Quantum computing promises to revolutionize the way we solve computationally intractable problems by harnessing quantum phenomena such as superposition, interference, and entanglement. Over the past two decades, the field has witnessed a dramatic evolution—from early devices with one or two qubits to modern machines featuring over a thousand qubits, with projections now foretelling error-corrected systems with millions of qubits and capable of executing millions of gates. Moreover, quantum computing is no longer a theoretical or experimental concept. Quantum computers have become widely accessible via cloud-based platforms with companies such as IBM, Amazon, and Microsoft. These services not only democratize access to quantum computers for academic research but also empower industry players and even individuals. With such rapid advancement, quantum computing continues to expand its potential applications in various fields, including optimization, natural sciences, artificial intelligence, finance, and beyond.

Nevertheless, as quantum computers transition from rudimentary few-qubit prototypes to increasingly sophisticated machines featuring hundreds or thousands of qubits, their growing computational power is paralleled by emerging security and privacy challenges. In order to address these critical issues and establish a solid foundation for both current and future research, this dissertation presents a comprehensive investigation into the vulnerabilities inherent in quantum computers and proposes robust countermeasures that span the entire quantum technology stack, from hardware to system-level orchestration and application-layer execution.

At the hardware level, quantum computers rely on qubit technologies that can be realized through superconducting, trapped ion, neutral atom, photonic, topological, or spin implementations. This dissertation focuses on superconducting qubits as a representative case to explore hardware-level security and privacy challenges. Quantum processing units (QPUs), composed of these qubits, are orchestrated by classical control systems that generate precise electromagnetic pulses. However, both the QPU and its interface with classical controllers present unique attack surfaces that are not typically encountered in conventional computing systems. Specifically, this dissertation investigates three critical areas in hardware-level security and privacy. First, it examines side-channel attacks in quantum computer controllers, demonstrating that side channel signals, especially timing and power consumption patterns of control pulses, can inadvertently leak sensitive information about gate-level operations, executed algorithms, and embedded data. Second, it explores fault injection attacks that target both quantum and classical control infrastructures, introducing a novel classification framework that maps out potential threat vectors and guides the development of effective countermeasures. Third, it assesses the long-term dependability of quantum hardware by analyzing performance fluctuations, such as abrupt changes in qubit frequencies, decoherence times, gate error rates, and other properties. Collectively, these investigations provide a comprehensive understanding of the vulnerabilities inherent in current quantum computer hardware and inform the design of robust countermeasures to safeguard next-generation quantum computers.

At the system level, quantum computer systems, which are responsible for the compilation, transformation, and execution of quantum circuits, introduce additional security and privacy challenges. This dissertation examines the vulnerabilities associated with state initialization and reset mechanisms during the execution phase. The probabilistic nature of quantum algorithms necessitates repeated circuit executions, and the process of initializing and resetting qubits between executions is vulnerable to information leakage. This dissertation demonstrates that imperfections in these reset mechanisms can lead to security attacks and information leakage, thereby opening an avenue for malicious actors. In particular, this dissertation introduces and analyzes the novel higher-energy state attack, wherein an attacker exploits control pulses to drive qubits into unintended energy states (e.g., |2⟩ or |3⟩) beyond the conventional |0⟩ and |1⟩abstraction. This breach not only disrupts standard circuit operations but can also be leveraged for covert communication across circuits. To counter this threat, this dissertation proposes the Cascading Secure Reset operation that effectively initializes qubits from higher-energy states back to |0⟩ without necessitating hardware modifications. Besides, this dissertation also thoroughly studies the state leakage problem in the normal two-level paradigm and proposes a defense mechanism based on the one-time pad prior to the reset mechanisms. This method relies on the random application of simple quantum gates to obfuscate any residual state, thereby mitigating the leakage. Together, this dissertation further informs the design of more robust reset mechanisms, thus enhancing the overall security and privacy of quantum computer systems.

At the application level, this dissertation investigates security and privacy challenges that arise in quantum software development kits and quantum programs. The design of quantum programs, including the high-level definition of quantum gates, their low-level pulse implementations, and the relationship between them, introduces vulnerabilities that adversaries can exploit. In particular, this dissertation introduces a suite of pulse-level attacks that take advantage of inconsistencies between the intended gate operations and the actual control pulses. Although recent advances in pulse-level programming have enhanced circuit expressivity and efficiency by decomposing gate-level operations into finer control pulses, this refined approach also introduces new security risks. To expose these vulnerabilities, this dissertation proposes attacks such as qubit plunder, qubit block, and timing mismatch, which demonstrate the susceptibility of contemporary quantum software development kits to manipulation. Complementing this analysis, this dissertation also proposes the quantum computer antivirus, operating during the compilation phase to detect and preempt malicious circuit patterns before they reach the hardware and are executed. These studies not only protect quantum programs from both accidental and deliberate attacks but also establish a robust foundation for designing secure quantum applications.

Beyond the specific contributions at each layer of the quantum computing stack, this dissertation emphasizes the necessity of a holistic security and privacy perspective. Historical precedents in classical computing have shown that vulnerabilities, ranging from cache timing attacks to speculative execution exploits, can remain undetected for years, only to be exploited later with severe consequences. Similarly, as quantum technologies mature, neglecting security and privacy at any level may lead to systemic vulnerabilities that could undermine the reliability and trustworthiness of quantum computations.

In summary, this dissertation advances the state of knowledge in the security and privacy of quantum computers by identifying and characterizing critical vulnerabilities and developing comprehensive defense frameworks to preempt emerging threats across the quantum computing stack. Through rigorous theoretical analysis, simulation, and experimental evaluation on contemporary quantum devices, this dissertation not only deepens the understanding of quantum vulnerabilities but also offers practical strategies to enhance the security and privacy of future quantum computers. This dissertation lays the groundwork for developing resilient quantum computers capable of withstanding both current and emerging security and privacy challenges, thereby contributing to the safe and reliable integration of quantum computing into critical applications.