This website contains a collection of tools related to cryptography. See the overview page for a list of all tools. The about page contains more information on this initiative, and instructions for submitting your own tool. Recently added tools are listed below.
Extension of the Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)
This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. The toolkit generates a Mixed-Integer Linear Programming problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher and solves this using a MILP solver in Sage.
The toolkit includes the implementation in Sage for AES, small AES, Present, Led, mCrypton, Klein and Enocoro.
A set of documented C++ classes to help analyze Keccak-f
KeccakTools is a set of C++ classes aimed at helping analyze the sponge function family Keccak. Version 3.3 is a major update, as it adds important classes and methods related to differential and linear cryptanalysis. These classes and methods were used to obtain the results reported in the paper Differential propagation anaylsis of Keccak presented at FSE 2012 (also available as ePrint 2012/163).
Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)
This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. The toolkit generates a Mixed-Integer Linear Programming (MILP) problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher. Currently, AES and xAES are implemented (both in the single-key and related-key setting), as well as Enocoro-128v2 (in the related-key setting). The technique is very general, and can be adapted to other ciphers with little effort.
Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5
This framework contains tools for the constructions of differential paths for MD5 and SHA-1, including chosen-prefix collisions for MD5.
The ARX toolkit is a set of tools to study ARX ciphers and hash functions
The ARX toolkit was presented at the SHA-3 conference in March 2012 in Washington, DC.
A tool for information set decoding
This library, written in C++, is reasonably efficient at finding low weight codewords of a linear code using information set decoding.
Toolkit for the differential cryptanalysis of S-functions
Note: v2 fixes a bug in the probability calculation. This bug does not affect the matrices that are output by the program.
An increasing number of cryptographic primitives use operations such as addition modulo 2n, multiplication by a constant and bitwise Boolean functions as a source of non-linearity. In NIST’s SHA-3 competition, this applies to 6 out of the 14 second-round candidates. We generalize such constructions by introducing the concept of S-functions. An S-function is a function that calculates the i-th output bit using only the inputs of the i-th bit position and a finite state S[i]. Although S-functions have been analyzed before, our toolkit is the first to present a fully general and efficient framework to determine their differential properties. A precursor of this framework was used in the cryptanalysis of SHA-1. We show how to calculate the probability that given input differences lead to given output differences, as well as how to count the number of output differences with non-zero probability. Our methods are rooted in graph theory, and the calculations can be efficiently performed using matrix multiplications. The toolkit also provides a general algorithm to efficiently list the output differences with the highest probability, for a given type of difference and operation.
Toolkit for SAT-based attacks on cryptographic primitives
CryptLogVer is a toolkit that can be used to mount SAT-based attacks on cryptographic primitives (block ciphers, stream ciphers, hash functions). The main advantage of CryptLogVer is that it greatly simplifies the creation of CNF out of a given crypto primitive. CNF formulas coding crypto primitives are usually very challenging for a SAT solver. Therefore CryptLogVer could be also helpful for SAT community in providing hard CNF instances.
A tool to compute linear hulls for PRESENT
This tool computes linear hulls for the original PRESENT cipher. It confirms and even improves on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail.
A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers
A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers. Three tests have been implemented and the best results have led to continued work on a computational cluster. Our best results show nonrandomness in Trivium up to 1070 rounds (out of 1152), and in the full Grain-128 with 256 rounds.