-
Quantum artificial intelligence exploits the interplay between artificial intelligence and quantum physics: on the one hand, a plethora of tools and ideas from artificial intelligence can be adopted to tackle intricate quantum problems; on the other hand, quantum computing could also bring unprecedented opportunities to enhance, speed up, or innovate artificial intelligence. Yet, quantum learning systems, similar to classical ones, may also suffer adversarial attacks: adding a tiny carefully-crafted perturbation to the legitimate input data would cause the systems to make incorrect predictions at a notably high confidence level. In this paper, we introduce the basic concepts and ideas of classical and quantum adversarial learning, as well as some recent advances along this line. First, we introduce the basics of both classical and quantum adversarial learning. Through concrete examples, involving classifications of phases of two-dimensional Ising model and three-dimensional chiral topological insulators, we reveal the vulnerability of classical machine learning phases of matter. In addition, we demonstrate the vulnerability of quantum classifiers with the example of classifying hand-written digit images. We theoretically elucidate the celebrated no free lunch theorem from the classical and quantum perspectives, and discuss the universality properties of adversarial attacks in quantum classifiers. Finally, we discuss the possible defense strategies. The study of adversarial learning in quantum artificial intelligence uncovers notable potential risks for quantum intelligence systems, which would have far-reaching consequences for the future interactions between the two areas.
-
Keywords:
- quantum artificial intelligence /
- quantum adversarial learning /
- quantum classifiers /
- topological phases of mater
[1] Krizhevsky A, Sutskever I, Hinton G E 2012 Proceedings of the 25th International Conference on Neural Information Processing Systems (Volume 1) New York, USA, December 3−8, 2012 p1097
[2] Hinton G, Deng L, Yu D, Dahl G E, Mohamed A, Jaitly N, Senior A, Vanhoucke V, Nguyen P, Sainath T N, Kingsbury B 2012 IEEE Signal Process. Mag. 29 82Google Scholar
[3] Kononenko I 2001 Artif. Intell. Med. 23 89Google Scholar
[4] Grigorescu S, Trasnea B, Cocias T, Macesanu G 2020 J. Field Robot 37 362Google Scholar
[5] LeCun Y, Bengio Y, Hinton G 2015 Nature 521 436Google Scholar
[6] Jordan M, Mitchell T 2015 Science 349 255Google Scholar
[7] Silver D, Huang A, Maddison C J, et al. 2016 Nature 529 484Google Scholar
[8] Silver D, Schrittwieser J, Simonyan K, et al. 2017 Nature 550 354Google Scholar
[9] Senior A W, Evans R, Jumper J, et al. 2020 Nature 577 706Google Scholar
[10] Russell S, Norvig P 2020 Artificial Intelligence: A Modern Approach (Hoboken: Pearson) pp1−61
[11] Bishop C 2006 Pattern Recognition and Machine Learning (New York: Springer-Verlag) pp225−284
[12] Nielsen M A, Chuang I L 2010 Quantum Computation and Quantum Information (Cambridge: Cambridge University Press) pp171−352
[13] Arute F, Arya K, Babbush R, et al. 2019 Nature 574 505Google Scholar
[14] Zhong H S, Wang H, Deng Y H, Chen M C, Peng L C, Luo Y H, Qin J, Wu D, Ding X, Hu Y, Hu P, Yang X Y, Zhang W J, Li H, Li Y, Jiang X, Gan L, Yang G, You L, Wang Z, Li L, Liu N L, Lu C Y, Pan J W 2020 Science 370 1460
[15] Biamonte J, Wittek P, Pancotti N, Rebentrost P, Wiebe N, Lloyd S 2017 Nature 549 195Google Scholar
[16] Dunjko V, Briegel H J 2018 Rep. Prog. Phys. 81 074001Google Scholar
[17] Das Sarma S, Deng D L, Duan L M 2019 Phys. Today 72 48Google Scholar
[18] Carleo G, Troyer M 2017 Science 355 602Google Scholar
[19] Torlai G, Mazzola G, Carrasquilla J, Troyer M, Melko R, Carleo G 2018 Nat. Phys. 14 447Google Scholar
[20] Zhang Y H, Zheng P L, Zhang Y, Deng D L 2020 Phys. Rev. Lett. 125 170501Google Scholar
[21] Deringer V L, Bernstein N, Csányi G, Ben Mahmoud C, Ceriotti M, Wilson M, Drabold D A, Elliott S R 2021 Nature 589 59Google Scholar
[22] Deng D L 2018 Phys. Rev. Lett. 120 240402Google Scholar
[23] Deng D L, Li X, Das Sarma S 2017 Phys. Rev. B 96 195145Google Scholar
[24] Zhang Y, Kim E A 2017 Phys. Rev. Lett. 118 216401Google Scholar
[25] Carrasquilla J, Melko R G 2017 Nat. Phys. 13 431Google Scholar
[26] van Nieuwenburg E P L, Liu Y H, Huber S D 2017 Nat. Phys. 13 435Google Scholar
[27] Wang L 2016 Phys. Rev. B 94 195105Google Scholar
[28] Broecker P, Carrasquilla J, Melko R G, Trebst S 2017 Sci. Rep. 7 8823Google Scholar
[29] Ch’ng K, Carrasquilla J, Melko R G, Khatami E 2017 Phys. Rev. X 7 031038Google Scholar
[30] Wetzel S J 2017 Phys. Rev. E 96 022140Google Scholar
[31] Hu W, Singh R R P, Scalettar R T 2017 Phys. Rev. E 95 062122Google Scholar
[32] Zhang Y, Mesaros A, Fujita K, Edkins S D, Hamidian M H, Ch’ng K, Eisaki H, Uchida S, Davis J C S, Khatami E, Kim E-A 2019 Nature 570 484Google Scholar
[33] Lian W, Wang S T, Lu S, Huang Y, Wang F, Yuan X, Zhang W, Ouyang X, Wang X, Huang X, He L, Chang X, Deng D L, Duan L 2019 Phys. Rev. Lett. 122 210503Google Scholar
[34] Harrow A W, Hassidim A, Lloyd S 2009 Phys. Rev. Lett. 103 150502Google Scholar
[35] Lloyd S, Mohseni M, Rebentrost P 2014 Nat. Phys. 10 631Google Scholar
[36] Dunjko V, Taylor J M, Briegel H J 2016 Phys. Rev. Lett. 117 130501Google Scholar
[37] Amin M H, Andriyash E, Rolfe J, Kulchytskyy B, Melko R 2018 Phys. Rev. X 8 021050Google Scholar
[38] Gao X, Zhang Z Y, Duan L M 2018 Sci. Adv. 4 eaat9004Google Scholar
[39] Lloyd S, Weedbrook C 2018 Phys. Rev. Lett. 121 040502Google Scholar
[40] Hu L, Wu S H, Cai W, Ma Y, Mu X, Xu Y, Wang H, Song Y, Deng D L, Zou C L, Sun L 2019 Sci. Adv. 5 eaav2761Google Scholar
[41] Schuld M, Killoran N 2019 Phys. Rev. Lett. 122 040504Google Scholar
[42] Rebentrost P, Mohseni M, Lloyd S 2014 Phys. Rev. Lett. 113 130503Google Scholar
[43] Chakraborty A, Alam M, Dey V, Chattopadhyay A, Mukhopadhyay D 2018 arXiv: 1810.00069 [cs, stat]
[44] Biggio B, Roli F 2018 Pattern Recognit. 84 317Google Scholar
[45] Miller D J, Xiang Z, Kesidis G 2019 arXiv: 1904.06292 [cs, stat]
[46] Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R 2014 arXiv: 1312.6199 [cs]
[47] Goodfellow I J, Shlens J, Szegedy C 2015 arXiv: 1412.6572 [cs, stat]
[48] Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y 2014 Adv. Neural Inf. Process. Syst. 27 2672
[49] Preskill J 2018 Quantum 2 79Google Scholar
[50] Lu S, Duan L M, Deng D L 2020 Phys. Rev. Res. 2 033212Google Scholar
[51] Guan J, Fang W, Ying M 2020 arXiv: 2008.07230 [quant-ph]
[52] Wiebe N, Kumar R S S 2018 New J. Phys. 20 123019Google Scholar
[53] Liu N, Wittek P 2020 Phys. Rev. A 101 062331Google Scholar
[54] Gong W, Deng D L 2021 arXiv: 2102.07788 [cond-mat, physics: quant-ph]
[55] Dalvi N, Domingos P, Mausam, Sanghai S, Verma D 2004 Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining Seattle, USA, August 22−25, 2004 p99
[56] [57] Barreno M, Nelson B, Sears R, Joseph A D, Tygar J D 2006 Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security Taipei, China, March 21−24, 2006 p16
[58] Huang L, Joseph A D, Nelson B, Rubinstein B I P, Tygar J D 2011 Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence Chicago, USA, October 21, 2011 p43
[59] Vorobeychik Y, Kantarcioglu M 2018 Synth. Lect. Artif. Intell. Mach. Learn. 12 1Google Scholar
[60] Kurakin A, Goodfellow I, Bengio S 2017 arXiv: 1611.01236 [cs, stat]
[61] Ben-Tal A, Ghaoui L E, Nemirovski A 2009 Robust Optimization (Princeton: Princeton University Press) pp1−146
[62] Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A 2018 International Conference on Learning Representations Vancouver, Canada, April 30−May 3, 2018 p1
[63] Kurakin A, Goodfellow I, Bengio S 2017 arXiv: 1607.02533 [cs, stat]
[64] Dong Y, Liao F, Pang T, Su H, Zhu J, Hu X, Li J 2018 Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Salt Lake City, USA, June 18−23, 2018 p9185
[65] Hsu Y T, Li X, Deng D L, Das Sarma S 2018 Phys. Rev. Lett. 121 245701Google Scholar
[66] Rodriguez-Nieva J F, Scheurer M S 2019 Nat. Phys. 15 790Google Scholar
[67] Zhang P, Shen H, Zhai H 2018 Phys. Rev. Lett. 120 066401Google Scholar
[68] Huembeli P, Dauphin A, Wittek P 2018 Phys. Rev. B 97 134109Google Scholar
[69] Rem B S, Käming N, Tarnowski M, Asteria L, Fläschner N, Becker C, Sengstock K, Weitenberg C 2019 Nat. Phys. 15 917Google Scholar
[70] Bohrdt A, Chiu C S, Ji G, Xu M, Greif D, Greiner M, Demler E, Grusdt F, Knap M 2019 Nat. Phys. 15 921Google Scholar
[71] Jiang S, Lu S, Deng D L 2019 arXiv: 1910.13453 [cond-mat, physics: quant-ph]
[72] Neupert T, Santos L, Ryu S, Chamon C, Mudry C 2012 Phys. Rev. B 86 035125Google Scholar
[73] Deng D L, Wang S T, Duan L M 2014 Phys. Rev. A 90 041601Google Scholar
[74] Finlayson S G, Bowers J D, Ito J, Zittrain J L, Beam A L, Kohane I S 2019 Science 363 1287Google Scholar
[75] Ren K, Zheng T, Qin Z, Liu X 2020 Engineering 6 346Google Scholar
[76] Goodfellow I, Bengio Y, Courville A 2016 Deep Learning (Cambridge: The MIT Press) pp98−165
[77] Sutskever I, Vinyals O, Le Q V 2014 Proceedings of the 27th International Conference on Neural Information Processing Systems (Volume 2) Montréal, Canada, December 8−13, 2014 p3104
[78] Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez A N, Kaiser L, Polosukhin I 2017 arXiv: 1706.03762 [cs]
[79] Wolpert D H, Macready W G 1997 IEEE Trans. Evol. Comput. 1 67Google Scholar
[80] Shalev-Shwartz S, Ben-David S 2014 Understanding Machine Learning: From Theory to Algorithms (New York: Cambridge University Press) pp36−41
[81] Poland K, Beer K, Osborne T J 2020 arXiv: 2003.14103 [quant-ph]
[82] Schroff F, Kalenichenko D, Philbin J 2015 Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Boston, USA, June 7−12, 2015 p815
[83] Walters M 2015 arXiv: 1508.05448 [math-ph]
[84] Schwabl F 2006 Statistical Mechanics (Berlin Heidelberg: Springer-Verlag) pp1−20
[85] Dohmatob E 2019 arXiv: 1810.04065 [cs, stat]
[86] Sharif M, Bhagavatula S, Bauer L, Reiter M K 2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Vienna, Austria, October 24−28, 2016 p1528
[87] Papernot N, McDaniel P, Goodfellow I, Jha S, Celik Z B, Swami A 2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Abu Dhabi, UAE, April 2−6 2017 p506
[88] Ledoux M 2001 The Concentration of Measure Phenomenon (Providence: American Mathematical Society) pp1–21
[89] Hoeffding W 1963 J. Am. Stat. Assoc. 58 13Google Scholar
[90] Sharma K, Cerezo M, Holmes Z, Cincio L, Sornborger A, Coles P J 2020 arXiv: 2007.04900 [quant-ph]
[91] Du Y, Hsieh M H, Liu T, Tao D, Liu N 2020 arXiv: 2003.09416 [quant-ph]
[92] Tramèr F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P 2017 arXiv: 1705.07204 [cs, stat]
[93] Papernot N, McDaniel P, Wu X, Jha S, Swami A 2016 37th IEEE Symposium on Security and Privacy San Jose, USA, May 23−25, 2016 p582
[94] Samangouei P, Kabkab M, Chellappa R 2018 arXiv: 1805.06605 [cs, stat]
[95] Dallaire-Demers P L, Killoran N 2018 Phys. Rev. A 98 012324Google Scholar
[96] Huang K, Wang Z A, Song C, Xu K, Li H, Wang Z, Guo Q, Song Z, Liu Z-B, Zheng D, Deng D L, Wang H, Tian J G, Fan H 2020 arXiv: 2009.12827 [quant-ph]
[97] Zeng J, Wu Y, Liu J G, Wang L, Hu J 2019 Phys. Rev. A 99 052306Google Scholar
[98] Anderson P W 1967 Phys. Rev. Lett. 18 1049Google Scholar
[99] Deng D L, Pixley J H, Li X, Das Sarma S 2015 Phys. Rev. B 92 220201Google Scholar
-
图 1 量子与经典对抗学习示意图 输入的原始熊猫图像样本可以编码为经典或量子数据, 分类器(包含变分量子线路或人工神经网络)能够以非常高的准确率识别出熊猫; 但添加少量精心制作的噪声后, 同一分类器将以非常高的置信度把轻微修改过的熊猫图像错误分类为长臂猿
Figure 1. A schematic illustration of quantum and classical adversarial learning. The image of a panda can be encoded as classical or quantum data. A classifier, which uses either variational quantum circuits or classical artificial neural networks, can successfully identify the image as a panda with the state-of-the-art accuracy. However, adding a small amount of carefully crafted noise will cause the same classifier to misclassify the slightly modified image into a gibbon with a notably high confidence.
图 2 机器学习物质相中的对抗样本 (a)一个原始的经典二维伊辛模型铁磁相的自旋构型; (b)被分类器错误识别成顺磁相的对抗样本, 其相对于(a)只改变了一个自旋; (c)一个原始的三维手征拓扑绝缘体的拓扑相样本; (d)被分类器错误识别成其他相的对抗样本, 其相对于(c)只有肉眼难以识别的细微差别
Figure 2. Adversarial examples in machine learning phases of matter: (a) A legitimate sample of the spin configuration in the ferromagnetic phase of the two-dimensional (2D) classical Ising model; (b) an adversarial example misclassified as the paramagnetic phase, which only differs from the original legitimate one shown in (a) by a single pixel; (c) a legitimate sample of the topological phase of three-dimensional (3D) chiral topological insulators; (d) an adversarial example misclassified as the other phase, which only differs from the original legitimate one shown in (c) by a tiny amount of noises that are imperceptible to human eyes.
图 3 量子分类器在识别MNIST中手写字体图片时的对抗样本 (a)经过无差别攻击, 量子分类器以极高置信度将数字7, 9分别识别成9, 7, 即使对抗样本和初始样本的差别非常微小; (b)通过针对性攻击, 量子分类器将把对抗样本预测为给定错误标签, 尽管对抗样本和初始样本相差无几
Figure 3. Adversarial examples in quantum learning of MNIST hand-written images: (a) After untargeted attacks, the quantum classifier will misclassify the images of digit 7 (9) as digit 9 (7) with notably high confidence, although the differences between the adversarial and legitimate images are tiny; (b) after targeted attack, the quantum classifier will misclassify the adversarial examples into the category with the targeted label, even though the adversarial and legitimate images only differ slightly from each other.
-
[1] Krizhevsky A, Sutskever I, Hinton G E 2012 Proceedings of the 25th International Conference on Neural Information Processing Systems (Volume 1) New York, USA, December 3−8, 2012 p1097
[2] Hinton G, Deng L, Yu D, Dahl G E, Mohamed A, Jaitly N, Senior A, Vanhoucke V, Nguyen P, Sainath T N, Kingsbury B 2012 IEEE Signal Process. Mag. 29 82Google Scholar
[3] Kononenko I 2001 Artif. Intell. Med. 23 89Google Scholar
[4] Grigorescu S, Trasnea B, Cocias T, Macesanu G 2020 J. Field Robot 37 362Google Scholar
[5] LeCun Y, Bengio Y, Hinton G 2015 Nature 521 436Google Scholar
[6] Jordan M, Mitchell T 2015 Science 349 255Google Scholar
[7] Silver D, Huang A, Maddison C J, et al. 2016 Nature 529 484Google Scholar
[8] Silver D, Schrittwieser J, Simonyan K, et al. 2017 Nature 550 354Google Scholar
[9] Senior A W, Evans R, Jumper J, et al. 2020 Nature 577 706Google Scholar
[10] Russell S, Norvig P 2020 Artificial Intelligence: A Modern Approach (Hoboken: Pearson) pp1−61
[11] Bishop C 2006 Pattern Recognition and Machine Learning (New York: Springer-Verlag) pp225−284
[12] Nielsen M A, Chuang I L 2010 Quantum Computation and Quantum Information (Cambridge: Cambridge University Press) pp171−352
[13] Arute F, Arya K, Babbush R, et al. 2019 Nature 574 505Google Scholar
[14] Zhong H S, Wang H, Deng Y H, Chen M C, Peng L C, Luo Y H, Qin J, Wu D, Ding X, Hu Y, Hu P, Yang X Y, Zhang W J, Li H, Li Y, Jiang X, Gan L, Yang G, You L, Wang Z, Li L, Liu N L, Lu C Y, Pan J W 2020 Science 370 1460
[15] Biamonte J, Wittek P, Pancotti N, Rebentrost P, Wiebe N, Lloyd S 2017 Nature 549 195Google Scholar
[16] Dunjko V, Briegel H J 2018 Rep. Prog. Phys. 81 074001Google Scholar
[17] Das Sarma S, Deng D L, Duan L M 2019 Phys. Today 72 48Google Scholar
[18] Carleo G, Troyer M 2017 Science 355 602Google Scholar
[19] Torlai G, Mazzola G, Carrasquilla J, Troyer M, Melko R, Carleo G 2018 Nat. Phys. 14 447Google Scholar
[20] Zhang Y H, Zheng P L, Zhang Y, Deng D L 2020 Phys. Rev. Lett. 125 170501Google Scholar
[21] Deringer V L, Bernstein N, Csányi G, Ben Mahmoud C, Ceriotti M, Wilson M, Drabold D A, Elliott S R 2021 Nature 589 59Google Scholar
[22] Deng D L 2018 Phys. Rev. Lett. 120 240402Google Scholar
[23] Deng D L, Li X, Das Sarma S 2017 Phys. Rev. B 96 195145Google Scholar
[24] Zhang Y, Kim E A 2017 Phys. Rev. Lett. 118 216401Google Scholar
[25] Carrasquilla J, Melko R G 2017 Nat. Phys. 13 431Google Scholar
[26] van Nieuwenburg E P L, Liu Y H, Huber S D 2017 Nat. Phys. 13 435Google Scholar
[27] Wang L 2016 Phys. Rev. B 94 195105Google Scholar
[28] Broecker P, Carrasquilla J, Melko R G, Trebst S 2017 Sci. Rep. 7 8823Google Scholar
[29] Ch’ng K, Carrasquilla J, Melko R G, Khatami E 2017 Phys. Rev. X 7 031038Google Scholar
[30] Wetzel S J 2017 Phys. Rev. E 96 022140Google Scholar
[31] Hu W, Singh R R P, Scalettar R T 2017 Phys. Rev. E 95 062122Google Scholar
[32] Zhang Y, Mesaros A, Fujita K, Edkins S D, Hamidian M H, Ch’ng K, Eisaki H, Uchida S, Davis J C S, Khatami E, Kim E-A 2019 Nature 570 484Google Scholar
[33] Lian W, Wang S T, Lu S, Huang Y, Wang F, Yuan X, Zhang W, Ouyang X, Wang X, Huang X, He L, Chang X, Deng D L, Duan L 2019 Phys. Rev. Lett. 122 210503Google Scholar
[34] Harrow A W, Hassidim A, Lloyd S 2009 Phys. Rev. Lett. 103 150502Google Scholar
[35] Lloyd S, Mohseni M, Rebentrost P 2014 Nat. Phys. 10 631Google Scholar
[36] Dunjko V, Taylor J M, Briegel H J 2016 Phys. Rev. Lett. 117 130501Google Scholar
[37] Amin M H, Andriyash E, Rolfe J, Kulchytskyy B, Melko R 2018 Phys. Rev. X 8 021050Google Scholar
[38] Gao X, Zhang Z Y, Duan L M 2018 Sci. Adv. 4 eaat9004Google Scholar
[39] Lloyd S, Weedbrook C 2018 Phys. Rev. Lett. 121 040502Google Scholar
[40] Hu L, Wu S H, Cai W, Ma Y, Mu X, Xu Y, Wang H, Song Y, Deng D L, Zou C L, Sun L 2019 Sci. Adv. 5 eaav2761Google Scholar
[41] Schuld M, Killoran N 2019 Phys. Rev. Lett. 122 040504Google Scholar
[42] Rebentrost P, Mohseni M, Lloyd S 2014 Phys. Rev. Lett. 113 130503Google Scholar
[43] Chakraborty A, Alam M, Dey V, Chattopadhyay A, Mukhopadhyay D 2018 arXiv: 1810.00069 [cs, stat]
[44] Biggio B, Roli F 2018 Pattern Recognit. 84 317Google Scholar
[45] Miller D J, Xiang Z, Kesidis G 2019 arXiv: 1904.06292 [cs, stat]
[46] Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R 2014 arXiv: 1312.6199 [cs]
[47] Goodfellow I J, Shlens J, Szegedy C 2015 arXiv: 1412.6572 [cs, stat]
[48] Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y 2014 Adv. Neural Inf. Process. Syst. 27 2672
[49] Preskill J 2018 Quantum 2 79Google Scholar
[50] Lu S, Duan L M, Deng D L 2020 Phys. Rev. Res. 2 033212Google Scholar
[51] Guan J, Fang W, Ying M 2020 arXiv: 2008.07230 [quant-ph]
[52] Wiebe N, Kumar R S S 2018 New J. Phys. 20 123019Google Scholar
[53] Liu N, Wittek P 2020 Phys. Rev. A 101 062331Google Scholar
[54] Gong W, Deng D L 2021 arXiv: 2102.07788 [cond-mat, physics: quant-ph]
[55] Dalvi N, Domingos P, Mausam, Sanghai S, Verma D 2004 Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining Seattle, USA, August 22−25, 2004 p99
[56] [57] Barreno M, Nelson B, Sears R, Joseph A D, Tygar J D 2006 Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security Taipei, China, March 21−24, 2006 p16
[58] Huang L, Joseph A D, Nelson B, Rubinstein B I P, Tygar J D 2011 Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence Chicago, USA, October 21, 2011 p43
[59] Vorobeychik Y, Kantarcioglu M 2018 Synth. Lect. Artif. Intell. Mach. Learn. 12 1Google Scholar
[60] Kurakin A, Goodfellow I, Bengio S 2017 arXiv: 1611.01236 [cs, stat]
[61] Ben-Tal A, Ghaoui L E, Nemirovski A 2009 Robust Optimization (Princeton: Princeton University Press) pp1−146
[62] Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A 2018 International Conference on Learning Representations Vancouver, Canada, April 30−May 3, 2018 p1
[63] Kurakin A, Goodfellow I, Bengio S 2017 arXiv: 1607.02533 [cs, stat]
[64] Dong Y, Liao F, Pang T, Su H, Zhu J, Hu X, Li J 2018 Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Salt Lake City, USA, June 18−23, 2018 p9185
[65] Hsu Y T, Li X, Deng D L, Das Sarma S 2018 Phys. Rev. Lett. 121 245701Google Scholar
[66] Rodriguez-Nieva J F, Scheurer M S 2019 Nat. Phys. 15 790Google Scholar
[67] Zhang P, Shen H, Zhai H 2018 Phys. Rev. Lett. 120 066401Google Scholar
[68] Huembeli P, Dauphin A, Wittek P 2018 Phys. Rev. B 97 134109Google Scholar
[69] Rem B S, Käming N, Tarnowski M, Asteria L, Fläschner N, Becker C, Sengstock K, Weitenberg C 2019 Nat. Phys. 15 917Google Scholar
[70] Bohrdt A, Chiu C S, Ji G, Xu M, Greif D, Greiner M, Demler E, Grusdt F, Knap M 2019 Nat. Phys. 15 921Google Scholar
[71] Jiang S, Lu S, Deng D L 2019 arXiv: 1910.13453 [cond-mat, physics: quant-ph]
[72] Neupert T, Santos L, Ryu S, Chamon C, Mudry C 2012 Phys. Rev. B 86 035125Google Scholar
[73] Deng D L, Wang S T, Duan L M 2014 Phys. Rev. A 90 041601Google Scholar
[74] Finlayson S G, Bowers J D, Ito J, Zittrain J L, Beam A L, Kohane I S 2019 Science 363 1287Google Scholar
[75] Ren K, Zheng T, Qin Z, Liu X 2020 Engineering 6 346Google Scholar
[76] Goodfellow I, Bengio Y, Courville A 2016 Deep Learning (Cambridge: The MIT Press) pp98−165
[77] Sutskever I, Vinyals O, Le Q V 2014 Proceedings of the 27th International Conference on Neural Information Processing Systems (Volume 2) Montréal, Canada, December 8−13, 2014 p3104
[78] Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez A N, Kaiser L, Polosukhin I 2017 arXiv: 1706.03762 [cs]
[79] Wolpert D H, Macready W G 1997 IEEE Trans. Evol. Comput. 1 67Google Scholar
[80] Shalev-Shwartz S, Ben-David S 2014 Understanding Machine Learning: From Theory to Algorithms (New York: Cambridge University Press) pp36−41
[81] Poland K, Beer K, Osborne T J 2020 arXiv: 2003.14103 [quant-ph]
[82] Schroff F, Kalenichenko D, Philbin J 2015 Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Boston, USA, June 7−12, 2015 p815
[83] Walters M 2015 arXiv: 1508.05448 [math-ph]
[84] Schwabl F 2006 Statistical Mechanics (Berlin Heidelberg: Springer-Verlag) pp1−20
[85] Dohmatob E 2019 arXiv: 1810.04065 [cs, stat]
[86] Sharif M, Bhagavatula S, Bauer L, Reiter M K 2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Vienna, Austria, October 24−28, 2016 p1528
[87] Papernot N, McDaniel P, Goodfellow I, Jha S, Celik Z B, Swami A 2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Abu Dhabi, UAE, April 2−6 2017 p506
[88] Ledoux M 2001 The Concentration of Measure Phenomenon (Providence: American Mathematical Society) pp1–21
[89] Hoeffding W 1963 J. Am. Stat. Assoc. 58 13Google Scholar
[90] Sharma K, Cerezo M, Holmes Z, Cincio L, Sornborger A, Coles P J 2020 arXiv: 2007.04900 [quant-ph]
[91] Du Y, Hsieh M H, Liu T, Tao D, Liu N 2020 arXiv: 2003.09416 [quant-ph]
[92] Tramèr F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P 2017 arXiv: 1705.07204 [cs, stat]
[93] Papernot N, McDaniel P, Wu X, Jha S, Swami A 2016 37th IEEE Symposium on Security and Privacy San Jose, USA, May 23−25, 2016 p582
[94] Samangouei P, Kabkab M, Chellappa R 2018 arXiv: 1805.06605 [cs, stat]
[95] Dallaire-Demers P L, Killoran N 2018 Phys. Rev. A 98 012324Google Scholar
[96] Huang K, Wang Z A, Song C, Xu K, Li H, Wang Z, Guo Q, Song Z, Liu Z-B, Zheng D, Deng D L, Wang H, Tian J G, Fan H 2020 arXiv: 2009.12827 [quant-ph]
[97] Zeng J, Wu Y, Liu J G, Wang L, Hu J 2019 Phys. Rev. A 99 052306Google Scholar
[98] Anderson P W 1967 Phys. Rev. Lett. 18 1049Google Scholar
[99] Deng D L, Pixley J H, Li X, Das Sarma S 2015 Phys. Rev. B 92 220201Google Scholar
Catalog
Metrics
- Abstract views: 9654
- PDF Downloads: 587
- Cited By: 0