I Audited a Quantum Computer's Security Layer. Here's What I Found.

The Setup

OQTOPUS is an open-source cloud quantum computer operating system built by a Japanese research team. It manages real quantum hardware — job submission, qubit mapping, circuit execution, result return. Apache 2.0. Actively maintained. 20 repos. Real hardware.

We were evaluating it as infrastructure for QSL's quantum security stack. Standard move: before you build on something, you audit it.

What We Found

The gRPC interface for job execution looks like this:

message CallJobRequest {

  string job_id = 1;

  uint32 shots = 2;

  string program = 3;  // raw OpenQASM3 — no signing, no auth

}

message CallJobResponse {

  JobStatus status = 1;

  Result result = 2;   // counts returned — no integrity proof

}

Four problems:

No authentication on who submitted the job
No verification that the result came from actual hardware
No proof the program that ran matches what was submitted
The server starts with: server.add_insecure_port(address) — literally named insecure

The risk: A malicious actor with network access could tamper with the OpenQASM3 program in transit or modify the counts returned from hardware. Nobody would know.

Why This Matters

Quantum computers are being used for cryptographic key generation, drug discovery, financial modeling, and national security research. Tampered results aren't just wrong — they're dangerous. A poisoned quantum random number generator produces predictable keys. Predictable keys break encryption.

"Harvest Now, Decrypt Later" already assumes adversaries are collecting encrypted data today to decrypt later with quantum computers. If adversaries can also tamper with the quantum computation itself — the threat model gets worse.

Authentication on Jobs

Integrity Proofs on Results

Repos in OQTOPUS Ecosystem

Insecure gRPC Port

What We Built

A lightweight attestation module. Zero new dependencies. Pure Python stdlib.

hash_program() — SHA-256 of the OpenQASM3 circuit
hash_counts() — SHA-256 of canonical result counts
hash_device_info() — SHA-256 of device identity + calibration timestamp
create_job_attestation() — full attestation record per job
verify_attestation() — tamper detection

9 tests. All passing. Including tamper detection — modified counts and modified programs both correctly rejected.

Non-breaking: logs only, response object unchanged.

The PR

Issue #78 opened. PR #79 submitted to oqtopus-team/device-gateway.

Awaiting review from maintainer orangekame3.

This is what security engineering looks like. You don't wait for the vulnerability disclosure. You find the gap, build the fix, and submit the patch.

What's Next

TLS on the gRPC server — add_insecure_port → add_secure_port
Calibration data signing — poisoned calibration = wrong qubit mapping
Job submission authentication layer
PQC-secured API endpoints for the cloud layer

"You can't protect what you can't see.
Every scar is a credential."

— Mike Bennett, Quantum Shield Labs

Security Engineering for Quantum Infrastructure

We audit quantum computing platforms, build attestation layers, and submit patches upstream. If you're building on quantum infrastructure, we can help you secure it.

Read the PR QSL Assessment @blocdev_bot

Mike Bennett

Founder & CEO, Quantum Shield Labs

Former executive chef turned cybersecurity entrepreneur. Builds autonomous security agents like CrawDaddy and thinks about the intersection of AI agent infrastructure and post-quantum cryptography. BS in Software Development & Security, UMGC.