A Fully Symbolic Polynomial System Generator for AES-128
SYMAES is a software tool that generates a system of polynomials in GF(2), corresponding to the round transformation and key schedule of the block cipher AES-128. Test vectors were added in v1.1.
Tools for the algebraic cryptanalysis of cryptographic primitives
Algebraic cryptanalysis of cryptographic primitives such as block ciphers, stream ciphers and hash functions usually proceeds in two steps. (A) The algorithm is expressed as a system of multi-variate equations F over some field (usually F2). (B) The system F is solved using some technique such as Grëbner basis algorithms, SAT solvers or mixed integer programming solvers. We provide scripts and tools for the mathematics software Sage to construct polynomial systems of equations for various block ciphers and conversion routines from algebraic normal form (ANF) to conjunctive normal form (CNF) and mixed integer programmes.
A tool for multivariate cryptography
An algorithmic tool for the cryptanalysis of multivariate cryptosystems. The algorithm is a hybrid approach that mixes exhaustive search with classical Gröbner bases computation to solve multivariate polynomial systems over a finite field. Depending on the size of the field, the method is an improvement on existing techniques. For usual parameters of multivariate schemes, the method is effective.
An automated way to test stream ciphers through SAT solvers
Grain of Salt is a tool developed to automatically test stream ciphers against standard SAT solver-based attacks. The tool takes as input a set of configuration options and the definition of each filter and feedback function of the stream cipher. It outputs a problem in the language of SAT solvers describing the cipher. The tool can automatically generate SAT problem instances for Crypto-1, HiTag2, Grain, Bivium-B and Trivium. In addition, through a simple text-based interface it can be extended to generate problems for any stream cipher that employs shift registers, feedback and filter functions to carry out its work.
Free open-source mathematics software system, also containing many modules for cryptography
Sage is a free open-source mathematics software system licensed under the GPL. It combines the power of many existing open-source packages into a common Python-based interface. It also contains modules to perform both basic and more advanced computations in cryptography and cryptanalysis.
Tool for cryptanalysis based on coding theory
The CodingTool library is a new collection of tools to use techniques from coding theory in cryptanalysis. It is completely independent from other libraries and can be used on Unix and Windows platforms. It benefits from the 64-bit architecture in terms of speed. The core part is an implementation of a probabilistic algorithm to search for code words with low Hamming weight. Additional functionalities like shortening and puncturing of a linear code or adding a weight to each bit of a code word are implemented. Furthermore, the library provides data structures to assist the user in creating a linear code for a specific problem. An easy to use interface to the provided algorithms, powerful data structures and a command line parser reduces the implementation work of a cryptanalyst to a minimum.
Simulating Algebraic Side-Channel Attacks (ASCA)
ASCAtoCNF is a tool that provides the user with a quick way to simulate an ASCA with a data complexity of 1 to 9. The user specifies the target block cipher (PRESENT or the AES), the plaintext and secret key used. To simulate the side-channel recovery phase, the user chooses which operations of the block cipher are leaking information (for example: all the substitution operations from round 5 to 9). The side-channel recovery phase is assumed to be perfect (all recovered side-channel information is correct), but the user can make the attack harder by reducing the quantity of available side- channel information. The leakage model is the Hamming weight model on 8 bits: the adversary is assumed to recover the Hamming weight values of the data processed by the device during the specified leaking operations. The generated SAT problem can then be solved by a SAT solver like MiniSAT. With this tool, one can easily try various configurations of known leakages and study the impact of these configurations on the time complexity of the ASCA.
