar risks are emerging in quantum computing. In a quantum system, an attacker might observe timing, energy use or micro-architectural behavior to reconstruct details of a circuit.
Another problem is that many users rely on third-party quantum compilers to translate circuits into forms that can run efficiently on specific hardware. That step is essential because quantum processors have limited qubit connectivity, hardware-specific gate behavior and error patterns. But an untrusted compiler may see the full circuit design. It could leak intellectual property, insert hidden changes, reorder gates, map qubits poorly or bias results in ways that are difficult to detect.
This problem is harder than in classical computing because quantum outputs are probabilistic. A wrong answer may not look like a clear failure. It may appear as a shift in probabilities.
The survey also devotes significant attention to crosstalk, which occurs when operations on one qubit unintentionally affect another. It can happen because qubits are close together, share control hardware or are operated at the same time. In cloud-based quantum computing, the risk grows when multiple users share the same processor. A neighboring circuit could interfere with another computation, reduce accuracy or leak information.
The researchers cite prior work showing that adversarial operations running alongside victim circuits can reduce the probability of correct outputs. That finding matters for multi-tenant quantum cloud services, where several users may eventually run circuits on the same physical device.
Defenses Are Emerging
The survey reviews several approaches for making quantum computers more reliable and secure, but it also makes clear that no single method solves the problem.
Error mitigation techniques are one major class of defenses. These methods try to reduce the effect of noise without requiring full quantum error correction, which remains beyond the reach of most near-term machines. Zero-noise extrapolation, for example, runs a quantum circuit at different noise levels and estimates what the result would be in a noiseless system. Quasi-probability methods try to reconstruct ideal results by statistically reweighting noisy operations.
Other methods work closer to the hardware. Dynamical decoupling uses carefully timed control pulses to protect idle qubits from environmental noise. Randomized compiling converts certain predictable errors into more random errors that are easier to model. Measurement error mitigation calibrates and corrects readout mistakes after a computation is measured.
The researchers report that these methods have trade-offs. Some require detailed hardware access. Some introduce sampling overhead. Some work only for shallow circuits. Machine-learning-based methods may adapt to specific noise patterns, but they also require high-quality training data. That creates a risk of false confidence if a model produces plausible corrected outputs from flawed quantum states.
Compiler security defenses are also under development. Split compilation divides a circuit into pieces so no single compiler can see the whole design. Circuit obfuscation adds or transforms gates to make reverse engineering harder. Other methods insert reversible random circuits that obscure the structure during compilation and later restore the intended function.
These approaches may protect intellectual property, but they can also increase circuit depth, introduce more noise or add operational complexity. That is a recurring theme in the survey. Security, accuracy and efficiency often pull in different directions.
Crosstalk defenses include better qubit allocation, circuit separation, buffer qubits, spectator qubits, pulse engineering, context switching and hardware-aware scheduling. Some methods depend on detailed maps of how a device behaves. Others rely on randomization or execution diversity to make attacks less reliable. The researchers report that practical systems will likely need combinations of hardware design, compiler scheduling, noise characterization and error suppression.
The broader conclusion is that quantum security cannot be bolted on at the end. It will have to be built across hardware, software, compilers, cloud orchestration and cryptographic layers.
The Quantum Deadline
The survey also reviews the more familiar threat from quantum computers to classical cybersecurity.
The main risk comes from quantum algorithms that could weaken or break cryptographic systems. Shor’s algorithm threatens public-key systems such as RSA and elliptic-curve cryptography by making it possible, in principle, to solve the mathematical problems that protect them. Grover’s algorithm can speed up brute-force search, reducing the effective security strength of symmetric encryption and hash functions.
A large, fault-tolerant quantum computer capable of running these attacks at scale does not yet exist. But the risk is already affecting security planning because of the store-now-decrypt-later threat. Attackers can collect encrypted data now and wait until future quantum computers can decrypt it. That is a major issue for government secrets, health records, financial records, intellectual property and other data that must remain confidential for many years.
Post-quantum cryptography is the leading response. Unlike quantum key distribution, post-quantum cryptography runs on classical computers. It uses mathematical problems believed to be resistant to both classical and quantum attacks. The survey identifies lattice-based, hash-based and code-based schemes as important candidates for quantum-resistant security across cryptography, blockchain, software security and internet-of-things systems.
But migration will be difficult because some post-quantum schemes require larger keys, more bandwidth, more storage or more computation. That can be a particular problem for small devices, including sensors, smart meters, industrial controllers and internet-of-things products with limited memory and power.
Quantum key distribution or QKD offers another path. QKD uses quantum states, often photons, to help two parties share cryptographic keys. Because measuring a quantum state disturbs it, QKD can reveal some eavesdropping attempts. The survey notes, however, that QKD has real-world limits. It requires specialized hardware, is sensitive to environmental conditions and remains constrained by distance, infrastructure and integration challenges.
The researchers report that practical QKD systems face limits from detector noise and optical fiber losses. They also note that quantum repeaters and other network components needed for large-scale deployment remain under active development.
The result is likely to be a mixed transition as classical post-quantum cryptography carry much of the near-term burden, while QKD may serve specialized high-security links where cost, distance and infrastructure can be managed.
Blockchain, IoT And Intrusion Detection
The survey extends beyond encryption to several cybersecurity domains where quantum computing could create both risk and opportunity.
Blockchain systems face direct exposure because they rely on digital signatures and hash functions. Bitcoin, Ethereum and other systems use elliptic-curve signatures to prove ownership and authorize transactions. A quantum attack that recovers private keys could enable signature forgery or theft. Grover’s algorithm could also weaken proof-of-work systems by accelerating hash searches, although the practical impact depends on the scale and cost of future quantum hardware.
The researchers review proposed defenses, including post-quantum signatures, hash-based systems and migration protocols that move users from vulnerable keys to quantum-safe keys. One challenge is coordination. A blockchain migration requires many independent users, developers, miners, validators, exchanges and wallet providers to act in time. The survey reports that research on incentives, phased migration and decentralized coordination remains limited.
Many Internet of Things devices rely on classical key exchange, digital signatures and transport protocols, which makes IoT another hard case. They may remain deployed for years with limited update capacity. That makes them vulnerable to future quantum attacks and difficult to migrate. Larger post-quantum keys and signatures can strain low-power devices. The researchers point to hybrid approaches, lightweight post-quantum designs and improved key generation as important areas for continued work.
Quantum machine learning is also being studied for malware detection and network intrusion detection. The idea is that quantum models may help process complex patterns in high-dimensional security data. The survey reviews work on hybrid quantum-classical neural networks, quantum support vector machines and quantum-inspired intrusion detection systems.
Yet the study is cautious, reporting that many of these systems have been tested only on small datasets or controlled benchmarks. Current quantum hardware remains noisy and limited. The researchers report that scaling quantum-enhanced intrusion detection to real-world traffic while maintaining accuracy, low latency and clear quantum benefit remains an open challenge.
The researchers are suggesting that quantum cybersecurity is not just about replacing classical tools with quantum ones. In many cases, the near-term path is hybrid. Classical systems will still handle much of the data processing, orchestration and decision-making, while quantum components may be tested for specialized tasks.
Limits And Future Research
The survey’s broad scope might also be one of its limits. It consolidates a large body of research rather than presenting a new experiment or a single new security tool. That makes it useful as a map of the field, but it also means many of the findings depend on prior studies that use different assumptions, hardware platforms, benchmarks and threat models.
The researchers identify several open problems, including:
- Quantum hardware security remains immature. Many defenses assume access to detailed noise models or device behavior that may not be available to ordinary users. As quantum cloud services grow, customers may need stronger assurances about isolation, compiler trust, device calibration and execution integrity.
- Quantum error mitigation is not a full substitute for fault tolerance. Error mitigation can improve results on current devices, but it does not provide the same guarantees expected from future error-corrected quantum computers. Security methods that rely on noisy hardware must account for this gap.
- The post-quantum migration will be uneven. Large organizations may move earlier, but smaller firms, legacy systems, embedded devices and public infrastructure may lag. The survey indicates that overhead, compatibility and resource limits remain serious barriers.
- QKD still faces deployment constraints. It may offer strong security properties, but distance limits, specialized hardware and integration costs make it unlikely to replace conventional cryptography everywhere.
- Quantum-enhanced cybersecurity applications still need proof at scale. Malware detection, intrusion detection and smart-grid security are promising areas, but the practical quantum advantage remains uncertain on current machines.
The study’s larger message is that quantum computing changes the security landscape in two directions at once. It threatens existing cryptographic infrastructure, and it creates new security problems inside quantum systems. It also offers new tools, from quantum-safe communication to possible gains in cyber defense.
For security leaders, preparing for the quantum era cannot wait for a perfect quantum computer. Encryption migration, software inventories, key-management planning and quantum-aware risk models can begin now. At the same time, quantum hardware developers and cloud providers will need to treat security as a core design requirement, not just an application layer concern.
