The cloud-based environments in which today's and future quantum computers
will operate, raise concerns about the security and privacy of user's
intellectual property. Quantum circuits submitted to cloud-based quantum
computer providers represent sensitive or proprietary algorithms developed by
users that need protection. Further, input data is hard-coded into the
circuits, and leakage of the circuits can expose users' data. To help protect
users' circuits and data from possibly malicious quantum computer cloud
providers, this work presented the first hardware architecture for a trusted
execution environment for quantum computers. To protect the user's circuits and
data, the quantum computer control pulses are obfuscated with decoy control
pulses. While digital data can be encrypted, analog control pulses cannot and
this paper proposed the novel decoy pulse approach to obfuscate the analog
control pulses. The proposed decoy pulses can easily be added to the software
by users. Meanwhile, the hardware components of the architecture proposed in
this paper take care of eliminating, i.e. attenuating, the decoy pulses inside
the superconducting quantum computer's dilution refrigerator before they reach
the qubits. The hardware architecture also contains tamper-resistant features
to protect the trusted hardware and users' information. The work leverages a
new metric of variational distance to analyze the impact and scalability of
hardware protection. The variational distance of the circuits protected with
our scheme, compared to unprotected circuits, is in the range of only 0.16 to
0.26. This work demonstrates that protection from possibly malicious cloud
providers is feasible and all the hardware components needed for the proposed
architecture are available today