Differential Privacy for Hybrid Quantum-Classical Algorithms: Frameworks, Mechanisms, and Applications in Quantum Machine Learning

Ge, Jingtong

Differential Privacy for Hybrid Quantum-Classical Algorithms: Frameworks, Mechanisms, and Applications in Quantum Machine Learning

Ge, Jingtong

Permalink

Publication Type:: Thesis
Issue Date:: 2025

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download thesisAdobe PDF (1.34 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Ge, Jingtong
dc.date.accessioned	2026-05-26T23:34:04Z
dc.date.available	2026-05-26T23:34:04Z
dc.date.issued	2025
dc.identifier.uri	http://hdl.handle.net/10453/195147
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	Differential privacy is a mathematical framework for protecting individual data in algorithmic outputs, ensuring that small changes to the input do not significantly alter the output distribution. It has become a cornerstone of privacy-preserving data analysis and machine learning in classical settings, and has recently been extended to quantum computing to safeguard information encoded in quantum states. However, in the Noisy Intermediate-Scale Quantum (NISQ) era, where practical quantum applications rely heavily on hybrid quantum-classical algorithms due to inherent quantum noise, the integration of differential privacy in such algorithms has been largely overlooked. This thesis fills that gap by proposing a hybrid quantum-classical differential privacy (HDP) framework tailored for hybrid algorithms with fixed quantum measurements, which serve as the primary interface between quantum and classical systems. We focus on designing differentially private quantum measurements using both quantum depolarizing noise and a measurement-based exponential mechanism (MBEM), which enables privacy guarantees while preserving utility in practical hybrid settings. To ensure robustness under post-processing and composability under repeated measurements, we establish post-processing and composition theorems within the HDP framework. We validate these theoretical results through extensive numerical experiments on various quantum circuits, demonstrating the practical effectiveness of our approach in preserving privacy with manageable utility trade-offs. Furthermore, we investigate Rényi Differential Privacy (RDP), a refinement of standard differential privacy with strong composability and tunable privacy-utility trade-offs, in the context of quantum machine learning (QML). QML algorithms, typically implemented via hybrid quantum-classical procedures, use fixed quantum measurements to extract classical outputs from quantum states. Leveraging the Heisenberg picture, we formulate RDP in terms of Rényi divergence between measurement-induced output distributions and derive analytically tractable upper bounds for certifying privacy guarantees. Our results demonstrate that QML provides a principled and tractable pathway for privacy analysis, bridging classical RDP techniques with practical quantum learning systems. Together, these contributions form a unified and practical approach for achieving differential privacy in hybrid quantum-classical algorithms, offering rigorous tools for privacy-preserving quantum machine learning on real-world NISQ systems.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/195147/1/thesis.pdf
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2025 Jingtong Ge
dc.rights	au.edu.uts.lib/cph
dc.title	Differential Privacy for Hybrid Quantum-Classical Algorithms: Frameworks, Mechanisms, and Applications in Quantum Machine Learning	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

Differential privacy is a mathematical framework for protecting individual data in algorithmic outputs, ensuring that small changes to the input do not significantly alter the output distribution. It has become a cornerstone of privacy-preserving data analysis and machine learning in classical settings, and has recently been extended to quantum computing to safeguard information encoded in quantum states. However, in the Noisy Intermediate-Scale Quantum (NISQ) era, where practical quantum applications rely heavily on hybrid quantum-classical algorithms due to inherent quantum noise, the integration of differential privacy in such algorithms has been largely overlooked. This thesis fills that gap by proposing a hybrid quantum-classical differential privacy (HDP) framework tailored for hybrid algorithms with fixed quantum measurements, which serve as the primary interface between quantum and classical systems. We focus on designing differentially private quantum measurements using both quantum depolarizing noise and a measurement-based exponential mechanism (MBEM), which enables privacy guarantees while preserving utility in practical hybrid settings. To ensure robustness under post-processing and composability under repeated measurements, we establish post-processing and composition theorems within the HDP framework. We validate these theoretical results through extensive numerical experiments on various quantum circuits, demonstrating the practical effectiveness of our approach in preserving privacy with manageable utility trade-offs. Furthermore, we investigate Rényi Differential Privacy (RDP), a refinement of standard differential privacy with strong composability and tunable privacy-utility trade-offs, in the context of quantum machine learning (QML). QML algorithms, typically implemented via hybrid quantum-classical procedures, use fixed quantum measurements to extract classical outputs from quantum states. Leveraging the Heisenberg picture, we formulate RDP in terms of Rényi divergence between measurement-induced output distributions and derive analytically tractable upper bounds for certifying privacy guarantees. Our results demonstrate that QML provides a principled and tractable pathway for privacy analysis, bridging classical RDP techniques with practical quantum learning systems. Together, these contributions form a unified and practical approach for achieving differential privacy in hybrid quantum-classical algorithms, offering rigorous tools for privacy-preserving quantum machine learning on real-world NISQ systems.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/195147