Advancements in Quantum Circuit Design for ARIA: Implementation and Security Evaluation

LI Lingchen; LI Pei; MO Shenyong; WEI Yongzhuang; YE Tao

doi:10.11999/JEIT250440

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

LI Lingchen, LI Pei, MO Shenyong, WEI Yongzhuang, YE Tao. Advancements in Quantum Circuit Design for ARIA: Implementation and Security Evaluation[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250440

Citation:

LI Lingchen, LI Pei, MO Shenyong, WEI Yongzhuang, YE Tao. Advancements in Quantum Circuit Design for ARIA: Implementation and Security Evaluation[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250440

Citation:

PDF( 3197 KB)

Advancements in Quantum Circuit Design for ARIA: Implementation and Security Evaluation

doi: 10.11999/JEIT250440 cstr: 32379.14.JEIT250440

LI Lingchen^{1, 2
,
,},
LI Pei¹,
MO Shenyong¹,
WEI Yongzhuang^{1, 2},
YE Tao^{1, 2}

1.
Guangxi Key Laboratory of Cryptography and Information Security, Guilin 541214, China
2.
Guilin University of Electronic Technology, Guilin 541214, China

Funds: The National Natural Science Foundation of China (62162016, 62402132)

Rev Recd Date: 2025-08-26

Available Online: 2025-09-01

Abstract

Abstract

Objective ARIA is established as the Korean national standard block cipher (KS X 1213) in 2003 to meet the demand for robust cryptographic solutions across government, industrial, and commercial sectors in South Korea. Designed by a consortium of Korean cryptographers, the algorithm adopts a hardware-efficient architecture that supports 128-, 192-, and 256-bit key lengths, providing a balance between computational performance and cryptographic security. This design allows ARIA to serve as a competitive alternative to the Advanced Encryption Standard (AES), with comparable encryption and decryption speeds suitable for deployment in resource-constrained environments, including embedded systems and high-performance applications. The security of ARIA is ensured by its Substitution–Permutation Network (SPN) structure, which incorporates two distinct substitution layers and a diffusion layer to resist classical cryptanalytic methods such as differential, linear, and related-key attacks. This robustness has promoted its adoption in secure communication protocols and financial systems within South Korea and internationally. With the emergence of quantum computing, challenges to classical ciphers arise. Quantum algorithms such as Grover’s algorithm reduce the effective key strength of symmetric ciphers, necessitating reassessment of their post-quantum security. In this study, ARIA’s quantum circuit implementation is optimized through tower-field decomposition and in-place circuit optimization, enabling a comprehensive evaluation of its resilience against quantum adversaries. Methods The quantum resistance of ARIA is evaluated by estimating the resources required for exhaustive key search attacks under Grover’s algorithm. Grover’s quantum search algorithm achieves quadratic speedup, effectively reducing the security strength of a 128-bit key to the classical equivalent of 64 bits. To ensure accurate assessment, the quantum circuits for ARIA’s encryption and decryption processes are optimized within Grover’s framework, thereby reducing the required quantum resources. The core technique employed is tower-field decomposition, which transforms high-order finite field operations into equivalent lower-order operations, yielding compact computational representations. Specifically, the S-box and linear layer circuits are optimized using automated search tools to identify efficient combinations of low-order field operations. The resulting quantum circuits are then applied to estimate Grover-attack resource requirements, and the results are compared against the National Institute of Standards and Technology (NIST) post-quantum security standards. Results and Discussions Optimized quantum circuits for all four ARIA S-boxes are constructed using tower-field decomposition and automated circuit search tools (Fig. 7, Table 2). By integrating these with the linear layer, a complete quantum encryption circuit is implemented, and Grover-attack resource requirements are re-evaluated (Tables 5 and 6). Detailed implementation data are provided in the Clifford+T gate set. The experimental results show that ARIA-192 does not meet the NIST Level 3 post-quantum security standard, indicating vulnerabilities to quantum adversaries. In contrast, ARIA-128 and ARIA-256 comply with Level 1 and Level 3 requirements, respectively. Further optimization is theoretically feasible through methods such as pseudo-key techniques. Future research may focus on developing automated circuit search tools to extend this framework, enabling systematic post-quantum security evaluations of ARIA and comparable symmetric ciphers (e.g., AES, SM4) within a generalized assessment model. Conclusions This study investigates the quantum resistance of classical cryptographic algorithms in the context of quantum computing, with a particular focus on the Korean block cipher ARIA. By leveraging the distinct algebraic structures of ARIA’s four S-boxes, tower-field decomposition is applied to design optimized quantum circuits for all S-boxes. Additionally, the circuit depth of the ARIA linear layer is optimized through an in-place quantum circuit implementation, resulting in a more efficient realization of the ARIA algorithm in the quantum setting. A complete quantum encryption circuit is constructed by integrating these optimization components, and the security of the ARIA family of algorithms is evaluated against quantum adversaries using Grover’s key search attack model. The results demonstrate improved implementation efficiency under the newly designed quantum scheme. However, ARIA-192 exhibits resistance below the NIST Level 3 quantum security threshold, indicating a potential vulnerability to quantum attacks.
- Post-quantum security analysis,
- Grover’s algorithm,
- ARIA,
- Quantum circuit implementation,
- Tower-field decomposition

FullText(HTML)

References(36)

References

[1]	SHOR P W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer[J]. SIAM Review, 1999, 41(2): 303–332. doi: 10.1137/S0036144598347011.
[2]	SIMON D R. On the power of quantum computation[J]. SIAM Journal on Computing, 1997, 26(5): 1474–1483. doi: 10.1137/S0097539796298637.
[3]	GROVER L K. A fast quantum mechanical algorithm for database search[C]. Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, Philadelphia, USA, 1996: 212–219. doi: 10.1145/237814.237866.
[4]	ALAGIC G, APON D, COOPER D, et al. Status report on the third round of the NIST post-quantum cryptography standardization process[R]. NIST IR 8413, 2022. doi: 10.6028/nist.ir.8413-upd1.
[5]	DAEMEN J, RIJMEN V. AES proposal: Rijndael[R]. 1999. (查阅网上资料, 未找到本条文献报告编号信息, 请确认).
[6]	AUMASSON J P, HENZEN L, MEIER W, et al. SHA-3 proposal BLAKE[R]. Submission to NIST, 2008: 194. (查阅网上资料, 未找到本条文献报告编号信息, 请确认).
[7]	GRASSL M, LANGENBERG B, ROETTELER M, et al. Applying Grover’s algorithm to AES: Quantum resource estimates[C]. Proceedings of the 7th International Workshop on Post-Quantum Cryptography, Fukuoka, Japan, 2016: 29–43. doi: 10.1007/978-3-319-29360-8_3.
[8]	AMENTO B, RÖTTELER M, STEINWANDT R. Efficient quantum circuits for binary elliptic curve arithmetic: Reducing T-gate complexity[J]. Quantum Information & Computation, 2013, 13(7/8): 631–644.
[9]	ALMAZROOIE M, SAMSUDIN A, ABDULLAH R, et al. Quantum reversible circuit of AES-128[J]. Quantum Information Processing, 2018, 17(5): 112. doi: 10.1007/s11128-018-1864-3.
[10]	LANGENBERG B, PHAM H, and STEINWANDT R. Reducing the cost of implementing the advanced encryption standard as a quantum circuit[J]. IEEE Transactions on Quantum Engineering, 2020, 1: 2500112. doi: 10.1109/tqe.2020.2965697.
[11]	ZOU Jian, WEI Zihao, SUN Siwei, et al. Quantum circuit implementations of AES with fewer qubits[C]. Proceedings of the 26th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Daejeon, South Korea, 2020: 697–726. doi: 10.1007/978-3-030-64834-3_24.
[12]	LI Zhenqiang, CAI Binbin, SUN Hongwei, et al. Novel quantum circuit implementation of advanced encryption standard with low costs[J]. Science China Physics, Mechanics & Astronomy, 2022, 65(9): 290311. doi: 10.1007/s11433-022-1921-y.
[13]	HUANG Zhenyu and SUN Siwei. Synthesizing quantum circuits of AES with lower T-depth and less qubits[C]. Proceedings of the 28th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Taipei, China, 2022: 614–644. doi: 10.1007/978-3-031-22969-5_21.
[14]	JAQUES S, NAEHRIG M, ROETTELER M, et al. Implementing Grover oracles for quantum key search on AES and LowMC[C]. Proceedings of the 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Zagreb, Croatia, 2020: 280–310. doi: 10.1007/978-3-030-45724-2_10.
[15]	LIN Da, XIANG Zejun, XU Runqing, et al. Optimized quantum implementation of AES[J]. Quantum Information Processing, 2023, 22(9): 352. doi: 10.1007/s11128-023-04043-9.
[16]	S. SW. GM/T 0002-2012 SM4 block cipher algorithm[S]. State Cryptography Administration, Chinese Commercial Cryptography Standard, 2012. (查阅网上资料, 未找到本条文献作者和出版信息, 请确认).
[17]	BAI Xuefei, XU Yanhua, and GUO Li. Securing SMS4 cipher against differential power analysis and its VLSI implementation[C]. Proceedings of 2008 11th IEEE Singapore International Conference on Communication Systems, Guangzhou, China, 2008: 167–172. doi: 10.1109/iccs.2008.4737165.
[18]	PAAR C. Efficient VLSI architectures for bit-parallel computation in Galois fields[D]. [Ph. D. dissertation], University of Duisburg-Essen, 1994.
[19]	ABBASI I and AFZAL M. A compact S-box design for SMS4 block cipher[M]. PARK J J, ARABNIA H, CHANG H B, et al. IT Convergence and Services. Dordrecht: Springer, 2011: 641–658. doi: 10.1007/978-94-007-2598-0_69.
[20]	MARTÍNEZ-HERRERA A F, MEX-PERERA C, and NOLAZCO-FLORES J. Merging the camellia, SMS4 and AES s-boxes in a single s-box with composite bases[C]. Proceedings of the 16th International Conference on Information Security, Dallas, United States, 2013: 209–217. doi: 10.1007/978-3-319-27659-5_15.
[21]	WEI Zihao, SUN Siwei, HU Lei, et al. Searching the space of tower field implementations of the $ \mathbb{F}_{2} 8 $ inverter-with applications to AES, Camellia and SM4[J]. International Journal of Information and Computer Security, 2023, 20(1/2): 1–26. doi: 10.1504/ijics.2023.127999.
[22]	林达, 向泽军, 张若琳, 等. SM4算法的量子实现[J]. 密码学报, 2021, 8(6): 999–1018. doi: 10.13868/j.cnki.jcr.000493. LIN Da, XIANG Zejun, ZHANG Ruolin, et al. Quantum implementation of SM4[J]. Journal of Cryptologic Research, 2021, 8(6): 999–1018. doi: 10.13868/j.cnki.jcr.000493.
[23]	LUO Qingbin, LI Qiang, LI Xiaoyu, et al. Quantum circuit implementations of SM4 block cipher optimizing the number of qubits[J]. Quantum Information Processing, 2024, 23(5): 177. doi: 10.1007/s11128-024-04394-x.
[24]	KWON D, KIM J, PARK S, et al. New block cipher: ARIA[C]. Proceedings of the 6th International Conference on Information Security and Cryptology, Seoul, Korea, 2003: 432–445. doi: 10.1007/978-3-540-24691-6_32.
[25]	CHAUHAN A K and SANADHYA S K. Quantum resource estimates of Grover’s key search on ARIA[C]. Proceedings of the 10th International Conference on Security, Privacy, and Applied Cryptography Engineering, Kolkata, India, 2020: 238–258. doi: 10.1007/978-3-030-66626-2_13.
[26]	YANG Yujin, JANG K, OH Y, et al. Depth-optimized quantum implementation of ARIA[C]. Proceedings of the 26th International Conference on Information Security and Cryptology, Seoul, South Korea, 2023: 79–96. doi: 10.1007/978-981-97-1235-9_5.
[27]	OH Y, JANG K, YANG Yujin, et al. Quantum implementation and analysis of ARIA[C]. Proceedings of 2024 Silicon Valley Cybersecurity Conference (SVCC), Seoul, Korea, 2024: 1–7. doi: 10.1109/svcc61185.2024.10637311.
[28]	BOYAR J and PERALTA R. A new combinational logic minimization technique with applications to cryptology[C]. Proceedings of the 9th International Symposium on Experimental Algorithms, Naples, Italy, 2010: 178–189. doi: 10.1007/978-3-642-13193-6_16.
[29]	OH Y, JANG K, SEO H. Improved quantum analysis of ARIA[J]. Cryptology ePrint Archive, 2024. (查阅网上资料, 未找到本条文献卷期页码信息, 请确认).
[30]	WEI Zihao, SUN Siwei, HU Lei, et al. Searching the space of tower field implementations of the $ \mathbb{F}_{2} 8 $ inverter-with applications to AES, Camellia and SM4[J]. International Journal of Information and Computer Security, 2023, 20(1/2): 1–26. doi: 10.1504/ijics.2023.127999. (查阅网上资料,本条文献与第21条文献重复,请确认).
[31]	NG W J and TAN C H. Depth–measurement trade-off for quantum search on block ciphers[J]. Quantum Information Processing, 2024, 23(4): 151. doi: 10.1007/s11128-024-04359-0.
[32]	刘嘉宏, 谭晓青, 李明, 等. SM4算法S盒的高效量子电路实现[J]. 中国科学: 物理学力学天文学, 2024, 54(4): 240314. doi: 10.1360/sspma-2023-0386. LIU Jiahong, TAN Xiaoqing, LI Ming, et al. Efficient quantum circuit implementation of the SM4 S-box[J]. Scientia Sinica Physica, Mechanica & Astronomica, 2024, 54(4): 240314. doi: 10.1360/sspma-2023-0386.
[33]	陈晨, 郭华, 王闯, 等. 一种基于复合域的国密SM4算法快速软件实现方法[J]. 密码学报, 2023, 10(2): 289–305. doi: 10.13868/j.cnki.jcr.000594. CHEN Chen, GUO Hua, WANG Chuang, et al. A fast software implementation of SM4 based on composite fields[J]. Journal of Cryptologic Research, 2023, 10(2): 289–305. doi: 10.13868/j.cnki.jcr.000594.
[34]	CHEN Jingwen, LIU Qun, FAN Yanhong, et al. New SAT-based model for quantum circuit decision problem: Searching for low-cost quantum implementation[J]. IACR Communications in Cryptology, 2024, 1(1): 31. doi: 10.62056/anmmp-4c2h.
[35]	JANG K, BAKSI A, KIM H, et al. Quantum analysis of AES[J]. IACR Communications in Cryptology, 2025, 2(1): cc2–1-36. doi: 10.62056/ay11zo-3y.
[36]	XIANG Zejun, ZENG Xiangyoung, LIN Da, et al. Optimizing implementations of linear layers[J]. IACR Transactions on Symmetric Cryptology, 2020, 2020(2): 120–145. doi: 10.13154/tosc.v2020.i2.120-145.