Asymptotic yet practical optimization of quantum circuits implementing GF($2^m$) multiplication and division operations
Noureldin Yosri, Dmytro Gavinsky, Dmitri Maslov
TL;DR
This work addresses the challenge of efficient ancilla-free quantum circuits for GF$(2^m)$ multiplication and division. It develops an approach that reduces the multiplication gate count to $O(m^{\log_2{3}})$ CNOTs by optimally implementing multiplication by the constant $1+x^{\lceil m/2\rceil}$ and by exploiting irreducible polynomials, while also lowering division costs to $O(m^2 \log\log m/\log m)$ through joint optimization of constant-multiplication and squaring. The authors provide extensive numeric evidence for cryptographically relevant $m$, achieving large practical improvements (often over an 100x reduction in CNOT counts) and offering strategies to further reduce Toffoli counts via Toom–Cook and Karatsuba-like methods plus parity-based optimizations. They also explore the limits of root circuits for linear reversible unitaries, showing that roots can demand deeper circuits than the original unitary, highlighting fundamental depth-cost trade-offs. Overall, the paper delivers asymptotically and practically more efficient GF arithmetic for quantum algorithms, with implications for cryptographic quantum computations and circuit design.
Abstract
We present optimized quantum circuits for GF$(2^m)$ multiplication and division operations, which are essential computing primitives in various quantum algorithms. Our ancilla-free GF multiplication circuit has the gate count complexity of $O(m^{\log_2{3}})$, an improvement over the previous best bound of $O(m^2)$. This was achieved by developing an efficient $O(m)$ circuit for multiplication by the constant polynomial $1+x^{\lceil{m/2}\rceil}$, a key component of Van Hoof's construction. This asymptotic reduction translates to a factor of 100+ improvement of the CNOT gate counts in the implementation of the multiplication by the constant for parameters $m$ of practical importance. For the GF division, we reduce gate count complexity from $O(m^2 \log(m))$ to $O(m^2 \log \log(m)/\log(m))$ by selecting irreducible polynomials that enable efficient implementation of both the constant polynomial multiplication and field squaring operations. We demonstrate practical advantages for cryptographically relevant values of $m$, including reductions in both CNOT and Toffoli gate counts. Additionally, we explore the complexity of implementing square roots of linear reversible unitaries and demonstrate that a root, although itself still a linear reversible transformation, can require asymptotically deeper circuit implementations than the original unitary.