Experimental demonstration of adversarial examples in learning topological phases
At a Glance
Section titled âAt a Glanceâ| Metadata | Details |
|---|---|
| Publication Date | 2022-08-25 |
| Journal | Nature Communications |
| Authors | Huili Zhang, Si Jiang, Xin Wang, Wengang Zhang, Xianzhi Huang |
| Institutions | Tsinghua University, ShangHai JiAi Genetics & IVF Institute |
| Citations | 10 |
| Analysis | Full AI Review Included |
Executive Summary
Section titled âExecutive SummaryâThis research experimentally demonstrates the critical vulnerability of machine learning (ML) classifiers to adversarial examples (AEs) when applied to identifying topological phases of matter, using a solid-state quantum simulator.
- Core Vulnerability Demonstrated: Tiny, carefully crafted adversarial perturbations, or even standard experimental noise, can deceive a deep Convolutional Neural Network (CNN) classifier, causing misclassification of topological phases with high confidence (up to 99.8%).
- Platform and Fidelity: The experiment utilized a single Nitrogen-Vacancy (NV) center in diamond as a quantum simulator for Hopf insulators. The adversarial samples maintained high fidelity (average 93.4%) to the original, legitimate samples, confirming the small magnitude of the perturbation.
- Topological Robustness: Crucially, while the ML classifier failed, the fundamental physical propertiesâthe integer-valued topological invariant (Hopf index) and the topological links (Hopfion spin textures)âremained unchanged and robust against the adversarial perturbations.
- Data Sparsity Risk: The study found that experimental noise is significantly more likely to act as an adversarial perturbation when a large percentage of the input data is dropped or unavailable, highlighting a trade-off between reducing experimental cost and maintaining classification robustness.
- Engineering Implication: The results showcase that current ML models do not fully capture the underlying physical principles of topological phases, necessitating the development of robust ML strategies (e.g., adversarial training) for reliable deployment in experimental physics.
Technical Specifications
Section titled âTechnical Specificationsâ| Parameter | Value | Unit | Context |
|---|---|---|---|
| NV Center Zero-Field Splitting | 2.87 | GHz | Ground state ms = 0 and ms = ±1 degeneracy. |
| Static Magnetic Field (B0) | 472 | Gauss | Applied along the NV symmetry axis. |
| Laser Excitation Wavelength | 532 | nm | Diode laser used for optical pumping. |
| Laser Excitation Power | 0.25 | mW | Used during spin state readout. |
| Fluorescence Count Rate | ~260 | kcps | Under 0.25 mW laser excitation. |
| Signal-to-Noise Ratio (SNR) | ~100:1 | Ratio | During photon collection. |
| Total Measurement Repeats | 7.5 x 105 | Times | Total sequence repetitions for data collection. |
| Total Photons Collected | 3.9 x 104 | Photons | Total collected during the sequence. |
| Solid Immersion Lens Diameter | 6.74 | ”m | Fabricated on diamond for enhanced photon collection. |
| Objective Lens Numerical Aperture (NA) | 1.49 | NA | Oil-immersed objective. |
| Maximum Rabi Frequency (Ωmax) | 2Ï x 7.81 | MHz | Used during adiabatic passage process. |
| Maximum Detuning (ÎÏmax) | 2Ï x 10 | MHz | Used during adiabatic passage process. |
| Total Adiabatic Passage Time | 1500 | ns | Duration of spin evolution. |
| Momentum Space Grid Size | 10 x 10 x 10 | Grid Points | Discretization of k-space for data input. |
| Average Fidelity (Legitimate Samples) | 99.77 (±0.045) | % | Fidelity of reconstructed states (h=0.5, 2, 3.2). |
| Average Fidelity (Legitimate vs. Adversarial) | 93.40 | % | Fidelity between original and perturbed samples. |
Key Methodologies
Section titled âKey Methodologiesâ- Quantum Simulator Setup: A single NV center in diamond was used as a solid-state quantum simulator. The setup included a home-built confocal microscope, a 532 nm laser for initialization, and a 472 Gauss static magnetic field.
- Spin Initialization and Subspace: The electron spin was initialized to the |ms = 0> state via 3 ”s optical pumping. The experiment utilized the |ms = 0> and |ms = -1> subspace as the effective two-level system (qubit).
- Hamiltonian Simulation: The Hopf insulator Hamiltonian (HTI) was simulated using an adiabatic passage approach. Microwave (MW) pulses, generated by two orthogonal 100 MHz carrier signals, were applied to evolve the spin state to the ground state corresponding to specific momentum points (k).
- Data Acquisition (QST): Momentum space was discretized into a 10 x 10 x 10 grid. At each grid point, Quantum State Tomography (QST) was performed after adiabatic evolution to retrieve the state density matrices, represented by three real indices on the Bloch sphere.
- Machine Learning Classification: A 3D Convolutional Neural Network (CNN) was trained in a supervised fashion using 5000 numerically generated samples to classify the topological phase (Hopf index Ï = 0, 1, or -2).
- Adversarial Example Implementation: Numerical optimization methods (Projected Gradient Descent (PGD), Momentum Iterative Method (MIM), and Differential Evolution Algorithm (DEA)) were used to calculate minimal perturbations (AEs). These AEs were then experimentally implemented by adjusting the MW parameters to generate density matrices that successfully misled the trained CNN classifier.
- Topological Invariant Verification: The robustness of the phase was confirmed by calculating the Hopf index (Ï) directly from the experimentally measured density matrices using a conventional discretization scheme, confirming that the AE did not alter the true topological phase.
Commercial Applications
Section titled âCommercial ApplicationsâThe findings and methodologies employed in this research are highly relevant to the following industries and applications:
- Quantum Computing and Simulation:
- Development and validation of robust quantum algorithms and simulators based on solid-state platforms (like NV centers).
- Ensuring the reliability of quantum machine learning models used for phase identification in complex quantum materials simulations.
- Quantum Sensing and Metrology:
- Utilizing NV centers for high-resolution, nanoscale magnetic and electric field sensing.
- Improving the robustness of ML-assisted data processing pipelines used in quantum sensing applications where noise and data sparsity are common challenges.
- Reliable Artificial Intelligence (AI) / ML Security:
- Developing adversarial training techniques and countermeasures to protect ML models deployed in critical scientific or industrial environments from subtle, high-confidence attacks or inherent experimental noise.
- Advanced Materials Discovery:
- Accelerating the identification and classification of novel topological materials (e.g., topological insulators, superconductors) by providing a framework for testing the reliability of ML classifiers against experimental imperfections.