← Latest papers
⚛️ quantum physics

Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities Across the Open-Source Quantum Computing Simulator Ecosystem

This paper presents "Broken Quantum," the first comprehensive formal security audit of 45 open-source quantum computing simulators using the COBALT QAI engine and Z3 solver, which identified 547 critical vulnerabilities including a novel quantum-specific attack vector and documented the first supply chain vulnerability transfer from a commercial framework to US national laboratory infrastructure.

Original authors: Dominik Blain

Published 2026-04-09
📖 6 min read🧠 Deep dive

Original authors: Dominik Blain

Original paper licensed under CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/). This is an AI-generated explanation of the paper below. It is not written or endorsed by the authors. For technical accuracy, refer to the original paper. Read full disclaimer

Imagine the world of quantum computing as a massive, high-stakes construction project. Before engineers can build the actual quantum skyscrapers (the physical quantum computers), they need to design and test the blueprints on a computer. These "blueprint testers" are called Quantum Simulators. They are the software that lets scientists pretend they have a quantum computer, so they can figure out if their ideas work before spending millions on real hardware.

This paper, titled "Broken Quantum," is like a massive, systematic home inspection of the 45 most popular blueprint testers used by the world's biggest tech giants (IBM, Google, Amazon), top universities (Harvard, MIT), and national labs.

The inspector, Dominik Blain, found that 80% of these simulators are dangerously broken. Here is the breakdown in simple terms:

1. The Core Problem: The "Exponential Explosion"

The fundamental issue is how quantum computers work. If you have 1 qubit (a quantum bit), the computer needs to track 2 numbers. If you have 2 qubits, it needs 4 numbers. If you have 10, it needs 1,024.

  • The Analogy: Imagine a recipe that doubles in size every time you add one more ingredient.
    • 1 ingredient = 1 page.
    • 10 ingredients = 1,000 pages.
    • 50 ingredients = 8 Petabytes (that's 8 million gigabytes).
  • The Flaw: Most of these simulators ask the user, "How many ingredients do you want?" and then immediately try to print the recipe. If a user (or a hacker) says "50," the computer tries to allocate 8 Petabytes of memory instantly. Since no computer has that much RAM, the system crashes. This is a Denial of Service attack: "I asked for too much, so your computer died."

2. The Four Types of "Broken" Simulators

The paper categorizes the bugs into four distinct "flavors" of disaster:

Class I: The "Memory Crash" (C++ Backends)

  • Who: IBM's Qiskit Aer and Oak Ridge National Lab's XACC.
  • The Metaphor: Imagine a librarian who has a shelf with exactly 64 slots. If you ask for book #65, the librarian doesn't say "No." Instead, they reach off the shelf into the wall, grab a random piece of dust, and try to put it in a book slot.
  • The Result: In computer code (C++), this is called "Undefined Behavior." It can corrupt the memory, crash the program, or even let a hacker take control of the computer.
  • The Supply Chain Shock: The Oak Ridge National Lab (a US government facility) was found to have copied IBM's code word-for-word. So, when IBM's code was broken, the National Lab's code was broken too, without them even knowing.

Class II: The "Resource Starvation" (Python Backends)

  • Who: Google's Cirq, Xanadu's PennyLane, Harvard's Tequila, and many others.
  • The Metaphor: This is the "Recipe Explosion" mentioned above. The software doesn't crash because of bad memory access; it crashes because it tries to eat the whole kitchen.
  • The Result: If you ask for a 50-qubit simulation, the software tries to allocate 8 Petabytes of RAM. Your computer runs out of memory, the operating system kills the process, and the server goes down. This is an easy way for a hacker to shut down a quantum cloud service.

Class III: The "Trojan Horse" (Deserialization)

  • Who: Harvard's Tequila, Tencent's TensorCircuit, and others.
  • The Metaphor: Imagine you receive a sealed envelope from a friend that says, "This is a list of your favorite recipes." You open it, and instead of a list, it's a bomb that explodes in your face.
  • The Result: Many simulators use a feature called pickle or eval to load saved data. These tools are like "magic keys" that can run any code inside the file. If a hacker sends a fake "saved quantum state" file, it can execute malicious code on your computer, stealing data or taking over the machine. The paper even demonstrated a live "Proof of Concept" where they hacked a Harvard framework just by sending a fake file.

Class IV: The "Quantum Injection" (QASM Injection)

  • Who: IBM's Qiskit Terra, Quantinuum's tket.
  • The Metaphor: This is a new type of bug that only exists in quantum computing. Imagine a form where you write instructions for a robot. Usually, you write "Move forward." But because the form doesn't check your handwriting, you can write "Move forward, then delete all my files."
  • The Result: The software accepts a string of code (QASM) meant to describe a quantum circuit. Because it doesn't sanitize the input, a hacker can inject extra, malicious commands into the circuit instructions.

3. The "32-Qubit" Danger Zone

The researchers found a specific number that keeps popping up: 32.

  • In the C++ world, 32 is the point where calculations start to overflow and break the math.
  • In the Python world, 32 is the point where the memory required becomes so huge it breaks the system.
  • Why it matters: 32 qubits is a very common size for current research. It means the most popular experiments are happening right in the "danger zone" where these bugs are most likely to trigger.

4. The Good News

Not everyone failed the test.

  • The "A-List" Students: Frameworks from ETH Zurich (qpp), Oxford (QuEST), Fujitsu (qulacs), and Huawei (MindQuantum) scored 100/100.
  • Why? They simply checked the user's input before doing anything. They said, "You asked for 50 qubits? Sorry, the maximum is 30. Please try again."
  • The Lesson: These vulnerabilities aren't unavoidable physics problems; they are just bad coding habits. If you check your math before you build, you don't break the house.

Summary

This paper is a wake-up call. The entire foundation of the quantum computing revolution—the software used to design the future—is currently held together with duct tape and hope.

  • IBM, Google, and Harvard have critical security holes.
  • Hackers could crash servers, steal data, or take over computers just by sending a few lines of code.
  • The Fix: It's surprisingly simple. Developers just need to add a "speed limit" (input validation) to stop users from asking for impossible amounts of resources.

The author has released a free tool called COBALT QAI to help developers find and fix these bugs before the quantum era fully arrives.

Drowning in papers in your field?

Get daily digests of the most novel papers matching your research keywords — with technical summaries, in your language.

Try Digest →