Grover on S I M O N

For any symmetric key cryptosystem with n-bit secret key, the key can be recovered in O (2^{n /2}) exploiting Grover search algorithm, resulting in the effective key length to be half. In this direction, subsequent work has been done on AES and some other block ciphers. On the other hand, lightweight ciphers like S I M O N was left unexplored. In this backdrop, we present Grover's search algorithm on all the variants of S I M O N and enumerate the quantum resources to implement such attack in terms of NOT, CNOT and Toffoli gates. We also provide the T-depth of the circuits and the number of qubits required for the attack. We show that the number of qubits required for implementing Grover on S I M O N 2 n /m n is O (2 n r +m n ) , where r is the number of chosen plaintext-ciphertext pairs. We run a reduced version of S I M O N in IBMQ quantum simulator and the 14-qubit processor as well. We found that where simulation supports theory, the actual implementation is far from the reality due to the infidelity of the gates and short decoherence time of the qubits. The complete codes for all version of S I M O N have also been presented.