| \(\mathbb{B}\) |
The type of bit values. |
| \(\mathbb{B}^{\mathbb{Y}}\) |
The type of byte values. |
| \(\mathbb{N}\) |
The type of non-negative integers. |
| \(\mathbb{N}^{+}\) |
The type of positive integers. |
| \(\mathbb{Z}\) |
The type of integers. |
| \(\mathbb{Q}\) |
The type of rational. |
| \(x\ : \ T\) |
\(x\) has type \(T\). |
| \(S\ \times \ T\) |
A cartesian product type. |
| \(S\ \to T\) |
A function type. |
| \(S\ \xrightarrow{R} \ T\) |
The type of a randomized algorithm. The domain of a randomized algorithm maybe \(()\), indicating that it requires no arguments. |
| \(x \ \xleftarrow{R}\ f(s)\) |
With \(f:S \xrightarrow{R} T\) and \(s: S\), sampling a variable \(x:T\) from the output of \(f\) applied to \(s\). |
| \(x:X\), \(y:Y\), \(f:X\times Y\to Z\) |
Initial arguments to a function or randomized algorithm. |
| \(f(x,y)\) |
Can be written as \(f_x(y)\). |
| \(\{ x:T\ \mid \ p_x \}\) |
The subset of \(x\) from \(T\) for which \(p_x\) (a boolean expression depending on \(x\)) holds. |
| \(T\ \subseteq \ U\) |
\(T\) is an inclusive subset or subtype of \(U\). |
| \(S\ \cup \ T\) |
The set union of \(S\) and \(T\). |
| \(S\ \cap \ T\) |
The set intersection of \(S\) and \(T\). |
| \(S\ \setminus \ T\) |
The set difference obtained by removing elements in \(T\) from \(S\).The set difference obtained by removing elements in \(T\) from \(S\). |
| \(x:T \mapsto e_x: U\) |
The function of type \(T \to U\) mapping formal parameter \(x\) to \(e_x\) (an expression depending on \(x\)). The types of \(T\) and \(U\) are always explicit. |
| \(x: T \mapsto_{\notin V} e_x: V\) |
\(x:T \mapsto e_x:U\cup V\) restricted to the domain \(\{x:T\ \mid \ e_x \notin V\}\) and range \(U\). |
| \(\mathscr{P}(T)\) |
The power set of \(T\). |
| \(\perp\) |
Unavailable information, a failed decryption or validity check, or an exceptional case. |
| \(T^{[ℓ]}\) |
The type of sequences of length \(ℓ\) with elements in \(T\). |
| \(\mathbb{B}^{[ℓ]}\) |
The set of sequences of \(ℓ\) bits. |
| \(\mathbb{B}^{\mathbb{Y^{\mathbb{[N]}}}}\) |
The type of byte sequences of arbitrary length. |
| \(\texttt{length}(S)\) |
The length of \(S\). |
| \(\texttt{truncate}_k(S)\) |
The sequence formed from the list \(k\) elements in \(S\). |
| \(\texttt{0x}\) followed by a string of \(\texttt{monospace}\) hexadecimal digits |
The corresponding integer converted from hexadecimal. |
| \([\texttt{0x00}]^{ℓ}\) |
The sequence of \(ℓ\) zero bytes. |
| \("...."\) |
The given string represented as a sequence of bytes in US-ASCII. |
| \([0]^{ℓ}\) |
The sequence of \(ℓ\) zero bits. |
| \([1]^{ℓ}\) |
The sequence of \(ℓ\) one bits. |
| \(a..b\) use as subscript |
The sequence of values with indices \(a\) through \(b\) inclusive. |
| \(\{ a..b\}\) |
The set or type of integers from \(a\) through \(b\) inclusive. |
| \([f(x)\) for \(x\) from \(a\) up to \(b]\) |
The sequence formed by evaluating \(f\) on each integer from \(a\) to \(b\) inclusive, in ascending order. |
| \(a\ \parallel \ b\) |
The concentration of sequences \(a\) then \(b\). |
| \(\texttt{concat}_{\mathbb{B}}(S)\) |
The sequence of bits obtained by concatenating the elements of \(S\) as a bit sequence. |
| \(\texttt{sorted}(S)\) |
The sequence formed by sorting the elements of \(S\). |
| \(\mathbb{F}_n\) |
The finite field with \(n\) elements. |
| \(\mathbb{F}_n^{*}\) |
The finite field with \(n\) elements group under multiplication (which excludes 0). |
| \(a : \mathbb{F}_n\) in the range \(\{0..n-1\}\) (or \(a : \mathbb{F}_n^*\) in the range \(\{1..n-1\}\)) |
\(a\) mod \(n\). |
| The element of \(\mathbb{F}_n\) corresponding to an integer \(k:\mathbb{Z}\) |
\(k\) (mod \(n\)). |
| \(k=k'\) (mod \(n\)) |
\(k\) mod \(n\) = \(k'\) mod \(n\). |
| \(k \neq k'\) (mod \(n\)) |
\(k\) mod \(n\) \(\neq\) \(k'\) mod \(n\). |
| \(\mathbb{F}_n[z]\) |
The ring of polynomials over \(z\) with coefficients in \(\mathbb{F}_n\). |
| \(a+b\) |
The sum of \(a\) and \(b\). |
| \(-a\) |
The value of the appropriate integer, rational, finite field, or group of type s.t \((-a)+a=0\) (or when \(a\) is an element of a group \(\mathbb{G}\), \((-a)+a = \mathcal{O}_\mathbb{G}\)), and \(a-b\) means \(a + (-b)\). |
| \(a\ .\ b\) |
The product of multiplying \(a\) and \(b\). This applies to integers, rationals, and finite field elements according to context. |
| \(a/b\) or \(\frac{a}{b}\) |
The value of the appropriate integer, rational, finite field type s.t \((a/b).b = a\). |
| \(a\) mod \(q\), for \(a:\mathbb{N}\) and \(q:\mathbb{N}^{+}\) |
The remainder on dividing \(a\) by \(q\). |
| \(a\ \oplus\ b\) |
The bitwise-exclusive-or of \(a\) and \(b\). These are defined on integers, elementwise on equal-length sequences of integers, according to context. |
| \(a\ \And\ b\) |
The bitwise-and of \(a\) and \(b\) . These are defined on integers, elementwise on equal-length sequences of integers, according to context. |
| \(\sum\limits_{i=1}^{N}{a_i}\) |
The sum of \(a_{1..N}\). When \(N = 0\) these yield the appropriate neutral elements (\(\sum\limits_{i=1}^{0}{a_i} = 0\)). |
| \(\prod\limits_{i=1}^{N}{a_i}\) |
The product of \(a_{1..N}\). When \(N = 0\) these yield the appropriate neutral elements (\(\prod\limits_{i=1}^{0}{a_i} = 1\)). |
| \(\bigoplus\limits_{i=1}^{N}{a_i}\) |
The bitwise exclusive-or of \(a_{1..N}\). When \(N = 0\) these yield the appropriate neutral elements (\(\bigoplus\limits_{i=1}^{0}{a_i}=0\)). |
| \(\sqrt[+]{a}\) where \(a : \mathbb{F}_q\) |
The positive square root of \(a\) in \(\mathbb{F}_q\). It is only used in cases where the square root must exist. |
| \(\sqrt[?]{a}\) where \(a : \mathbb{F}_q\) |
An arbitrary square root of \(a\) in \(\mathbb{F}_q\), or \(\perp\) if no such square root exists. |
| \(b\ ?\ x : y\) |
\(x\) when \(b=1\) or \(y\) when \(b = 0\). |
| \(a^b\), for \(a\) an integer or finite field element, and \(b:\mathbb{Z}\) |
The results of raising \(a\) to the exponent \(b\). |
| \(⋆\) |
Used for variables that denote bit-sequence representations of group elements. |
| \(\texttt{floor}(x)\) |
The largest integer \(\leq x\). |
| \(\texttt{ceiling}(x)\) |
The smallest integer \(\ge x\). |
| \(\texttt{bitlength}(x)\), for \(x : \mathbb{N}\) |
The smallest integer \(ℓ\) s.t \(2^ℓ > x\). |