In cloud-based quantum services, scheduling metadata, latency patterns, and co-tenant interference can leak circuit structure and timing information, compromising operational privacy of gate-model workloads. To address this, we propose a noise-adaptive virtual-gate obfuscation framework integrating hardware-aware t-design padding, particle-filter-based temporal randomization, heterogeneous backend CASQUE subcircuit routing, and a lock-calibrated interval leakage estimator—enabling fine-grained, auditable, low-overhead privacy protection. Innovations include a dual-threshold termination switch and hash-chained audit logging for secure cryogenic scheduling. Evaluated on a 4-qubit superconducting processor, the framework achieves <1% normal-operation interruption rate under 6.3 μs monitoring intervals, while reliably triggering anomalous interruptions under attack; it also outperforms static padding in both power consumption and latency.

Cloud quantum services can reveal circuit structure and timing through scheduler metadata, latency patterns, and co-tenant interference. We introduce NADGO (Noise-Adaptive Dummy-Gate Obfuscation), a scheduling and obfuscation stack that enforces operational privacy for gate-model workloads by applying per-interval limits on observable information leakage. To support confidentiality and fair multi-tenancy, operators require a method to audit compliance at acceptable overheads. NADGO combines: (i) hardware-aware t-design padding for structured cover traffic, (ii) particle-filter timing randomization to mask queue patterns, (iii) CASQUE subcircuit routing across heterogeneous backends, and (iv) a per-interval leakage estimator with locked calibration artifacts and a dual-threshold kill-switch. We prototype the approach on a 4-qubit superconducting tile with cryo-CMOS control and evaluate both depth-varied local-random circuits and small QAOA instances. Monitoring runs at a 6.3 microsecond control interval, and per-interval decisions are recorded in an append-only, hash-chained audit log. Across Monte Carlo (Tier 1) and cloud-hardware emulation (Tier 2) evaluations, NADGO maintains leakage within budget in nominal operation (interval-abort rate below 1 percent) and under attack yields high separation with concentrated aborts. At matched leakage targets, microbenchmarks indicate lower latency and cryogenic power consumption than static padding, while end-to-end workloads maintain competitive cost envelopes.