Circulant Structure Optimizes Linear Layers, Achieving 8% XOR Reduction and 39% Depth Improvement

Linear layers represent a critical component in many symmetric cryptographic algorithms, and optimising their implementation significantly enhances overall performance. Buji Xu and Xiaoming Sun, from the Institute of Computing Technology, Chinese Academy of Sciences, and the University of Chinese Academy of Science, present a novel method that exploits the inherent circulant structure frequently found within these layers. The researchers construct a series of transformation matrices, enabling heuristic algorithms to discover more efficient implementations than previously achieved. This approach delivers substantial improvements for key cryptographic algorithms, including a notable 8% reduction in XOR counts and a 39% decrease in circuit depth for Whirlwind M0, and a near state-of-the-art result for AES MixColumn with minimal overhead.

Researchers observe that many matrices used in cryptography often possess a circulant structure. This work exploits this property to construct sequences of transformation matrices, enabling more efficient optimization algorithms. The resulting implementations outperform previous approaches for various linear layers within block ciphers. For the Whirlwind M0 transformation, the team achieves implementations with 159 XOR operations, an 8% improvement over prior work, and a circuit depth of 17, a 39% reduction. For the AES MixColumn transformation, the automated method generates a quantum circuit with a depth of 10, closely matching the performance of manually optimized designs.

This optimization is crucial for lightweight cryptographic implementations, seeking to maintain security with fewer computational resources. The team’s work focuses on reducing the number of XOR operations needed to perform the Whirlwind M0 transformation, achieving a significant reduction compared to straightforward matrix multiplication. This optimization is particularly valuable for implementing Whirlwind in resource-constrained environments, such as embedded systems and IoT devices.

Circulant Matrix Synthesis for Quantum Cryptography

This work presents a novel approach to optimizing linear layers, essential components in symmetric cryptography, by leveraging circulant matrix structures. Researchers developed an algorithm to synthesize quantum circuits for matrices exhibiting this property, resulting in significant improvements in circuit depth and gate count. For the Whirlwind M0 linear transformation, the team reduced the circuit depth from 28 to 17 and the gate count from 286 to 200, surpassing previous results. For the widely used AES MixColumn transformation, the algorithm achieved a state-of-the-art depth of 10 with a gate count of 107, outperforming prior work that achieved a depth of 10 with 131 gates.

This result closely matches a manually optimized circuit achieving a depth of 10 and a gate count of 105. The team also developed an automated method to replicate the manual optimization process for the AES MixColumn quantum circuit, streamlining the optimization process. Measurements confirm that for Whirlwind M0, the new algorithm reduces the XOR count of classical circuits, offering benefits beyond quantum computing applications. This research demonstrates a clear advancement in the optimization of linear layers, delivering substantial reductions in both circuit depth and gate count for key cryptographic transformations, contributing to more efficient and potentially faster cryptographic implementations.

Circulant Structures Optimise Cryptographic Layer Depth

This work presents a novel framework for optimizing linear layers within symmetric cryptography, achieving significant improvements in both classical and quantum circuit implementations. Researchers discovered that leveraging the circulant structure commonly found in matrices used for cryptographic design allows for the construction of transformation sequences that enhance optimization algorithms. The results demonstrate superior performance across several matrices, reducing the depth of quantum circuits for Whirlwind M0 from 28 to 17, and achieving a state-of-the-art depth for AES MixColumn with only a minimal increase in gate count compared to manually optimized designs. Furthermore, the approach yielded improved XOR counts for classical circuits in specific matrices, indicating its broad applicability. This investigation opens promising avenues for future work aimed at enhancing the efficiency and performance of cryptographic systems, building upon the demonstrated effectiveness of utilizing matrix structure for optimization purposes. The findings represent a substantial advance in the field, offering a powerful new technique for improving both the speed and resource utilization of cryptographic operations.