Zero-Knowledge Tampering Attacks (ZKTA) exploit crosstalk from concurrent CNOT gates in multi-program quantum computers—posing a security threat that manipulates victim program outputs without requiring prior knowledge of hardware error characteristics. Method: We propose QONTEXTS, the first context-switching defense framework tailored for quantum multi-programming environments. It introduces a formally defined ZKTA attack model; a dynamic context-switching mechanism to disrupt static co-execution configurations; an active detection method based on cross-context output distribution comparison; and a hardware-agnostic crosstalk modeling and mitigation strategy. Results: Evaluated on real IBM Quantum devices, QONTEXTS improves program resilience against ZKTA by three orders of magnitude, increases average output fidelity by 1.33×, and doubles system throughput—demonstrating robust, scalable protection without hardware-specific assumptions.

Multi-programming quantum computers improve device utilization and throughput. However, crosstalk from concurrent two-qubit CNOT gates poses security risks, compromising the fidelity and output of co-running victim programs. We design Zero Knowledge Tampering Attacks (ZKTAs), using which attackers can exploit crosstalk without knowledge of the hardware error profile. ZKTAs can alter victim program outputs in 40% of cases on commercial systems. We identify that ZKTAs succeed because the attacker's program consistently runs with the same victim program in a fixed context. To mitigate this, we propose QONTEXTS: a context-switching technique that defends against ZKTAs by running programs across multiple contexts, each handling only a subset of trials. QONTEXTS uses multi-programming with frequent context switching while identifying a unique set of programs for each context. This helps limit only a fraction of execution to ZKTAs. We enhance QONTEXTS with attack detection capabilities that compare the distributions from different contexts against each other to identify noisy contexts executed with ZKTAs. Our evaluations on real IBMQ systems show that QONTEXTS increases program resilience by three orders of magnitude and fidelity by 1.33$ imes$ on average. Moreover, QONTEXTS improves throughput by 2$ imes$, advancing security in multi-programmed environments.