Boost-Breaking Bilinear Mixing

Updated 14 November 2025

Boost-breaking bilinear mixing is a phenomenon where spontaneous symmetry breaking induces novel bilinear couplings, leading to extra Goldstone modes in cosmology and new differential operators in cryptography.
It unifies symmetry-breaking effects in the effective field theory of inflation with XOR-based bilinear mixing in block ciphers, impacting both observable power spectra and cryptanalytic attacks.
The approach exploits deterministic propagation via automorphism groups, enabling precise diagonalization in cosmological models and improved differential analysis in cryptographic schemes.

Boost-breaking bilinear mixing refers to a class of symmetry-breaking effects and analytic strategies found in both high-energy effective theories (notably in the effective field theory of inflation) and in cryptographic structures, specifically in XOR-based block ciphers employing bilinear mixing layers. The crucial idea is that the introduction and subsequent spontaneous breaking of a continuous symmetry (such as Lorentz boosts in cosmology or a structural bilinear algebraic operation in cryptography) enables novel bilinear couplings or mixing terms. These yield new classes of Goldstone bosons or cryptanalytic difference operators, fundamentally altering the spectrum and propagation of excitations or differences in the system. This article systematically compares the physical realization in inflationary cosmology (Delacretaz et al., 2015) with the algebraic and cryptanalytic construction in block ciphers (Civino et al., 14 Apr 2024).

1. Patterns of Spontaneous Symmetry Breaking and Field Content

In the context of the effective field theory of inflation (EFTofI), the inflating FRW cosmological background spontaneously breaks both time translations ( $P_0$ ) and Lorentz boosts ( $K_i$ ) while preserving spatial translations ( $P_i$ ), rotations ( $J_{ij}$ ), and time-dependent spatial diffeomorphisms. The standard EFTofI contains a single Goldstone boson $\pi$ arising from time-translation breaking. When boosts are also spontaneously broken, a triplet of additional Goldstone bosons $\eta_i$ emerges, non-linearly realizing the broken boost symmetry via

$\eta^i(x) \rightarrow \eta^i(x) + \epsilon^i(x) + \cdots.$

This enlarges the low-energy field content and leads to new bilinear mixings between $\pi$ and $\eta_i$ .

Analogously, in cryptography, a special family of algebraic structures, "binary bi-braces," is defined on a finite-dimensional vector space $R$ over $\mathbb{F}_2$ . The pair $(G, +, \circ)$ comprises the usual XOR addition and a second, abelian group law $\circ$ of exponent two, subject to brace-distributivity and $\mathbb{F}_2$ -linearity. The non-trivial interaction between $+$ and $\circ$ is encoded in the bimultiplicative error $\beta(x, y) = x + y + x \circ y$ , which is alternating and bilinear. Here, the "boost-breaking" arises from considering the span of automorphisms preserving both $+$ and $\circ$ .

2. Bilinear Mixing Terms and Induced Difference Operators

In EFTofI with boost breaking, the quadratic action in the decoupling limit (with the metric fixed to be FRW) reads:

$\mathcal{L}_2 = \tfrac12 A_\pi(\dot\pi^2 - (\nabla\pi)^2) + \tfrac12 A_\eta(\dot\eta_i^2 - (\nabla\eta_i)^2 - m_\eta^2 \eta_i^2) + B_1 \eta_i \partial_i\pi + B_2 \dot\pi\,\nabla \cdot \eta,$

with the bilinear mixings $B_1 \eta_i \partial_i\pi$ and $B_2 \dot\pi\,\nabla \cdot \eta$ coupling $\pi$ and $\eta_i$ . These terms are enforced by the symmetry breaking pattern.

In the cryptographic setting, for a binary bi-brace, the induced "boxminus" difference

$x \boxminus y = \beta(x, y) = x + y + x \circ y$

generalizes the classical XOR difference. This operator is bilinear and alternating, enabling difference propagation that is linear-algebraic with respect to brace automorphisms.

3. Diagonalization and Deterministic Propagation

For EFTofI, diagonalizing the quadratic action—particularly in the spin-0 sector defined by the longitudinal combination $\sigma = \nabla \cdot \eta / k$ —yields coupled equations of motion (in Fourier space, assuming unit sound speeds):

$\det \begin{pmatrix} A_\pi(\omega^2 - k^2) & i B_2 k \omega + B_1 k \ - i B_2 k \omega + B_1 k & A_\eta (\omega^2 - k^2 - m_\eta^2) \end{pmatrix} = 0.$

For pure "mass-type" mixing ( $B_2 = 0$ ), the normal modes (mass eigenstates) derive from the polynomial equation:

$(\omega^2 - k^2)(\omega^2 - k^2 - m_\eta^2) + \frac{B_1^2}{A_\pi A_\eta}k^2 = 0,$

with solutions

$\omega^2_{\pm} = k^2 + \frac{m_\eta^2}{2} \pm \sqrt{ \frac{m_\eta^4}{4} + \frac{B_1^2}{A_\pi A_\eta} k^2 }$

and mixing angle

$\tan(2\theta) = \frac{2 B_1 k}{\sqrt{A_\pi A_\eta} m_\eta^2}.$

In the cryptanalytic scenario, deterministic propagation occurs when each SPN layer lies in the automorphism group $\Aut(G, +, \circ)$. For confusion layers (S-boxes) $\gamma$ and mixing layers $\mu$ , the boxminus difference propagates as:

$\gamma(x) \boxminus \gamma(x \boxminus \Delta) = \gamma(\Delta) \ \mu(x) \boxminus \mu(x \boxminus \Delta) = \mu(\Delta),$

i.e., deterministically. Key addition, which is not in $\Aut(G, \circ)$, leads to

$(x \oplus k) \boxminus (x \boxminus \Delta \oplus k) = \Delta \oplus (k \cdot \Delta), \;\;\; \text{with} \;\; k \cdot \Delta = \beta(k, \Delta) \in G^2.$

If $\dim G^2 = 1$ , then for half of all $k$ , $k \cdot \Delta=0$ , so the boxminus differential is preserved unchanged through the key addition.

4. Layer Classification and Automorphism Structure

The class of XOR-linear layers preserving boxminus differences is precisely those in $\Aut(G, +) \cap \Aut(G, \circ)$. Let $G = R \cong \mathbb{F}_2^m \oplus \mathbb{F}_2^d$ , with $G^2 \cong \mathbb{F}_2^d$ the annihilator. The full automorphism group is (see (Civino et al., 14 Apr 2024), Cor. 6.9):

$\Aut(G, +, \circ) = \left\{ \begin{pmatrix} A & C \ 0 & D \end{pmatrix} : A \in \mathrm{Sp}(B), D \in \mathrm{Fix}(b), C \in \mathbb{F}_2^{m \times d} \right\}$

where $B$ is the full-rank skew-symmetric matrix of $\beta|_R$ , $\Sp(B)$ is the symplectic group, $b$ generates $G^2$ , and $\mathrm{Fix}(b)$ is the stabilizer in $\mathrm{GL}(d, 2)$ . A map $L$ is in $\Aut(G, \circ)$ if $L B_i L^T \in \langle B_1, …, B_d \rangle$ for $i=1, …, d$ ((Civino et al., 14 Apr 2024), Thm 6.6).

5. Phenomenological and Analytic Implications

Effective Theory of Inflation

The $\pi$ – $\eta$ mixing modifies the power spectrum and generates novel non-Gaussianity. The tree-level two-point function receives a correction:

$\langle \pi_{\vec{k}} \pi_{-\vec{k}} \rangle = \frac{1}{2A_\pi k} \left(1 + \frac{B^2}{A_\pi A_\eta} \frac{1}{k^2 + m_\eta^2} + … \right),$

translating to a curvature perturbation power spectrum

$P_\zeta(k) = \frac{H^2}{4A_\pi k^3}\left[1 + \mathcal{O}(B^2/A_\pi A_\eta)\right].$

Leading non-Gaussianities arise from boost sector cubic interactions, yielding an equilateral bispectrum with amplitude

$f_{\rm NL} \sim \frac{M^2}{\bar M H} (\beta_2^c)^3,$

where $M^4 = 2c+4M_2^4$ , $\beta_2^c = \beta_2/(M^2\bar M)$ . The bispectrum's squeezed-limit scales as $(k_L / k_S)^2$ , more suppressed than in quasi-single-field inflation. Achievable amplitudes $f_{\rm NL} \sim 1$ --$10$ are possible for $\beta_2^c \sim 10^{-1}$ and $\beta_1^c \ll 10^{-3}$ , with bispectrum closely matching the equilateral template (cosine ≈ 0.95–0.99). Corrections to the power-spectrum tilt and running are parametrically small, $(B/A)^2 \lesssim 10^{-2}$ .

Cryptanalytic Differential Attack

In cryptography, the boost-breaking perspective allows a new "boxminus" differential attack that closely parallels classical (XOR-differential) analysis but exploits deterministic propagation through special mixing and confusion layers. For an $r$ -round SPN where all bricks are inside a binary bi-brace with $\dim G^2 = 1$ and all non-S-box layers are in $\Aut(G, +, \circ)$, the probability that the boxminus trail holds across all rounds is exactly $2^{-r}$ (half of keys per round). Key recovery requires $N_{\rm queries} \approx 2^{n-1}$ for $n$ -bit bricks and order $O(2^n)$ overall work. In ciphers engineered to be maximally resistant to XOR-differential attacks, the boxminus-based approach can outperform classical cryptanalysis by exploiting the mixing structure in a manner unavailable to XOR-based differences.

6. Summary and Outlook

Boost-breaking bilinear mixing unifies insights from cosmological EFT and algebraic cryptanalysis. In both cases, the interaction of a bilinear structure (either Goldstone boson mixing or a brace product) with the underlying symmetry (Lorentz or algebraic automorphism) creates new deterministic propagation mechanisms and phenomenological signatures: either novel non-Gaussian correlators in the cosmic microwave background or cryptanalytically accessible difference trails in block ciphers. These effects are fundamentally controlled by the automorphism group preserving the bilinear structure and by the nilpotency class of the algebra in which these operations reside. Both contexts exhibit a characteristic split: generic layers (or interactions) allow deterministic mixing, but "key" (or mass) terms break this propagation randomly, with a well-characterized bias. Thus, "boost-breaking" induces both novel observables and new analytic pathways in systems governed by coupled bilinear structures.

PDF Markdown Chat (Pro)

References (2)

Boost Breaking in the EFT of Inflation (2015)

Binary bi-braces and applications to cryptography (2024)

Follow Topic

Get notified by email when new papers are published related to Boost-Breaking Bilinear Mixing.