Welcome to ECRYPT II Tools for Cryptography

This website contains a collection of tools related to cryptography. See the overview page for a list of all tools. The about page contains more information on this initiative, and instructions for submitting your own tool. Recently added tools are listed below.

Posted in Info | Comments Off

Sage S-box MILP toolkit

Extension of the Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)

This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. The toolkit generates a Mixed-Integer Linear Programming problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher and solves this using a MILP solver in Sage.

The toolkit includes the implementation in Sage for AES, small AES, Present, Led, mCrypton, Klein and Enocoro.

Posted in Tools | Comments Off

KeccakTools

A set of documented C++ classes to help analyze Keccak-f

KeccakTools is a set of C++ classes aimed at helping analyze the sponge function family Keccak. Version 3.3 is a major update, as it adds important classes and methods related to differential and linear cryptanalysis. These classes and methods were used to obtain the results reported in the paper Differential propagation anaylsis of Keccak presented at FSE 2012 (also available as ePrint 2012/163).

Posted in Tools | Comments Off

S-box MILP toolkit

Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)

This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. The toolkit generates a Mixed-Integer Linear Programming (MILP) problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher. Currently, AES and xAES are implemented (both in the single-key and related-key setting), as well as Enocoro-128v2 (in the related-key setting). The technique is very general, and can be adapted to other ciphers with little effort.

Posted in Tools | Comments Off

Hashclash

Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5

This framework contains tools for the constructions of differential paths for MD5 and SHA-1, including chosen-prefix collisions for MD5.

Posted in Tools | Comments Off

ARX Toolkit

The ARX toolkit is a set of tools to study ARX ciphers and hash functions

The ARX toolkit was presented at the SHA-3 conference in March 2012 in Washington, DC.

Posted in Tools | Comments Off

Information Set Decoding

A tool for information set decoding

This library, written in C++, is reasonably efficient at finding low weight codewords of a linear code using information set decoding.

Posted in Info | Comments Off

S-function Toolkit

Toolkit for the differential cryptanalysis of S-functions

Note: v2 fixes a bug in the probability calculation. This bug does not affect the matrices that are output by the program.
An increasing number of cryptographic primitives use operations such as addition modulo 2n, multiplication by a constant and bitwise Boolean functions as a source of non-linearity. In NIST’s SHA-3 competition, this applies to 6 out of the 14 second-round candidates. We generalize such constructions by introducing the concept of S-functions. An S-function is a function that calculates the i-th output bit using only the inputs of the i-th bit position and a finite state S[i]. Although S-functions have been analyzed before, our toolkit is the first to present a fully general and efficient framework to determine their differential properties. A precursor of this framework was used in the cryptanalysis of SHA-1. We show how to calculate the probability that given input differences lead to given output differences, as well as how to count the number of output differences with non-zero probability. Our methods are rooted in graph theory, and the calculations can be efficiently performed using matrix multiplications. The toolkit also provides a general algorithm to efficiently list the output differences with the highest probability, for a given type of difference and operation.

Posted in Tools | Comments Off

CryptLogVer

Toolkit for SAT-based attacks on cryptographic primitives

CryptLogVer is a toolkit that can be used to mount SAT-based attacks on cryptographic primitives (block ciphers, stream ciphers, hash functions). The main advantage of CryptLogVer is that it greatly simplifies the creation of CNF out of a given crypto primitive. CNF formulas coding crypto primitives are usually very challenging for a SAT solver. Therefore CryptLogVer could be also helpful for SAT community in providing hard CNF instances.

Posted in Tools | Comments Off

Linear Hull Cryptanalysis of PRESENT

A tool to compute linear hulls for PRESENT

This tool computes linear hulls for the original PRESENT cipher. It confirms and even improves on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail.

Posted in Tools | Comments Off

Automated Algebraic Cryptanalysis

A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers

A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers. Three tests have been implemented and the best results have led to continued work on a computational cluster. Our best results show nonrandomness in Trivium up to 1070 rounds (out of 1152), and in the full Grain-128 with 256 rounds.

Posted in Tools | Comments Off