What's the best open source software near analytically reversingcryptographic equations?
A curated list of cryptography and cryptanalysis related tools and libraries.
The motivation of curating a list of cryptography and cryptanalysis
related tools was born from desire to have a centralized point where all
such tools can be found. Attempts will be made to keep it updated as
frequently as possible. If you find any tools/library that are missing
feel free to contribute.
Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method
Extended Expectation Cryptanalysis on Round-reduced AES and Small-AES
Tool to automatically search for linear characteristics
A tool that searches for linear characteristics for given S-Box. The tool was born
from the paper Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates.
A set of C++ classes that can help analyze the Keccak sponge function family
KeccakTools is a set of C++ classes aimed as an assistant in analyzing the sponge function family Keccak. These classes and methods were used to obtain the results reported in the paper Differential propagation analysis of Keccak presented at FSE 2012 (available here IACR ePrint 2012/163).
Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)
This toolkit can be used to prove the security of cryptographic
ciphers against linear and differential cryptanalysis. This toolkit
generates Mixed-Integer Linear Programming problem which counts the
minimum number of (linearly or differentially) active S-boxes for a
given cipher. The toolkit currently supports AES and xAES (both in the
single-key and related-key setting), as well as Enocoro-128v2 (in the
related-key setting). The paper that introduced this toolkit is available online.
Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5
This framework contains tools for the constructions of differential
paths for MD5 and SHA-1, including chosen-prefix collisions for MD5.
The ARX toolkit is a set of tools to study ARX ciphers and hash functions
The ARX toolkit is a set of tools to study ARX ciphers and hash
functions. This toolkit was presented at the SHA-3 conference in March
2012.
A tool for information set decoding
This library, written in C++ that is efficient at finding low weight codewords of a linear code using information set decoding.
A tool to compute linear hulls for PRESENT cipher
This tool computes linear hulls for the original PRESENT cipher. It
confirms and even improves on the predicted bias (and the corresponding
attack complexities) of conventional linear relations based on a single
linear trail.
Tool for cryptanalysis based on coding theory
The CodingTool library is a collection of tools to use techniques
from coding theory in cryptanalysis. The core part is an implementation
of a probabilistic algorithm to search for code words with low Hamming
weight. Additional functionalities like shortening and puncturing of a
linear code or adding a weight to each bit of a code word are
implemented. Furthermore, the library provides data structures to assist
the user in creating a linear code for a specific problem. An easy to
use interface to the provided algorithms, powerful data structures and a
command line parser reduces the implementation work of a cryptanalyst
to a minimum.
An automated way to test stream ciphers through SAT solvers
Grain of Salt is a tool developed to automatically test stream
ciphers against standard SAT solver-based attacks. The tool takes as
input a set of configuration options and the definition of each filter
and feedback function of the stream cipher. It outputs a problem in the
language of SAT solvers describing the cipher. The tool can
automatically generate SAT problem instances for Crypto-1, HiTag2,
Grain, Bivium-B and Trivium.
A Fully Symbolic Polynomial System Generator for AES-128
SYMAES is a software tool that generates a system of polynomials in
GF(2), corresponding to the round transformation and key schedule of the
block cipher AES-128.
A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers
A simple tool for the automatic algebraic cryptanalysis of a large
array of stream and block ciphers. Three tests have been implemented and
the best results have led to continued work on a computational cluster.
A software framework AlPAtH (Algebraic Preimage Attack on Hash functions) to run algebraic attacks on hash function
AlPAtH is a software framework to run algebraic attacks on hash
functions. This framework is intended to run algebraic attacks on hash
functions, but could be extended to any kind of ciphers (block, stream).
It provides a framework to generate equations, solve these equations
and interpret the results.
A Tool for Algebraic Analysis of Stream Cipher LEX
The Lex Toolkit is a collection of Python programs for the computer
algebra system Sage. The programs generate Boolean algebraic equations
for a small-scale version of stream cipher LEX.
YAFU software that has implemented integer factoring algorithms
YAFU (with assistance from other free software) uses the most
powerful modern algorithms (and implementations of them) to factor input
integers in a completely automated way. Useful for RSA attacks.
Useful library for RSA attacks
Msieve is a C library implementing a suite of algorithms to factor
large integers. It contains an implementation of the SIQS and GNFS
algorithms. Useful for RSA attacks.
Toolkit for NFS verification
CADO-NFS (Crible Algebrique: Distribution, Optimisation - Number
Field Sieve) is a complete implementation in C/C++ of the Number Field
Sieve (NFS) algorithm for factoring integers. It consists in various
programs corresponding to all the phases of the algorithm, and a general
script that runs them, possibly in parallel over a network of
computers.
Tool that computes SHA-1 hash of given file along with detecting collision attacks against SHA-1 for the given file
sha1collisiondetection library and command line tool is designed as
near drop-in replacements for common SHA-1 libraries and sha1sum. It
will compute the SHA-1 hash of any given file and additionally will
detect cryptanalytic collision attacks against SHA-1 present in each
file. It is very fast and takes less than twice the amount of time as
regular SHA-1.
Toolkit for differential cryptanalysis of S-functions
An increasing number of cryptographic primitives use operations such
as addition modulo 2n, multiplication by a constant and bitwise Boolean
functions as a source of non-linearity. In NIST’s SHA-3 competition,
this applies to 6 out of the 14 second-round candidates. An S-function
is a function that calculates the i-th output bit using only the inputs
of the i^th bit position and a finite state S[i]. Although S-functions
have been analyzed before, this toolkit is the first to present a fully
general and efficient framework to determine their differential
properties. A precursor of this framework was used in the cryptanalysis
of SHA-1.
Cryptanalysis tool for the SIMON and SPECK families of block ciphers
A tool for cryptanalysis of symmetric primitives like block ciphers and hash functions
CryptoSMT is an easy to use tool for cryptanalysis of symmetric
primitives likes block ciphers or hash functions. It is based on SMT/SAT
solvers like STP, Boolector, CryptoMiniSat and provides a simple
framework to use them for cryptanalytic techniques.
A set of programs for the differential analysis of ARX cryptographic algorithms
YAARX provides methods for the computation of the differential
probabilities of various ARX operations (XOR, modular addition,
multiplication, bit shift, bit rotation) as well as of several larger
components built from them. YAARX also provides means to search for
high-probability differential trails in ARX algorithms in a fully
automatic way. The latter has been a notoriously difficult task for
ciphers that do not have S-boxes, such as ARX.
RSA Tool for CTF - Retrives private key from weak public key and/or uncipher the data
A nice framework that automatically unciphers data from weak
public key and try to recover private key using selection of best
attacks
Mostly used for Crypto related CTF, this framework allows number of
different attacks on the RSA including: Weak public key factorization,
Wiener's attack, Small public exponent attack, Small q (q < 100,000),
Common factor between ciphertext and modulus attack, Fermat's
factorisation for close p and q, Gimmicky Primes method,
Self-Initializing Quadratic Sieve (SIQS) using Yafu, Common factor
attacks across multiple keys, Small fractions method when p/q is close
to a small fraction, Boneh Durfee Method when the private exponent d is
too small compared to the modulus (i.e d < n^0.292), Elliptic Curve
Method.
A repository contains the source code for the near collision attacks on SHA-1
The repository that has the sources codes for the SHA-1 collision attacks published in the following papers: The first collision for full SHA-1, Practical free-start collision attacks on 76-step SHA-1 and Freestart collision for full SHA-1.
Repository that contains source codes for Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method
The repository contains the source code for the papers Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method.
Repository that contains source codes for Conditional Cube Attack on Round-Reduced ASCON
The repository contains the source code for the papers Conditional Cube Attack on Round-Reduced ASCON.
Code that has implementation of the Yoyo trick attacks on AES
The repository contains the source code for the paper Yoyo Tricks with AES that was published in AsiaCrypt2017.
Program for finidng low gate count implementations of S-Boxes
The algorithm used in the program is based on Kwan, Matthew: "Reducing the Gate Count of Bitslice DES." IACR Cryptology ePrint Archive 2000 (2000): 51,
with other improvements. In addition to finding logic circuits using
standard (NOT, AND, OR, XOR) gates, the program also supports AND-NOT
gates and 3-bit LUTs.
Performs key-recovery attacks on the SoDark family of algorithms
SoCracked performs key-recovery attacks on the SoDark family of
ciphers for automatic link establishment (ALE) in HF radios specified in
MIL-STD-188-141. Based on Cryptanalysis of the SoDark family of cipher algorithms.
Cryptanalysis of an image scrambling encryption algorithm (ISEA)
The repo contains codes about ciphertext-only attack and
known-plaintext attack on ISEA, and codes for calculating Structural
Similarity Index (SSIM) of an image based on the paper Cryptanalyzing an Image-Scrambling Encryption Algorithm of Pixel Bits
Implementation of the Bucketing Computational Analysis
The repository contains the core implementation of the Bucketing
Computational Analysis (BCA) and some public white-box cryptographic
implementations and the coressponding scripts to perform the BCA.
Repository for the differential Cryptanalysis of Round-Reduced Sparx 64/128
The repository contains implementation of the paper Differential Cryptanalysis of Round-Reduced Sparx-64/128 that was presented at ACNS 2018.
Contains the implementation of a key recovery attack on Trivium cipher. Based on the paper A Key-recovery Attack on 855-round Trivium accepted for Crypto 2018.
The speck_diff_find and speck_line_find within this repository are the Python framework for automatic differential and linear cryptanalysis based on the paper\ "MILP-Based Automatic Search Algorithms for Differential and Linear Trails for Speck"
Program to perform key-recovery attacks on the SoDark family of algorithms.
This program performs key-recovery attacks on the SoDark family of
ciphers for automatic link establishment (ALE) in HF radios specified in
MIL-STD-188-141. Based on the thesis Cryptanalysis of the SoDark family of cipher algorithms.
PEIGEN: a Platform for Evaluation, Implementation, and Generation of S-boxes
PEIGEN is a tool for study S-boxes. The S-box is a type of
non-linearity cryptographic component, commonly used in symmetric
cryptography primitives. A survey on studies of S-boxes and a formal
introduction of PEIGEN can be found in the paper SoK: Peigen – a Platform for Evaluation, Implementation, and Generation of S-boxes.
Cryptanalysis of Persichetti OTS based on quasi-cyclic codes
Implementation of the cryptanalysis of the OTS proposed by Persichetti in the paper Efficient One-Time Signatures from Quasi-Cyclic Codes: a Full Treatment. The cryptanalysis is described in the paper Cryptanalysis of a code-based one-time signature.
Implementation of the Key-dependent cube attack based on the paper by Key-dependent cube attack on reduced Frit permutation in Duplex-AE modes.
Implementation of expectation cryptanalysis on round-reduced AES and its small-scale version based on the paper Small Scale Variants of the AES.
Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS
Implementation of cryptanalysis on MORUS cipher using coreelation of quadratic boolean function. Based on the paper Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS.
Implementation of boomerang probabilities attack on Kiasu-BC
Three implementations that aims to validate the 6 and 7 round boomerang distinguishers on Kiasu-BC. Based on the paper Impossible-Differential and Boomerang Cryptanalysis of Round-Reduced Kiasu-BC.
Low-data mixture integral distinguishers and attacks on reduced-round AES
Implementation of Low-data mixture integral distinguishers and later attack on reduced-round AES. Based on the paper IMixture Integral Attacks on Reduced-Round AES with a Known/Secret S-Box.
Applying MILP method to find integral distinguisher for CRAFT
This tool is used to find integral distinguisher based on division property for CRAFT.
Applying MILP method to find integral distinguisher for MIBS
Applying the MILP method to search bit-based integral distinguishers, and degree estimation of MIBS block cipher, using division property.