A Live Digital Forensics Approach for Quantum Mechanical Computers

Dayton Closser: Well, good evening, everyone. Thank you very much for coming to this speech today. It’s great to be back after the COVID pandemic. It’s great to see everyone in person. I’ve immensely enjoyed speaking with all of you. But what you’re about to witness is the future: a live digital forensics approach of quantum mechanical computers.

So what is the motivation? I want to start with a story, a story from when I got to the United Kingdom just a few days ago. I got in a little rental car and I drove along something called the M4 and I was looking for something: I was looking for Bristol. I’ve spoken among some of y’all. Some of y’all apologized for the site when I got there. And the reality is it’s not just mud, think about at one point, someone went to Bristol and said, “Wow, this is new. This is exciting.”

I’ve asked people in the industry about quantum computers, quantum mechanics. I asked a big oil company in Texas, and I said, “What are y’all doing about quantum computers? What are you doing about potentially the threats they pose?” And they said, “Oh, we’re not doing anything. That’s far off.” And I’ve spoken amongst some of you all, as well and there’s been some skepticism. Are these things real?

And I can tell you for sure, they are very real. Prior works in the fields of quantum forensics are purely abstractions. There’s been very little, in fact, no empirical data collection. What I mean by that is getting data from real quantum computers. So this, what you’re about to witness are the results of the world’s first, as I understand, the world’s first introduction to digital forensics onto real quantum systems.

These are fast-approaching challenges for this century and the 22nd century. I often joke that I get to play around with Captain Kirk’s computer, because that’s exactly what it is. And quantum computers are already a reality. It’s not Scotty’s transporter, it’s real, and there’s no tested methodologies for dealing with quantum forensics, which is interesting considering that they’re fast approaching more powerful implementations.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


And there’s an important divide that I need to explain to you all first before I can really delve into the forensics, a quantum primer, if you will. The current computers you’re using are classical, classical in the sense that they’re Newtonian, named after the famous Sir Isaac Newton.

These computers, think of them like a flashlight. They send an electrical signal, you press the button on the flashlight, it sends an electrical signal across a classical circuit, but it’s based on Newtonian concepts about physics. One of the works that’s discussed potential quantum forensics, but it’s only an abstraction, is by Richard Overall from King’s College London, which is just south of here by about 80 miles. And he said, and I’m going to refute him in this paper, he said, “Getting forensic data from a quantum computer is impossible.” I’m going to prove him wrong.

So that’s one related work. There’s been some other work by some Indian people. Sharma: “The Role of Quantum Computing Software Forensics.” And then a lot of the research that I’m drawing upon is actually from international business machines. And I’ve had the opportunity to actually work with these quantum systems.

But up until now, again, there’s been no empirical data collection. This is the world’s first. So what are our contributions? We’re going to refute Overall, that’s a given. We’re also going to analyze real quantum computers and simulators. We access the IBM-Quantum Lima computer, IBM Santiago, and we use an Aer Simulator which uses classical computers to emulate quantum physics.

And we’ll address a new approach, which is a take on something called randomized benchmarking. It’s something known as gate reversal. And you’ll see in a moment what we mean by this, but it allows us to address fidelity issues with quantum computers. It allows us to target the unique quantum properties of these computers and maintain chain of custody of evidence.

So what does a quantum computer look like, y’all? Does anybody know? It looks like that. It’s a really, really cool looking thing. What you’re witnessing here is a glass cage designed by a designer company that IBM contracted, and it’s a glass case, and within it is the actual quantum computer, which is called the Mona Lisa cage.

But what does it look like inside? Looks like this. They call this the chandelier. The chandelier is a crazy space age-looking contraption that literally warps reality. It gets to -273 °C at the bottom part where the qs are actually stored. And on top of that, really crazy stuff happens in there.

But let’s start with the primer. Now, I’m going to quote Marquis de Laplace. He said, “Given for one instant an intelligence would comprehend all the forces by which nature is animated…nothing would be uncertain.” If we knew everything there was about chance, about probability, and classical Newtonian mechanics maintains this idea, but quantum doesn’t, and that’s a problem, because quantum mechanics is a probabilistic. It’s not certain, it’s dealt with uncertainties.

And yet forensics as a field, is a discipline, it’s all about trying to establish fidelity and trying to know things as a fact for courts of law. So there’s an incongruity here. So what do we do about that? So, there are some key concepts and I promise we won’t get too in depth mathematically. I want this to be as relevant as possible for you today.

The key kickoff to this whole thing is the Schrödinger equation 97 years ago. It’s basically a mathematical explanation for wave function, which is the basis for most quantum mechanics. There are some really cool concepts. These are some terms that the field is defined by.

Super position: think of this as like ripples in a pond. It’s a special mixture of energy levels. Entanglement: cases where elements cannot be described independently from one another. These are things that happen inside the chandelier, the Mona Lisa cage. This is what happens at the Planck scale: 10⁻³⁶, incredibly small. Reality itself changes.

And these are the terms that describe those changes happening. These are the terms that describe crazy things that we can’t imagine in this macroscopic Newtonian world.

The computers we have today are called noisy intermediate scale quantum systems. They’re noisy in the sense that they’re not very exact. They have a lot of air. One of quantum computers’ key differences from the classical computers has to do with the superposition capabilities of it, which is a binary taking on the values of one, zero, or both simultaneously. And that’s really unique with these computers.

Let’s talk about the actual gate reversal approach. This is where the forensics business comes into play. So, this is a visualization of a quantum circuit from a real quantum computer that I’ve had the actual chance to use. Now you see there’s q0, which is the first q and q1, which is the second q.

We have an operation being applied to the q, something known as a Hadamard. And we’re going to talk a little bit more about that, but I want you to see what is actually the circuit design itself. Not so much about the specifics, but just the circuits that we’re manipulating at the subatomic scale.

So the logic of quantum computers isn’t strictly binary, it can take on multiple values at once. There’s a difference quantum versus logic creates. And this is where we’re going to talk a little bit about, you know, the specifics that you might be familiar with. We might be familiar with a NOT gate, an OR gate.

These gates, basically, if a binary is zero, you apply a gate, change the value, the bit, to one. Well, in quantum computing, we don’t have bits, we have qs and how we change these values of the q is with a quantum gate. We have the Pauli X gates; we have the Toffoli, which are Deutsch gates; and the Hadamard gates.

Now, the most important one for our purposes today is probably going to be the Pauli X, because they flip the q from say one to zero or zero to one. And the Hadamard, which in effect puts a gate into a superposition of two potential values. And then, a very important concept as well is the quantum operational approach.

When we think about a normal Macintosh computer, those computers, they have RAM, they have memory, they have a hard disc, they have a central processor. Quantum computers have none of that. They just have a q structure. And in that sense, they don’t have any data that’s just lying around. They compute for very, very short periods of time.

And so why is this operational approach important? Because most of the data preparation is done in the preparation stage. This is where you design the q circuits. This is where you prepare the computer to do the work. It’s basically the floppy drives that have the data on there, you give it to the computer, the computer does its work. This is the important phase, the preparation phase.

Now Overall, he said, it’s impossible. He said it’s impossible to capture forensic artifacts from a quantum computer. Why? Why did he say that? Because the second the data input into the system is evolved into a quantum state, if you measure it, if you look at the values that the q possesses, it collapses. And that’s in a sense destruction of data. And if you destroy the data, how can you possibly call yourself a forensic examiner of the data?

So, there’s a really cool thing that you can do instead. And that has to do with data collection. And so you can implement basic gates in something called gate reversal. And so we interfaced with the quantum computer using Linux and netBSD systems, we spoke to them and then we ran the preparation phase that I just spoke about, we prepared the quantum computer for computation.

Now, unlike, you know, Overall suggesting that you observed the value of the q, we did something else: gate reversal. Imagine a bunch of dominoes. If you knock over all the dominoes in a row, well, the way to get them back is to put them in the exact same displacement that they were knocked down by. That’s what gate reversal is.

So basically what we do is you take whatever gates were applied to the system, and rather than measure the qs, rather than observe the value of the q itself, you undo the gates that you applied to the q to get back the original value that you started with.

This is like the domino game. This is like reversing the dominoes that have collapsed and bringing them back up. You review the logic of the original circuit, you examine it, then you apply the reverse gates in the reverse order, pretty simple. And you ensure that the probabilities produce the exact values that you started with.

In our case here, real empirical data, they did. We got what we started with. The initial value was zero, we applied the reversal procedure, we got zero again, and all probabilities add up to one.

So there are some issues though, and this is why gate reversal is important, because real hardware, as I said, noisy, intermediate scale quantum. Systems are noisy. The current systems we have today, the current quantum computers we have today do not work with 100% accuracy.

So, we wanted to take a look at what happens if the number of times that we ran our gate approach, how does that affect the data? And so we ran it 100 times and noted the probabilities, we ran it 500 times, and we ran it 1000 times. And what we noticed is no matter what we did, we had error. And quantum theory doesn’t work perfectly on real hardware, which is the important takeaway that I want to show to you as forensic investigators, as professionals.

So there are cases where again, the strange behavior of quantum mechanics happens: entangled cases. And you can have two qs that cannot be described independently from one another. What does that mean? That means like a horse and a carriage. That means like soda and pizza. You can’t describe it independently from one another. That’s what’s going on here with these entangled cases.

In this case, we have two qs; we’ve got q0, q1, and we apply another Hadamard which remember, Hadamards put qs in states of superposition, basically where they can take on a value of one or zero. If you have two qs that have had Hadamards applied to them, they’re entangled. They cannot be described independently from one another. In other words they’re entangled, they’re inseparable.

But this also has a really crazy, forensically-interesting point. You can send one q to someone, let’s say another part of the world and then encode the other q. And because they’re entangled like Siamese twins, you can send a message before it’s written or perhaps never at all.

There’s still noise and error. That’s a consistent theme here. And we ran this entangled case 1000 times, 2000 times, and we had about 5% error. But most importantly, we proved that it Overall was wrong. He said it was not possible to perform live forensics on a quantum computer. We did.

So I want to talk just briefly about future work. This is not just for me. I think this is for the whole forensics community to consider. We need to talk about anti-forensics, we need to talk about quantum forensics as a whole for the digital forensic community, because these computers are coming. We do not want to be behind again, playing catch up. We need to address this problem, these future problems rather.

So, there’s quantum hardware I think we should consider. Actually observing the hardware itself at the subatomic scale. Quantum computers and relationships with people. How are these going to change day-to-day life? Are we going to use them to make decision making? Quantum post-mortem forensics. This is a very interesting idea, as well. What happens when you turn a quantum computer off? What kind of data is left behind?

I want to thank the Shepherds that reviewed this paper. I want to thank the United States National Science Foundation for the money they provided for this. I want to thank IBM and I want to thank the quantum mechanics professors at my school, the University of Texas San Antonio.

But I also want to leave you with this. I talked about going off to Bristol, looking to see what was there in Bristol. You know, people told me it was just mud. They said, “You know, it’s just mud.” But I went into Bristol and I saw how beautiful it was. I saw what probably the first people saw when they went there.

And I want to leave you with the words by the famous Richard Feinman. He said, “One thing’s for certain: no one really understands quantum mechanics.” But I think we can understand this. We can understand quantum forensics, we can. Thank you.

Presenter: For this presentation, are there any questions in the audience or online? There’s one at the very top. I’m on my way.

Speaker 1: Thank you. This is really fascinating. As you understand it, the biggest issue with the noise from the systems, is it expected that it’ll be better in the future?

Dayton: Noise is a problem for today’s systems. If you run a quantum computer, you can expect noise on it. That’s simple. So the answer is yes.

Presenter: Any other questions? So I have one. So how, and I’m by far not an expert, so this question, I’m not sure how appropriate it is, but so how did you revert it? Can I think of it like reverse engineering? Like when you said you sent something in and then you have the output and you did like the reversal, Can you elaborate a little bit more on this?

Dayton: Sure. So the way I thought of it is, what did I start with? What did I end up with? Is there a way to undo it? There’s a mathematical concept called unitary operations in quantum mechanics. It’s basically the idea that if you apply an operation to an electronic circuit, you can un-apply that same operation. It’s mathematically valid.

Prsenter: Good. Are there any questions online? No questions online, Ah, you have one.

Speaker 2: Hi, so did you actually test this approach? Do you have any empirical data on your approach or it’s all theoretical?

Dayton: Yeah. We test real data. We use real binaries.

Speaker 3: So as far as I understand, measuring actually changes the behavior. So can you measure while not altering the original functionality of the tool? So like some, you’ve got an algorithm that does RZ encryption, could you measure a new forensics while also in having the RZ decryption description still functioning?

Dayton: No. And the simple reason for that is because measurement observation itself collapses that delicate state in the qs. It’s like looking at a window and you open the blind and the room goes dark. There’s really crazy behavior that happens. The same thing happens with measurement phenomena. Quantum mechanics, researchers have been working on this for 100 years and they still don’t know why measurement does that.

Speaker 3: So the follow up question then, of course, is what’s the relevancy of what you’re measuring if the evidence is in the RZ calculation?

Dayton: What’s the relevance? Well, we don’t measure. That’s the point. We undo. We put the domino game back. We don’t ever look at the domino game. We reverse the domino game.

Speaker 3: So is there evidence maybe actually be in the RZ calculation itself or in whatever the problem is that it does? So that’s the thing that you want to measure, that’s what the evidence that we’re looking for, right?

Dayton: Are you talking about the post-computation, the post-mortem, residual fragments are left behind after the computation?

Speaker 3: Perhaps the state within the machine? I’m not sure how long a quantum computer would be active. Would it be for microseconds? Would it be for years?

Dayton: Milliseconds?

Speaker 3: That’s what you say now.  

Dayton: Yeah.

Speaker 3: But would you be able to hold state for, let’s say a year? And what would you be able to do in terms of extracting the state of a quantum computer?

Dayton: Well, I think in terms of extracting the data, you can undo it. If you observe it, you collapse. It doesn’t matter if it’s a year or millisecond.

Presenter: And we have one online question. So Frank A asks, “So to forensically examine a quantum computer, does it mean you have to know at a low level what the hardware circuits are and how do you determine what that is?”

Dayton: A great, excellent question. Well, the important thing to know is so that question is, there isn’t anything higher than low level at this point in time. We can’t run Mozilla Firefox on a quantum computer. There is no Java programming language on a quantum computer.

What I showed you were examples of one, zero, and zero and one combinations. Quantum computers right now are restricted to the low level. So inherently you would have to know what the low level was doing, because that’s basically the only level there are to quantum computers at the moment.

Speaker 4: And how much does that printer cost that you just showed us?

Dayton: The printer?

Speaker 4: Yeah. Sorry, the computer.

Dayton: The computer. Oh, that doesn’t have a price sign.. That’s not on the market. That’s not for sale.

Presenter: Okay, thank you again.

Dayton: Thank you.

Leave a Comment