https://www.lukbettale.ze.cx/alpath/
On Mon, Nov 9, 2020 at 1:12 PM coderman <[email protected]> wrote: > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Monday, November 9, 2020 5:29 PM, Karl [email protected] wrote: > > > > What's the best open source software near analytically reversing > cryptographic equations? > > > > there are a number of different cryptanalytic attacks you can mount against a > cryptosystem. so depending on how you want to attack, some of these may be > useful: > > https://github.com/Deadlyelder/Tools-for-Cryptanalysis > > Crypto-Tools > > A curated list of cryptography and cryptanalysis related tools and libraries. > > Motivation > > The motivation of curating a list of cryptography and cryptanalysis related > tools was born from desire to have a centralized point where all such tools > can be found. Attempts will be made to keep it updated as frequently as > possible. If you find any tools/library that are missing feel free to > contribute. > > Contents > > Lineartrails > > KeccakTools > > S-Box Mixed-Integer Linear Programming tool > > HashClash > > ARX Toolkit > > Information Set Decoding > > Linear Hull Cryptanalysis PRESENT > > CodingTool Library > > Grain of Salt > > SYMAES > > Automated Algebric Cryptanalysis > > Algebraic Preimage Attack on Hash functions > > Lex Toolkit > > Yafu > > Msieve > > CADO-NFS > > sha1collisiondetection > > S-function Toolkit > > SIMON/SPECK Cryptanalysis > > CryptoSMT > > YAARX > > CTF Tool > > SHA-1 GPU near-collision attacks > > Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method > > Conditional Cube Attack on Round-Reduced ASCON > > Yoyo Tricks with AES > > sboxgates > > SoCracked key-recovery attack on SoDark > > Cryptanalysis of ISEA > > Bucketing Computational Analysis Attack > > SPARX Differential Attacks > > Attack on 721-round Trivium > > MILP on SPECK > > SoCracked > > Peigen SBoxes > > Cryptanalysis of Persichetti's One-Time Signature (OTS) > > Key-dependent cube attack on Frit-AE > > Extended Expectation Cryptanalysis on Round-reduced AES and Small-AES > > Cryptanalysis of MORUS > > Boomerang probablities on Kiasu-BC > > Mixture Integral Attacks on Reduced-Round AES > > Integral Cryptanalysis of CRAFT > > Integral Cryptanalysis of MIBS > > License > > > lineartrails > > Tool to automatically search for linear characteristics > > Developers: Christoph Dobraunig, Maria Eichlseder, Florian Mendel > Official Repository > > A tool that searches for linear characteristics for given S-Box. The tool was > born from the paper Heuristic Tool for Linear Cryptanalysis with Applications > to CAESAR Candidates. > > > KeccakTools > > A set of C++ classes that can help analyze the Keccak sponge function family > > Developers: Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Assche > Direct download > Official website > > KeccakTools is a set of C++ classes aimed as an assistant in analyzing the > sponge function family Keccak. These classes and methods were used to obtain > the results reported in the paper Differential propagation analysis of Keccak > presented at FSE 2012 (available here IACR ePrint 2012/163). > > > S-Box Mixed-Integer Linear Programming tool > > Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming > (MILP) > > Developer: Nicky Mouha > Direct download > Location within this repository > > This toolkit can be used to prove the security of cryptographic ciphers > against linear and differential cryptanalysis. This toolkit generates > Mixed-Integer Linear Programming problem which counts the minimum number of > (linearly or differentially) active S-boxes for a given cipher. The toolkit > currently supports AES and xAES (both in the single-key and related-key > setting), as well as Enocoro-128v2 (in the related-key setting). The paper > that introduced this toolkit is available online. > > > HashClash > > Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix > Collisions for MD5 > > Developer: Marc Stevens > Official website > > This framework contains tools for the constructions of differential paths for > MD5 and SHA-1, including chosen-prefix collisions for MD5. > > > ARX Toolkit > > The ARX toolkit is a set of tools to study ARX ciphers and hash functions > > Developer: Gaetan Leurent > Official website > > The ARX toolkit is a set of tools to study ARX ciphers and hash functions. > This toolkit was presented at the SHA-3 conference in March 2012. > > > Information Set Decoding > > A tool for information set decoding > > Developers: Unknown? > Official source > Location within this repo > > This library, written in C++ that is efficient at finding low weight > codewords of a linear code using information set decoding. > > > Linear Hull Cryptanalysis of PRESENT > > A tool to compute linear hulls for PRESENT cipher > > Developer: Bingsheng Zhang > Direct download > Paper > Location within this repo > > This tool computes linear hulls for the original PRESENT cipher. It confirms > and even improves on the predicted bias (and the corresponding attack > complexities) of conventional linear relations based on a single linear trail. > > > CodingTool Library > > Tool for cryptanalysis based on coding theory > > Developer: Tomislav Nad > Direct download > Official website > Location within this repo > > The CodingTool library is a collection of tools to use techniques from coding > theory in cryptanalysis. The core part is an implementation of a > probabilistic algorithm to search for code words with low Hamming weight. > Additional functionalities like shortening and puncturing of a linear code or > adding a weight to each bit of a code word are implemented. Furthermore, the > library provides data structures to assist the user in creating a linear code > for a specific problem. An easy to use interface to the provided algorithms, > powerful data structures and a command line parser reduces the implementation > work of a cryptanalyst to a minimum. > > > Grain of Salt > > An automated way to test stream ciphers through SAT solvers > > Developer: Mate Soos > Official website > Location within this repo > > Grain of Salt is a tool developed to automatically test stream ciphers > against standard SAT solver-based attacks. The tool takes as input a set of > configuration options and the definition of each filter and feedback function > of the stream cipher. It outputs a problem in the language of SAT solvers > describing the cipher. The tool can automatically generate SAT problem > instances for Crypto-1, HiTag2, Grain, Bivium-B and Trivium. > > > SYMAES > > A Fully Symbolic Polynomial System Generator for AES-128 > > Developers: Vesselin Velichkov, Vincent Rijmen, Bart Preneel > Paper > > SYMAES is a software tool that generates a system of polynomials in GF(2), > corresponding to the round transformation and key schedule of the block > cipher AES-128. > > > Automated Algebraic Cryptanalysis > > A simple tool for the automatic algebraic cryptanalysis of a large array of > stream- and block ciphers > > Developer: Paul Stankovski > Official website > Direct download: Windows Executable, Linux Executable, C code > > A simple tool for the automatic algebraic cryptanalysis of a large array of > stream and block ciphers. Three tests have been implemented and the best > results have led to continued work on a computational cluster. > > > Algebraic Preimage Attack on Hash functions (AlPAtH) > > A software framework AlPAtH (Algebraic Preimage Attack on Hash functions) to > run algebraic attacks on hash function > > Developer: Luk Bettale > Official website > Location within this repo > > AlPAtH is a software framework to run algebraic attacks on hash functions. > This framework is intended to run algebraic attacks on hash functions, but > could be extended to any kind of ciphers (block, stream). It provides a > framework to generate equations, solve these equations and interpret the > results. > > > Lex Toolkit > > A Tool for Algebraic Analysis of Stream Cipher LEX > > Developer: V. Velichkov, V. Rijmen, and B. Preneel > Official Repository > Location within this repo > > The Lex Toolkit is a collection of Python programs for the computer algebra > system Sage. The programs generate Boolean algebraic equations for a > small-scale version of stream cipher LEX. > > > Yafu (Yet Another Factorization Utility > > YAFU software that has implemented integer factoring algorithms > > Official website > Official repository > > YAFU (with assistance from other free software) uses the most powerful modern > algorithms (and implementations of them) to factor input integers in a > completely automated way. Useful for RSA attacks. > > > Msieve > > Useful library for RSA attacks > > Official repository > > Msieve is a C library implementing a suite of algorithms to factor large > integers. It contains an implementation of the SIQS and GNFS algorithms. > Useful for RSA attacks. > > > CADO-NFS > > Toolkit for NFS verification > > Official website > Official repository > > CADO-NFS (Crible Algebrique: Distribution, Optimisation - Number Field Sieve) > is a complete implementation in C/C++ of the Number Field Sieve (NFS) > algorithm for factoring integers. It consists in various programs > corresponding to all the phases of the algorithm, and a general script that > runs them, possibly in parallel over a network of computers. > > > sha1collisiondetection > > Tool that computes SHA-1 hash of given file along with detecting collision > attacks against SHA-1 for the given file > > Developer: Marc Stevens > Official repository > Location within this repo > > sha1collisiondetection library and command line tool is designed as near > drop-in replacements for common SHA-1 libraries and sha1sum. It will compute > the SHA-1 hash of any given file and additionally will detect cryptanalytic > collision attacks against SHA-1 present in each file. It is very fast and > takes less than twice the amount of time as regular SHA-1. > > > S-function Toolkit > > Toolkit for differential cryptanalysis of S-functions > > Developers: Nicky Mouha, Vesselin Velichkov, Christophe De Cannière, Bart > Preneel > Direct download > Paper > > An increasing number of cryptographic primitives use operations such as > addition modulo 2n, multiplication by a constant and bitwise Boolean > functions as a source of non-linearity. In NIST’s SHA-3 competition, this > applies to 6 out of the 14 second-round candidates. An S-function is a > function that calculates the i-th output bit using only the inputs of the > i^th bit position and a finite state S[i]. Although S-functions have been > analyzed before, this toolkit is the first to present a fully general and > efficient framework to determine their differential properties. A precursor > of this framework was used in the cryptanalysis of SHA-1. > > > SIMON/SPECK cryptanalysis > > Cryptanalysis tool for the SIMON and SPECK families of block ciphers > > Developers: Martin M. Lauridsen, Hoda A. Alkhzaimi > Paper > Official Repository > > > CryptoSMT > > A tool for cryptanalysis of symmetric primitives like block ciphers and hash > functions > > Developers: Stefan Kölbl > Official Website > Official Repository > Location within this repo > > CryptoSMT is an easy to use tool for cryptanalysis of symmetric primitives > likes block ciphers or hash functions. It is based on SMT/SAT solvers like > STP, Boolector, CryptoMiniSat and provides a simple framework to use them for > cryptanalytic techniques. > > > YAARX - YAARX: Yet Another ARX Toolkit > > A set of programs for the differential analysis of ARX cryptographic > algorithms > > Developers: Laboratory of Algorithmic, Cryptology and Security (LACS), > University of Luxembourg > Official Website > Official Repository > > YAARX provides methods for the computation of the differential probabilities > of various ARX operations (XOR, modular addition, multiplication, bit shift, > bit rotation) as well as of several larger components built from them. YAARX > also provides means to search for high-probability differential trails in ARX > algorithms in a fully automatic way. The latter has been a notoriously > difficult task for ciphers that do not have S-boxes, such as ARX. > > > RSA Tool for CTF > > RSA Tool for CTF - Retrives private key from weak public key and/or uncipher > the data > > A nice framework that automatically unciphers data from weak public key and > try to recover private key using selection of best attacks > > Developer: Twitter > Official Repository > > Mostly used for Crypto related CTF, this framework allows number of different > attacks on the RSA including: Weak public key factorization, Wiener's attack, > Small public exponent attack, Small q (q < 100,000), Common factor between > ciphertext and modulus attack, Fermat's factorisation for close p and q, > Gimmicky Primes method, Self-Initializing Quadratic Sieve (SIQS) using Yafu, > Common factor attacks across multiple keys, Small fractions method when p/q > is close to a small fraction, Boneh Durfee Method when the private exponent d > is too small compared to the modulus (i.e d < n^0.292), Elliptic Curve Method. > > > SHA-1 GPU near-collision attacks > > A repository contains the source code for the near collision attacks on SHA-1 > > Developer: Marc Stevens > Official Repository > > The repository that has the sources codes for the SHA-1 collision attacks > published in the following papers: The first collision for full SHA-1, > Practical free-start collision attacks on 76-step SHA-1 and Freestart > collision for full SHA-1. > > > MILP_conditional_cube_attack > > Repository that contains source codes for Improved Conditional Cube Attacks > on Keccak Key Modes with MILP Method > > Developer: Zheng Li > Official Repository > > The repository contains the source code for the papers Improved Conditional > Cube Attacks on Keccak Keyed Modes with MILP Method. > > > Ascon test > > Repository that contains source codes for Conditional Cube Attack on > Round-Reduced ASCON > > Developer: Zheng Li > Official Repository > > The repository contains the source code for the papers Conditional Cube > Attack on Round-Reduced ASCON. > > > Yoyo Tricks with AES > > Code that has implementation of the Yoyo trick attacks on AES > > Developer: Sondre Rønjom > Official Repository > > The repository contains the source code for the paper Yoyo Tricks with AES > that was published in AsiaCrypt2017. > > > sboxgates > > Program for finidng low gate count implementations of S-Boxes > > Developer: Marcus Dansarie > Official Repository > > The algorithm used in the program is based on Kwan, Matthew: "Reducing the > Gate Count of Bitslice DES." IACR Cryptology ePrint Archive 2000 (2000): 51, > with other improvements. In addition to finding logic circuits using standard > (NOT, AND, OR, XOR) gates, the program also supports AND-NOT gates and 3-bit > LUTs. > > > SoCracked > > Performs key-recovery attacks on the SoDark family of algorithms > > Developer: Marcus Dansarie > Official Repository > > SoCracked performs key-recovery attacks on the SoDark family of ciphers for > automatic link establishment (ALE) in HF radios specified in MIL-STD-188-141. > Based on Cryptanalysis of the SoDark family of cipher algorithms. > > > Cryptanalysis of an image scrambling encryption algorithm (ISEA) > > Cryptanalysis of an image scrambling encryption algorithm (ISEA) > > Developer: Dongdong Lin > Official Repository > > The repo contains codes about ciphertext-only attack and known-plaintext > attack on ISEA, and codes for calculating Structural Similarity Index (SSIM) > of an image based on the paper Cryptanalyzing an Image-Scrambling Encryption > Algorithm of Pixel Bits > > > Bucketing Computational Analysis Attack > > Implementation of the Bucketing Computational Analysis > > Developer: Unknown > Official Repository > > The repository contains the core implementation of the Bucketing > Computational Analysis (BCA) and some public white-box cryptographic > implementations and the coressponding scripts to perform the BCA. > > > SPARX Differential Attacks > > Repository for the differential Cryptanalysis of Round-Reduced Sparx 64/128 > > Developer: Ralph Ankele > Official Repository > > The repository contains implementation of the paper Differential > Cryptanalysis of Round-Reduced Sparx-64/128 that was presented at ACNS 2018. > > > Attack on 721-round Trivium > > Developer: ? > Official Repository > > Contains the implementation of a key recovery attack on Trivium cipher. Based > on the paper A Key-recovery Attack on 855-round Trivium accepted for Crypto > 2018. > > > MILP on SpECK > > Developer: Kai Fu > Official Repository > > The speck_diff_find and speck_line_find within this repository are the Python > framework for automatic differential and linear cryptanalysis based on the > paper\ "MILP-Based Automatic Search Algorithms for Differential and Linear > Trails for Speck" > > > SoCracked > > Program to perform key-recovery attacks on the SoDark family of algorithms. > > Developer: Marcus Dansarie > Official Repository > > This program performs key-recovery attacks on the SoDark family of ciphers > for automatic link establishment (ALE) in HF radios specified in > MIL-STD-188-141. Based on the thesis Cryptanalysis of the SoDark family of > cipher algorithms. > > > PEIGEN > > PEIGEN: a Platform for Evaluation, Implementation, and Generation of S-boxes > > Developer: Project > Official Repository > > PEIGEN is a tool for study S-boxes. The S-box is a type of non-linearity > cryptographic component, commonly used in symmetric cryptography primitives. > A survey on studies of S-boxes and a formal introduction of PEIGEN can be > found in the paper SoK: Peigen – a Platform for Evaluation, Implementation, > and Generation of S-boxes. > > > Cryptanalysis of Persichetti's One-Time Signature (OTS) > > Cryptanalysis of Persichetti OTS based on quasi-cyclic codes > > Developer: Deneuville Jean-Christophe > Official Repository > > Implementation of the cryptanalysis of the OTS proposed by Persichetti in the > paper Efficient One-Time Signatures from Quasi-Cyclic Codes: a Full > Treatment. The cryptanalysis is described in the paper Cryptanalysis of a > code-based one-time signature. > > > Key-dependent cube attack on Frit-AE > > Official Repository > > Implementation of the Key-dependent cube attack based on the paper by > Key-dependent cube attack on reduced Frit permutation in Duplex-AE modes. > > > Extended Expectation Cryptanalysis on Round-reduced AES and Small-AES > > Official Repository > > Implementation of expectation cryptanalysis on round-reduced AES and its > small-scale version based on the paper Small Scale Variants of the AES. > > > Cryptanalysis of MORUS > > Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of > Full MORUS > > Official Repository > Developer:Siwei Sun > > Implementation of cryptanalysis on MORUS cipher using coreelation of > quadratic boolean function. Based on the paper Correlation of Quadratic > Boolean Functions: Cryptanalysis of All Versions of Full MORUS. > > > Boomerang probablities on Kiasu-BC > > Implementation of boomerang probabilities attack on Kiasu-BC > > Official Repository > > Three implementations that aims to validate the 6 and 7 round boomerang > distinguishers on Kiasu-BC. Based on the paper Impossible-Differential and > Boomerang Cryptanalysis of Round-Reduced Kiasu-BC. > > > Mixture Integral Attacks on Reduced-Round AES > > Low-data mixture integral distinguishers and attacks on reduced-round AES > > Developer: Markus Schofnegger > Official Repository > > Implementation of Low-data mixture integral distinguishers and later attack > on reduced-round AES. Based on the paper IMixture Integral Attacks on > Reduced-Round AES with a Known/Secret S-Box. > > > Integral Cryptanalysis of CRAFT > > Applying MILP method to find integral distinguisher for CRAFT > > Developer: Hosein Hadipour > Official Repository > > This tool is used to find integral distinguisher based on division property > for CRAFT. > > > Integral Cryptanalysis and Degree Estimation of MIBS > > Applying MILP method to find integral distinguisher for MIBS > > Developer: Hosein Hadipour > Official Repository > > Applying the MILP method to search bit-based integral distinguishers, and > degree estimation of MIBS block cipher, using division property. > >
