Utilizing Circulant Structure to Optimize the Implementations of Linear Layers
Buji Xu, Xiaoming Sun
TL;DR
This paper introduces a circulant structure-based optimization method for linear layers in symmetric cryptography, significantly improving implementation efficiency and reducing XOR counts and circuit depth.
Contribution
It leverages circulant matrix properties to enhance heuristic algorithms for more efficient cryptographic linear layer implementations.
Findings
Achieved 8% better XOR counts for Whirlwind M0 compared to previous work.
Reduced circuit depth by 39% for Whirlwind M0.
Produced near state-of-the-art quantum circuits for AES MixColumn with minimal overhead.
Abstract
In this paper, we propose a novel approach for optimizing the linear layer used in symmetric cryptography. It is observed that these matrices often have circulant structure. The basic idea of this work is to utilize the property to construct a sequence of transformation matrices, which allows subsequent heuristic algorithms to find more efficient implementations. Our results outperform previous works for various linear layers of block ciphers. For Whirlwind M0 , we obtain two implementations with 159 XOR counts (8% better than Yuan et al. at FSE 2025) and depth 17 (39% better than Shi et al. at AsiaCrypt 2024) respectively. For AES MixColumn, our automated method produces a quantum circuit with depth 10, which nearly matches the manually optimized state-of-the-art result by Zhang et al. at IEEE TC 2024, only with 2 extra CNOTs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Coding theory and cryptography · Cryptography and Residue Arithmetic