Table 1 Notations
Notation | Description |
|---|---|
& | The bitwise AND operation |
⊕ | The bitwise XOR operation |
⋘ | The cyclic left rotation operation |
Round-i | The i-th round of SIMON32/64 |
(Li−1,Ri−1) | The input block of Round-i in SIMON32/64 |
Li[j] | The j-th bit of Li(the index of rightmost bit is 0) |
Ki−1 | The round key of Round-i in SIMON32/64 |
Δi−1=(ΔLi−1,ΔRi−1) | The input difference to Round-i |
ΔAndi | ΔAndi:=(Li⋘1)&(Li⋘8)⊕((Li)′⋘1)&((Li)′⋘8) |
ΔRoti | ΔRoti:=ΔLi⋘2 |
E(·) | The encryption function of 19-round SIMON32/64 with real key k |
Ek(·) | The encryption function of 19-round SIMON32/64 with guessed key k |
\(D_{k}^{j}(\cdot)\) | The decryption function that decrypts the given ciphertext in j rounds with key k |
\(\mathcal {QMKS}\) | The quantum master key exhaustive search attack on 19-round SIMON32/64 |
\(\mathcal {QRKR}\) | The quantum round-key key recovery attack on 19-round SIMON32/64 |
\(\mathcal {CRKR}\) | The key recovery attack on 19-round SIMON32/64 present in (Biryukov et al. 2014) |
#iter | The number of iteration in a QAA instance |
#Toff-C | The number of CNOT gate decomposed by Toffoli gate |
#Toff-H | The number of H gate decomposed by Toffoli gate |