‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, November 9, 2020 5:29 PM, Karl gmkarl@gmail.com wrote:

What's the best open source software near analytically reversing cryptographic equations?

there are a number of different cryptanalytic attacks you can mount against a cryptosystem. so depending on how you want to attack, some of these may be useful: https://github.com/Deadlyelder/Tools-for-Cryptanalysis Crypto-Tools A curated list of cryptography and cryptanalysis related tools and libraries. Motivation The motivation of curating a list of cryptography and cryptanalysis related tools was born from desire to have a centralized point where all such tools can be found. Attempts will be made to keep it updated as frequently as possible. If you find any tools/library that are missing feel free to contribute. Contents - [Lineartrails](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#lineartrails) - [KeccakTools](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#KeccakTools) - [S-Box Mixed-Integer Linear Programming tool](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#MILP) - [HashClash](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#HashClash) - [ARX Toolkit](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#arxtoolkit) - [Information Set Decoding](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#isd) - [Linear Hull Cryptanalysis PRESENT](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#linearpresent) - [CodingTool Library](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#codingtool) - [Grain of Salt](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#grainsalt) - [SYMAES](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#symaes) - [Automated Algebric Cryptanalysis](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#autoalger) - [Algebraic Preimage Attack on Hash functions](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#alpath) - [Lex Toolkit](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#lex) - [Yafu](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#yafu) - [Msieve](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#msieve) - [CADO-NFS](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#cado) - [sha1collisiondetection](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#sha1coll) - [S-function Toolkit](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#sfun) - [SIMON/SPECK Cryptanalysis](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#simon-speck) - [CryptoSMT](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#cryptosmt) - [YAARX](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#yaarx) - [CTF Tool](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#RSActf) - [SHA-1 GPU near-collision attacks](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#sha_collisions) - [Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#keccak_milp) - [Conditional Cube Attack on Round-Reduced ASCON](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#ascon-test) - [Yoyo Tricks with AES](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#yoyo-aes) - [sboxgates](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#sboxgates) - [SoCracked key-recovery attack on SoDark](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#sodark) - [Cryptanalysis of ISEA](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#isea) - [Bucketing Computational Analysis Attack](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#bca) - [SPARX Differential Attacks](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#sparxda) - [Attack on 721-round Trivium](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#trivium) - [MILP on SPECK](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#milp-speck) - [SoCracked](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#socracked) - [Peigen SBoxes](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#peigen) - [Cryptanalysis of Persichetti's One-Time Signature (OTS)](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#ots) - [Key-dependent cube attack on Frit-AE](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#frit) - [Extended Expectation Cryptanalysis on Round-reduced AES and Small-AES](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#reduce-aes) - [Cryptanalysis of MORUS](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#morus) - [Boomerang probablities on Kiasu-BC](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#kaisu) - [Mixture Integral Attacks on Reduced-Round AES](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#aes-mixint) - [Integral Cryptanalysis of CRAFT](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#craft-integral) - [Integral Cryptanalysis of MIBS](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#mibs-integral) - [License](https://github.com/Deadlyelder/Tools-for-Cryptanalysis#license) lineartrails Tool to automatically search for linear characteristics - Developers: Christoph Dobraunig, Maria Eichlseder, Florian Mendel - [Official Repository](https://github.com/iaikkrypto/lineartrails) A tool that searches for linear characteristics for given S-Box. The tool was born from the paper [Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates](https://eprint.iacr.org/2015/1200). KeccakTools A set of C++ classes that can help analyze the Keccak sponge function family - Developers: Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Assche - [Direct download](http://keccak.noekeon.org/KeccakTools-3.3.zip) - [Official website](http://keccak.noekeon.org/KeccakTools-doc/) KeccakTools is a set of C++ classes aimed as an assistant in analyzing the sponge function family Keccak. These classes and methods were used to obtain the results reported in the paper Differential propagation analysis of Keccak presented at FSE 2012 (available here [IACR ePrint 2012/163](http://eprint.iacr.org/2012/163)). S-Box Mixed-Integer Linear Programming tool Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP) - Developer: Nicky Mouha - [Direct download](http://www.ecrypt.eu.org/tools/uploads/sbox-milp.zip) - [Location within this repository](https://github.com/Deadlyelder/Tools-for-Cryptanalysis/tree/master/S-Box%20M...) This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. This toolkit generates Mixed-Integer Linear Programming problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher. The toolkit currently supports AES and xAES (both in the single-key and related-key setting), as well as Enocoro-128v2 (in the related-key setting). The paper that introduced this toolkit is [available online](https://www.esat.kuleuven.be/cosic/publications/article-2080.pdf). HashClash Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5 - Developer: Marc Stevens - [Official website](https://marc-stevens.nl/p/hashclash/index.php) This framework contains tools for the constructions of differential paths for MD5 and SHA-1, including chosen-prefix collisions for MD5. ARX Toolkit The ARX toolkit is a set of tools to study ARX ciphers and hash functions - Developer: Gaetan Leurent - [Official website](http://www.di.ens.fr/~leurent/arxtools.html) The ARX toolkit is a set of tools to study ARX ciphers and hash functions. This toolkit was presented at the SHA-3 conference in March 2012. Information Set Decoding A tool for information set decoding - Developers: Unknown? - [Official source](https://github.com/isd-dev/isd/downloads) - [Location within this repo](https://github.com/isd-dev/isd/tree/db3bbe7e86b06a7e62b6cb9e7b8c1ac0c416b953) This library, written in C++ that is efficient at finding low weight codewords of a linear code using information set decoding. Linear Hull Cryptanalysis of PRESENT A tool to compute linear hulls for PRESENT cipher - Developer: Bingsheng Zhang - [Direct download](http://www.ecrypt.eu.org/tools/uploads/present-linear-hull.zip) - [Paper](http://dx.doi.org/10.1007/978-3-642-10433-6_5) - [Location within this repo](http://github.com/Deadlyelder/Tools-for-Cryptanalysis/tree/master/PRESENT%20...) This tool computes linear hulls for the original PRESENT cipher. It confirms and even improves on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail. CodingTool Library Tool for cryptanalysis based on coding theory - Developer: Tomislav Nad - [Direct download](https://www.iaik.tugraz.at/content/research/krypto/codingtool/downloads/Codi...) - [Official website](http://www.iaik.tugraz.at/content/research/krypto/codingtool/) - [Location within this repo](https://github.com/Deadlyelder/Tools-for-Cryptanalysis/tree/master/CodingToo...) The CodingTool library is a collection of tools to use techniques from coding theory in cryptanalysis. The core part is an implementation of a probabilistic algorithm to search for code words with low Hamming weight. Additional functionalities like shortening and puncturing of a linear code or adding a weight to each bit of a code word are implemented. Furthermore, the library provides data structures to assist the user in creating a linear code for a specific problem. An easy to use interface to the provided algorithms, powerful data structures and a command line parser reduces the implementation work of a cryptanalyst to a minimum. Grain of Salt An automated way to test stream ciphers through SAT solvers - Developer: Mate Soos - [Official website](http://planete.inrialpes.fr/~soos/GrainOfSalt/) - [Location within this repo](https://github.com/msoos/grainofsalt/tree/f82b2a24098976075fac9b2df3e23caf2c...) Grain of Salt is a tool developed to automatically test stream ciphers against standard SAT solver-based attacks. The tool takes as input a set of configuration options and the definition of each filter and feedback function of the stream cipher. It outputs a problem in the language of SAT solvers describing the cipher. The tool can automatically generate SAT problem instances for Crypto-1, HiTag2, Grain, Bivium-B and Trivium. SYMAES A Fully Symbolic Polynomial System Generator for AES-128 - Developers: Vesselin Velichkov, Vincent Rijmen, Bart Preneel - [Paper](http://www.cosic.esat.kuleuven.be/publications/article-1476.pdf) SYMAES is a software tool that generates a system of polynomials in GF(2), corresponding to the round transformation and key schedule of the block cipher AES-128. Automated Algebraic Cryptanalysis A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers - Developer: Paul Stankovski - [Official website](http://www.eit.lth.se/index.php?id=260&uhpuid=dhs.pas&hpuid=584&L=1) - Direct download: [Windows Executable](http://www.eit.lth.se/fileadmin/eit/home/dhs.pas/win_exec.zip), [Linux Executable](http://www.eit.lth.se/fileadmin/eit/home/dhs.pas/linux_exec.zip), [C code](http://www.eit.lth.se/fileadmin/eit/home/dhs.pas/source.zip) A simple tool for the automatic algebraic cryptanalysis of a large array of stream and block ciphers. Three tests have been implemented and the best results have led to continued work on a computational cluster. Algebraic Preimage Attack on Hash functions (AlPAtH) A software framework AlPAtH (Algebraic Preimage Attack on Hash functions) to run algebraic attacks on hash function - Developer: Luk Bettale - [Official website](https://www.lukbettale.ze.cx/alpath/) - [Location within this repo](https://github.com/Deadlyelder/Tools-for-Cryptanalysis/tree/master/AIPAtH) AlPAtH is a software framework to run algebraic attacks on hash functions. This framework is intended to run algebraic attacks on hash functions, but could be extended to any kind of ciphers (block, stream). It provides a framework to generate equations, solve these equations and interpret the results. Lex Toolkit A Tool for Algebraic Analysis of Stream Cipher LEX - Developer: V. Velichkov, V. Rijmen, and B. Preneel - [Official Repository](https://github.com/vesselinux/lextool.git) - [Location within this repo](https://github.com/vesselinux/lextool/tree/0dc488f1a83c79452e626854bcbb39737...) The Lex Toolkit is a collection of Python programs for the computer algebra system Sage. The programs generate Boolean algebraic equations for a small-scale version of stream cipher LEX. Yafu (Yet Another Factorization Utility YAFU software that has implemented integer factoring algorithms - [Official website](https://sites.google.com/site/bbuhrow/) - [Official repository](https://sourceforge.net/projects/yafu/) YAFU (with assistance from other free software) uses the most powerful modern algorithms (and implementations of them) to factor input integers in a completely automated way. Useful for RSA attacks. Msieve Useful library for RSA attacks - [Official repository](https://sourceforge.net/projects/msieve/) Msieve is a C library implementing a suite of algorithms to factor large integers. It contains an implementation of the SIQS and GNFS algorithms. Useful for RSA attacks. CADO-NFS Toolkit for NFS verification - [Official website](http://cado-nfs.gforge.inria.fr) - [Official repository](https://gforge.inria.fr/scm/?group_id=2065) CADO-NFS (Crible Algebrique: Distribution, Optimisation - Number Field Sieve) is a complete implementation in C/C++ of the Number Field Sieve (NFS) algorithm for factoring integers. It consists in various programs corresponding to all the phases of the algorithm, and a general script that runs them, possibly in parallel over a network of computers. sha1collisiondetection Tool that computes SHA-1 hash of given file along with detecting collision attacks against SHA-1 for the given file - Developer: Marc Stevens - [Official repository](https://github.com/cr-marcstevens/sha1collisiondetection) - [Location within this repo](https://github.com/cr-marcstevens/sha1collisiondetection/tree/0572d8a302b1f6...) sha1collisiondetection library and command line tool is designed as near drop-in replacements for common SHA-1 libraries and sha1sum. It will compute the SHA-1 hash of any given file and additionally will detect cryptanalytic collision attacks against SHA-1 present in each file. It is very fast and takes less than twice the amount of time as regular SHA-1. S-function Toolkit Toolkit for differential cryptanalysis of S-functions - Developers: Nicky Mouha, Vesselin Velichkov, Christophe De Cannière, Bart Preneel - [Direct download](http://www.ecrypt.eu.org/tools/uploads/s-function_toolkit_v2.zip) - [Paper](http://www.cosic.esat.kuleuven.be/publications/article-1473.pdf) An increasing number of cryptographic primitives use operations such as addition modulo 2n, multiplication by a constant and bitwise Boolean functions as a source of non-linearity. In NIST’s SHA-3 competition, this applies to 6 out of the 14 second-round candidates. An S-function is a function that calculates the i-th output bit using only the inputs of the i^th bit position and a finite state S[i]. Although S-functions have been analyzed before, this toolkit is the first to present a fully general and efficient framework to determine their differential properties. A precursor of this framework was used in the cryptanalysis of SHA-1. SIMON/SPECK cryptanalysis Cryptanalysis tool for the SIMON and SPECK families of block ciphers - Developers: Martin M. Lauridsen, Hoda A. Alkhzaimi - [Paper](http://link.springer.com/chapter/10.1007/978-3-319-13066-8_6) - [Official Repository](https://github.com/mmeh/simon-speck-cryptanalysis) CryptoSMT A tool for cryptanalysis of symmetric primitives like block ciphers and hash functions - Developers: Stefan Kölbl - [Official Website](http://www2.compute.dtu.dk/%7Estek/cryptosmt.html) - [Official Repository](https://github.com/kste/cryptosmt) - [Location within this repo](https://github.com/kste/cryptosmt/tree/62ecf615eab0cb3e1b966c2d80a03b16687cf...) CryptoSMT is an easy to use tool for cryptanalysis of symmetric primitives likes block ciphers or hash functions. It is based on SMT/SAT solvers like STP, Boolector, CryptoMiniSat and provides a simple framework to use them for cryptanalytic techniques. YAARX - YAARX: Yet Another ARX Toolkit A set of programs for the differential analysis of ARX cryptographic algorithms - Developers: Laboratory of Algorithmic, Cryptology and Security (LACS), University of Luxembourg - [Official Website](http://vesselinux.github.io/yaarx/) - [Official Repository](https://github.com/vesselinux/yaarx) YAARX provides methods for the computation of the differential probabilities of various ARX operations (XOR, modular addition, multiplication, bit shift, bit rotation) as well as of several larger components built from them. YAARX also provides means to search for high-probability differential trails in ARX algorithms in a fully automatic way. The latter has been a notoriously difficult task for ciphers that do not have S-boxes, such as ARX. RSA Tool for CTF RSA Tool for CTF - Retrives private key from weak public key and/or uncipher the data A nice framework that automatically unciphers data from weak public key and try to recover private key using selection of best attacks - Developer: [Twitter](https://twitter.com/G4N4P4T1) - [Official Repository](https://github.com/Ganapati/RsaCtfTool) Mostly used for Crypto related CTF, this framework allows number of different attacks on the RSA including: Weak public key factorization, Wiener's attack, Small public exponent attack, Small q (q < 100,000), Common factor between ciphertext and modulus attack, Fermat's factorisation for close p and q, Gimmicky Primes method, Self-Initializing Quadratic Sieve (SIQS) using Yafu, Common factor attacks across multiple keys, Small fractions method when p/q is close to a small fraction, Boneh Durfee Method when the private exponent d is too small compared to the modulus (i.e d < n^0.292), Elliptic Curve Method. SHA-1 GPU near-collision attacks A repository contains the source code for the near collision attacks on SHA-1 - Developer: Marc Stevens - [Official Repository](https://github.com/cr-marcstevens/sha1_gpu_nearcollisionattacks) The repository that has the sources codes for the SHA-1 collision attacks published in the following papers: [The first collision for full SHA-1](https://eprint.iacr.org/2017/190), [Practical free-start collision attacks on 76-step SHA-1](https://eprint.iacr.org/2015/530) and [Freestart collision for full SHA-1](https://eprint.iacr.org/2015/967). MILP_conditional_cube_attack Repository that contains source codes for Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method - Developer: Zheng Li - [Official Repository](https://github.com/lizhengcn/MILP_conditional_cube_attack) The repository contains the source code for the papers [Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method](https://eprint.iacr.org/2017/804.pdf). Ascon test Repository that contains source codes for Conditional Cube Attack on Round-Reduced ASCON - Developer: Zheng Li - [Official Repository](https://github.com/lizhengcn/Ascon_test) The repository contains the source code for the papers [Conditional Cube Attack on Round-Reduced ASCON](https://eprint.iacr.org/2017/160.pdf). Yoyo Tricks with AES Code that has implementation of the Yoyo trick attacks on AES - Developer: Sondre Rønjom - [Official Repository](https://github.com/sondrer/YoyoTricksAES) The repository contains the source code for the paper [Yoyo Tricks with AES](https://eprint.iacr.org/2017/980.pdf) that was published in AsiaCrypt2017. sboxgates Program for finidng low gate count implementations of S-Boxes - Developer: Marcus Dansarie - [Official Repository](https://github.com/dansarie/sboxgates) The algorithm used in the program is based on [Kwan, Matthew: "Reducing the Gate Count of Bitslice DES." IACR Cryptology ePrint Archive 2000 (2000): 51](https://ia.cr/2000/051), with other improvements. In addition to finding logic circuits using standard (NOT, AND, OR, XOR) gates, the program also supports AND-NOT gates and 3-bit LUTs. SoCracked Performs key-recovery attacks on the SoDark family of algorithms - Developer: Marcus Dansarie - [Official Repository](https://github.com/dansarie/SoCracked) SoCracked performs key-recovery attacks on the SoDark family of ciphers for automatic link establishment (ALE) in HF radios specified in MIL-STD-188-141. Based on [Cryptanalysis of the SoDark family of cipher algorithms](https://doi.org/10945/56118). Cryptanalysis of an image scrambling encryption algorithm (ISEA) Cryptanalysis of an image scrambling encryption algorithm (ISEA) - Developer: Dongdong Lin - [Official Repository](https://github.com/MrDongdongLin/Cryptanalysis_ISEA) The repo contains codes about ciphertext-only attack and known-plaintext attack on ISEA, and codes for calculating Structural Similarity Index (SSIM) of an image based on the paper [Cryptanalyzing an Image-Scrambling Encryption Algorithm of Pixel Bits](http://ieeexplore.ieee.org/document/7999153/) Bucketing Computational Analysis Attack Implementation of the Bucketing Computational Analysis - Developer: Unknown - [Official Repository](https://github.com/Bucketing/BCA-attack) The repository contains the core implementation of the Bucketing Computational Analysis (BCA) and some public white-box cryptographic implementations and the coressponding scripts to perform the BCA. SPARX Differential Attacks Repository for the differential Cryptanalysis of Round-Reduced Sparx 64/128 - Developer: Ralph Ankele - [Official Repository](https://github.com/TheBananaMan/sparx-differential-attacks) The repository contains implementation of the paper [Differential Cryptanalysis of Round-Reduced Sparx-64/128](https://eprint.iacr.org/2018/332) that was presented at ACNS 2018. Attack on 721-round Trivium - Developer: ? - [Official Repository](https://github.com/peterhao89/Analyze721Trivium) Contains the implementation of a key recovery attack on Trivium cipher. Based on the paper [A Key-recovery Attack on 855-round Trivium](https://eprint.iacr.org/2018/198) accepted for Crypto 2018. MILP on SpECK - Developer: Kai Fu - [Official Repository](https://github.com/fukai6/milp_speck) The speck_diff_find and speck_line_find within this repository are the Python framework for automatic differential and linear cryptanalysis based on the paper\ ["MILP-Based Automatic Search Algorithms for Differential and Linear Trails for Speck"](https://www.iacr.org/archive/fse2016/97830255/97830255.pdf) SoCracked Program to perform key-recovery attacks on the SoDark family of algorithms. - Developer: [Marcus Dansarie](https://github.com/dansarie) - [Official Repository](https://github.com/dansarie/SoCracked) This program performs key-recovery attacks on the SoDark family of ciphers for automatic link establishment (ALE) in HF radios specified in MIL-STD-188-141. Based on the thesis [Cryptanalysis of the SoDark family of cipher algorithms](https://calhoun.nps.edu/handle/10945/56118). PEIGEN PEIGEN: a Platform for Evaluation, Implementation, and Generation of S-boxes - Developer: [Project](https://github.com/peigen-sboxes) - [Official Repository](https://github.com/peigen-sboxes/PEIGEN) PEIGEN is a tool for study S-boxes. The S-box is a type of non-linearity cryptographic component, commonly used in symmetric cryptography primitives. A survey on studies of S-boxes and a formal introduction of PEIGEN can be found in the paper [SoK: Peigen – a Platform for Evaluation, Implementation, and Generation of S-boxes](https://eprint.iacr.org/2019/209). Cryptanalysis of Persichetti's One-Time Signature (OTS) Cryptanalysis of Persichetti OTS based on quasi-cyclic codes - Developer: [Deneuville Jean-Christophe](http://www-perso.unilim.fr/deneuville/) - [Official Repository](https://github.com/deneuville/PersichettiOTScryptanalysis) Implementation of the cryptanalysis of the OTS proposed by Persichetti in the paper [Efficient One-Time Signatures from Quasi-Cyclic Codes: a Full Treatment](https://eprint.iacr.org/2017/397). The cryptanalysis is described in the paper [Cryptanalysis of a code-based one-time signature](https://eprint.iacr.org/2018/1205). Key-dependent cube attack on Frit-AE - [Official Repository](https://github.com/qly14/FritAE) Implementation of the Key-dependent cube attack based on the paper by [Key-dependent cube attack on reduced Frit permutation in Duplex-AE modes](https://eprint.iacr.org/2019/170). Extended Expectation Cryptanalysis on Round-reduced AES and Small-AES - [Official Repository](https://github.com/medsec/expectation-cryptanalysis-on-round-reduced-aes) Implementation of expectation cryptanalysis on round-reduced AES and its small-scale version based on the paper [Small Scale Variants of the AES](https://link.springer.com/content/pdf/10.1007/11502760_10.pdf). Cryptanalysis of MORUS Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS - [Official Repository](https://github.com/siweisun/attack_morus) - Developer:[Siwei Sun](https://siweisun.github.io/) Implementation of cryptanalysis on MORUS cipher using coreelation of quadratic boolean function. Based on the paper [Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS](https://eprint.iacr.org/2019/172). Boomerang probablities on Kiasu-BC Implementation of boomerang probabilities attack on Kiasu-BC - [Official Repository](https://github.com/medsec/kiasubc) Three implementations that aims to validate the 6 and 7 round boomerang distinguishers on Kiasu-BC. Based on the paper [Impossible-Differential and Boomerang Cryptanalysis of Round-Reduced Kiasu-BC](https://eprint.iacr.org/2016/1170). Mixture Integral Attacks on Reduced-Round AES Low-data mixture integral distinguishers and attacks on reduced-round AES - Developer: [Markus Schofnegger](https://www.iaik.tugraz.at/content/about_iaik/people/schofnegger_markus/) - [Official Repository](https://github.com/mschof/aes-mixint-analysis) Implementation of Low-data mixture integral distinguishers and later attack on reduced-round AES. Based on the paper [IMixture Integral Attacks on Reduced-Round AES with a Known/Secret S-Box](https://eprint.iacr.org/2019/772). Integral Cryptanalysis of CRAFT Applying MILP method to find integral distinguisher for CRAFT - Developer: [Hosein Hadipour](https://github.com/hadipourh) - [Official Repository](https://github.com/hadipourh/CRAFT-Integral-Distinguisher) This tool is used to find integral distinguisher based on division property for [CRAFT](https://tosc.iacr.org/index.php/ToSC/article/view/7396). Integral Cryptanalysis and Degree Estimation of MIBS Applying MILP method to find integral distinguisher for MIBS - Developer: [Hosein Hadipour](https://github.com/hadipourh) - [Official Repository](https://github.com/hadipourh/MIBS-Integral-Cryptanalysis-Basd-on-Division-Pr...) Applying the MILP method to search bit-based integral distinguishers, and degree estimation of [MIBS](https://link.springer.com/chapter/10.1007%2F978-3-642-10433-6_22) block cipher, using division property.

On 11/9/20, Karl wrote:

https://www.lukbettale.ze.cx/alpath/

Quit fucking lazy top posting one fucking line while block quoting 700l and 21k back out. Learn some fucking email netiquette, including how to split threads off. Bunch of supposed cpunks can't even mail right, what a shame.

On Mon, 9 Nov 2020 19:29:08 -0500 Karl wrote:

i don't really want to be e-mailing this list =( i hope all the people who stopped posting after i started are okay.

Your posts are infinitely better than grarpamp's. The guy is just an unhinged trump spammer and has spammed 100s of messages and prolly 1000s of youtube-twatter-NSA links. Grarpamp complaining about how other people format their posts is just cosmic self-parody.

On Mon, Nov 9, 2020 at 4:42 PM coderman wrote:

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, November 8, 2020 10:59 PM, Stefan Claas wrote: ...

...

maybe interesting for some of you.

https://lists.gnupg.org/pipermail/gnupg-users/2020-November/064301.html

"Maybe someone of you will have luck in the future to find a proper 256 bit string."

lol, maybe!? never give up!! :P

I know ... :-D Seriously, was it ever brought up here on the ML if Bitcoin collider software, run on a cheap VPS for example, would be more interesting to run compared to ASIC miners, which probably produce only 'dust' nowadays due to the high difficulty and are not environment friendly due to high energy consumption? Regards Stefan

On Mon, Nov 9, 2020 at 8:54 PM Karl wrote:

I made an ascii private key once and sent money to it. The money was withdrawn by someone else instantly.

I also read recently that pretty high BTC funds 'changed' it's owner.

Hi Stefan Class,

On Mon, Nov 9, 2020 at 3:44 PM Stefan Claas wrote:

...

Regards Stefan

I'm just an exotic troll, but I wanted to share with you that I believe it is dangerous to reveal your legal name. I believe we need to set a norm of everyone using pseudonymous identities, and accessing networks via more difficult-to-identify means.

The reason is that there are a wide variety of community groups right now, looking for ways to break up and add stress to other community groups. If random people can't associate your name with things as easily, you, your community, and your work, are safer.

What are your thoughts?

Well, my thoughts are (I remember the old Usenet days when cypherpunks used all their real names) if I would start to use now a pseudonym 3rd parties, trained in that area, could easily identify me with the help of software, when collecting threads from various places where cypherpunks, activists etc. post on public places. And in case I would start now (here) under another identity it would be super hard for me to write under a second persona. But in general you are right, people should do that and public places like Mailing Lists should also support injecting messages, via whitelisted anonymous Remailers. Regards Stefan

On Mon, Nov 9, 2020 at 9:21 PM Karl wrote:

...

...

I'm just an exotic troll, but I wanted to share with you that I believe it is dangerous to reveal your legal name. I believe we need snip

What are your thoughts?

Well, my thoughts are (I remember the old Usenet days when cypherpunks used all their real names) if I would start to use now a pseudonym 3rd parties, trained in that area, could easily identify me with the help of software, when collecting threads from various places where cypherpunks, activists etc. post on public places. And in case I would start now (here) under another identity it would be super hard for me to write under a second persona.

Your story of those tools is so interesting. I'm curious if such tools are publically available for less skilled developers to use in identifying the people messing with their communities.

Sorry, I don't know. I only read about it a while ago that such projects exists in the EU and that in the United States, for example, companies exists who train law enforcement etc. in such areas.

...

But in general you are right, people should do that and public places like Mailing Lists should also support injecting messages, via whitelisted anonymous Remailers.

Is there a good place to go to find quick introductions to such things?

If you Google for Mixmaster Remailer it should show some results and to find out about it's successor YAMN you may check out GitHub. Mixmaster4096 can be found on GitHub too. Mixmaster (the old version) was also part of Linux distributions, but recently Debian removed it, IIRC. Regards Stefan

On Mon, Nov 9, 2020 at 10:00 PM Karl wrote:

...

...

...

But in general you are right, people should do that and public places like Mailing Lists should also support injecting messages, via whitelisted anonymous Remailers.

Is there a good place to go to find quick introductions to such things?

If you Google for Mixmaster Remailer it should show some results and to find out about it's successor YAMN you may check out GitHub. Mixmaster4096 can be found on GitHub too.

Mixmaster (the old version) was also part of Linux distributions, but recently Debian removed it, IIRC.

This looks interesting. I'd mirror it from 'crooks' whose username obviously won the attempt to built it to scare targeted people away from using it: ``` Installation from source:- go get github.com/crooks/yamn go get code.google.com/p/go.crypto/nacl/box go get github.com/syndtr/goleveldb go get github.com/luksen/maildir cd ~/go/src/github.com/crooks/yamn go build

Post-install configuration:- Create a dir for yamn. (mkdir yamn) Copy yamn binary (yamn.exe on Windows) to the above dir Copy yamn.cfg.sample to same dir and rename to yamn.cfg Modify yamn.cfg to meet your requirements

Examples:-

Send an anonymous email yamn --mail msg.txt

Use a user-defined chain yamn --mail --chain="*,*,yamn" msg.txt

Send multiple copies yamn --mail --copies=2 msg.txt

Perform remailer functions yamn --remailer

Start a remailer daemon yamn --remailer --daemon ```

I run also two YAMN exit Remailers for a long time, but had to shut them down, due to policy changes of the VPS provider. Here are additional infos about YAMN: https://sec3.net/yamnhelp/ and the currently available pinger services, which you need one from, in order to update stats and pub keys: http://mixmin.net/yamn/ https://cloaked.pw/yamn/ https://www.talcserver.com/yamn/ Regards Stefan

i haven't been following closely, but it seems to me that spam.trap.mailing.lists made a not-presently-debunked comparison between the difficulty of finding a useful collision (goes down with time: more keys to collide with) and the difficulty of solving the proof of work (goes up with time). the linked mailing list has no further posts. i like to imagine everybody too busy making money by finding hash collisions, to post. usually hash collisions are unreasonable to find on a vps, of course. On Mon, Nov 9, 2020 at 7:07 PM grarpamp wrote:

On 11/9/20, Stefan Claas wrote:

...

[Bitcoin...] not environment friendly due to high energy consumption?

Your claim was already thoroughly and entirely debunked. Please stop trying.

On Tue, Nov 10, 2020 at 12:23 AM Karl wrote:

(honestly i am very confused by an assumption of discerning a private key by hope for collision, as a normal thing without explanation or reminder of some new change in technology or research making this reasonable. i can't tell what is real here.)

Why confused? What I described in my OP on the GnuPG ML should be possible today or in the future, even if chances are super minimal. I mean what does Bitcoin Collider Software, like LBC, Brainflayer etc. does? The 256bit HEX values people are looking for, as understood, need also be in a valid range, according to Bitcoin specs. An example collision could look like this if you examine this GnuPG signature (which has a secret Bitcoin key with a positive balance: (seen in a Usenet posting) https://lists.gnupg.org/pipermail/gnupg-users/2020-January/063203.html Regarding research (and GnuPG) people could write for example a program which checks a complete publicity available key server dump for signature packets #2 i.e the once that are only 256bit long and then convert them, keep them in a text file and use a balance checker program ... Regards Stefan