A repository that aims to provide tools for cryptography and cryptanalysis
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
Ascon_test @ 285ba8e
MILP_conditional_cube_attack @ 2000fbc
PRESENT Linear Hull
S-Box MILP tool
S-function toolkit
YoyoTricksAES @ 8200808
cado-nfs @ 32b7241
cryptosmt @ 62ecf61
grainofsalt @ f82b2a2
isd @ db3bbe7
lextool @ 0dc488f
sha1_gpu_nearcollisionattacks @ bcdc2b7
sha1collisiondetection @ 0572d8a
simon-speck-cryptanalysis @ dd13e56
symaes @ 071ca80



A curated list of cryptography and cryptanalysis related tools and libraries.


The motivation of curating a list of cryptography and cryptanalysis related tools was born from desire to have a centralized point where all such tools can be found. Attempts will be made to keep it updated as frequently as possible. If you find any tools/library that are missing feel free to contribute.


  1. Lineartrails

  2. KeccakTools

  3. S-Box Mixed-Integer Linear Programming tool

  4. HashClash

  5. ARX Toolkit

  6. Information Set Decoding

  7. Linear Hull Cryptanalysis PRESENT

  8. CodingTool Library

  9. Grain of Salt

  10. SYMAES

  11. Automated Algebric Cryptanalysis

  12. Algebraic Preimage Attack on Hash functions

  13. Lex Toolkit

  14. Yafu

  15. Msieve

  16. CADO-NFS

  17. sha1collisiondetection

  18. S-function Toolkit

  19. SIMON/SPECK Cryptanalysis

  20. CryptoSMT

  21. YAARX

  22. CTF Tool

  23. SHA-1 GPU near-collision attacks

  24. Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method

  25. Conditional Cube Attack on Round-Reduced ASCON

  26. Yoyo Tricks with AES

  27. sboxgates

  28. SoCracked key-recovery attack on SoDark

  29. Cryptanalysis of ISEA

  30. Bucketing Computational Analysis Attack

  31. SPARX Differential Attacks

  32. License


Tool to automatically search for linear characteristics

A tool that searches for linear characteristics for given S-Box. The tool was born from the paper Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates.


A set of C++ classes that can help analyze the Keccak sponge function family

KeccakTools is a set of C++ classes aimed as an assistant in analyzing the sponge function family Keccak. These classes and methods were used to obtain the results reported in the paper Differential propagation analysis of Keccak presented at FSE 2012 (available here IACR ePrint 2012/163).

S-Box Mixed-Integer Linear Programming tool

Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)

This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. This toolkit generates Mixed-Integer Linear Programming problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher. The toolkit currently supports AES and xAES (both in the single-key and related-key setting), as well as Enocoro-128v2 (in the related-key setting). The paper that introduced this toolkit is available online.


Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5

This framework contains tools for the constructions of differential paths for MD5 and SHA-1, including chosen-prefix collisions for MD5.

ARX Toolkit

The ARX toolkit is a set of tools to study ARX ciphers and hash functions

The ARX toolkit is a set of tools to study ARX ciphers and hash functions. This toolkit was presented at the SHA-3 conference in March 2012.

Information Set Decoding

A tool for information set decoding

This library, written in C++ that is efficient at finding low weight codewords of a linear code using information set decoding.

Linear Hull Cryptanalysis of PRESENT

A tool to compute linear hulls for PRESENT cipher

This tool computes linear hulls for the original PRESENT cipher. It confirms and even improves on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail.

CodingTool Library

Tool for cryptanalysis based on coding theory

The CodingTool library is a collection of tools to use techniques from coding theory in cryptanalysis. The core part is an implementation of a probabilistic algorithm to search for code words with low Hamming weight. Additional functionalities like shortening and puncturing of a linear code or adding a weight to each bit of a code word are implemented. Furthermore, the library provides data structures to assist the user in creating a linear code for a specific problem. An easy to use interface to the provided algorithms, powerful data structures and a command line parser reduces the implementation work of a cryptanalyst to a minimum.

Grain of Salt

An automated way to test stream ciphers through SAT solvers

Grain of Salt is a tool developed to automatically test stream ciphers against standard SAT solver-based attacks. The tool takes as input a set of configuration options and the definition of each filter and feedback function of the stream cipher. It outputs a problem in the language of SAT solvers describing the cipher. The tool can automatically generate SAT problem instances for Crypto-1, HiTag2, Grain, Bivium-B and Trivium.


A Fully Symbolic Polynomial System Generator for AES-128

  • Developers: Vesselin Velichkov, Vincent Rijmen, Bart Preneel
  • Paper

SYMAES is a software tool that generates a system of polynomials in GF(2), corresponding to the round transformation and key schedule of the block cipher AES-128.

Automated Algebraic Cryptanalysis

A simple tool for the automatic algebraic cryptanalysis of a large array of stream- and block ciphers

A simple tool for the automatic algebraic cryptanalysis of a large array of stream and block ciphers. Three tests have been implemented and the best results have led to continued work on a computational cluster.

Algebraic Preimage Attack on Hash functions (AlPAtH)

A software framework AlPAtH (Algebraic Preimage Attack on Hash functions) to run algebraic attacks on hash function

AlPAtH is a software framework to run algebraic attacks on hash functions. This framework is intended to run algebraic attacks on hash functions, but could be extended to any kind of ciphers (block, stream). It provides a framework to generate equations, solve these equations and interpret the results.

Lex Toolkit

A Tool for Algebraic Analysis of Stream Cipher LEX

The Lex Toolkit is a collection of Python programs for the computer algebra system Sage. The programs generate Boolean algebraic equations for a small-scale version of stream cipher LEX.

Yafu (Yet Another Factorization Utility

YAFU software that has implemented integer factoring algorithms

YAFU (with assistance from other free software) uses the most powerful modern algorithms (and implementations of them) to factor input integers in a completely automated way. Useful for RSA attacks.


Useful library for RSA attacks

Msieve is a C library implementing a suite of algorithms to factor large integers. It contains an implementation of the SIQS and GNFS algorithms. Useful for RSA attacks.


Toolkit for NFS verification

CADO-NFS (Crible Algebrique: Distribution, Optimisation - Number Field Sieve) is a complete implementation in C/C++ of the Number Field Sieve (NFS) algorithm for factoring integers. It consists in various programs corresponding to all the phases of the algorithm, and a general script that runs them, possibly in parallel over a network of computers.


Tool that computes SHA-1 hash of given file along with detecting collision attacks against SHA-1 for the given file

sha1collisiondetection library and command line tool is designed as near drop-in replacements for common SHA-1 libraries and sha1sum. It will compute the SHA-1 hash of any given file and additionally will detect cryptanalytic collision attacks against SHA-1 present in each file. It is very fast and takes less than twice the amount of time as regular SHA-1.

S-function Toolkit

Toolkit for differential cryptanalysis of S-functions

  • Developers: Nicky Mouha, Vesselin Velichkov, Christophe De Cannière, Bart Preneel
  • Direct download
  • Paper

An increasing number of cryptographic primitives use operations such as addition modulo 2n, multiplication by a constant and bitwise Boolean functions as a source of non-linearity. In NIST’s SHA-3 competition, this applies to 6 out of the 14 second-round candidates. An S-function is a function that calculates the i-th output bit using only the inputs of the i^th bit position and a finite state S[i]. Although S-functions have been analyzed before, this toolkit is the first to present a fully general and efficient framework to determine their differential properties. A precursor of this framework was used in the cryptanalysis of SHA-1.

SIMON/SPECK cryptanalysis

Cryptanalysis tool for the SIMON and SPECK families of block ciphers


A tool for cryptanalysis of symmetric primitives like block ciphers and hash functions

CryptoSMT is an easy to use tool for cryptanalysis of symmetric primitives likes block ciphers or hash functions. It is based on SMT/SAT solvers like STP, Boolector, CryptoMiniSat and provides a simple framework to use them for cryptanalytic techniques.

YAARX - YAARX: Yet Another ARX Toolkit

A set of programs for the differential analysis of ARX cryptographic algorithms

YAARX provides methods for the computation of the differential probabilities of various ARX operations (XOR, modular addition, multiplication, bit shift, bit rotation) as well as of several larger components built from them. YAARX also provides means to search for high-probability differential trails in ARX algorithms in a fully automatic way. The latter has been a notoriously difficult task for ciphers that do not have S-boxes, such as ARX.

RSA Tool for CTF

RSA Tool for CTF - Retrives private key from weak public key and/or uncipher the data

A nice framework that automatically unciphers data from weak public key and try to recover private key using selection of best attacks

Mostly used for Crypto related CTF, this framework allows number of different attacks on the RSA including: Weak public key factorization, Wiener's attack, Small public exponent attack, Small q (q < 100,000), Common factor between ciphertext and modulus attack, Fermat's factorisation for close p and q, Gimmicky Primes method, Self-Initializing Quadratic Sieve (SIQS) using Yafu, Common factor attacks across multiple keys, Small fractions method when p/q is close to a small fraction, Boneh Durfee Method when the private exponent d is too small compared to the modulus (i.e d < n^0.292), Elliptic Curve Method.

SHA-1 GPU near-collision attacks

A repository contains the source code for the near collision attacks on SHA-1

The repository that has the sources codes for the SHA-1 collision attacks published in the following papers: The first collision for full SHA-1, Practical free-start collision attacks on 76-step SHA-1 and Freestart collision for full SHA-1.


Repository that contains source codes for Improved Conditional Cube Attacks on Keccak Key Modes with MILP Method

The repository contains the source code for the papers Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method.

Ascon test

Repository that contains source codes for Conditional Cube Attack on Round-Reduced ASCON

The repository contains the source code for the papers Conditional Cube Attack on Round-Reduced ASCON.

Yoyo Tricks with AES

Code that has implementation of the Yoyo trick attacks on AES

The repository contains the source code for the paper Yoyo Tricks with AES that was published in AsiaCrypt2017.


Program for finidng low gate count implementations of S-Boxes

The algorithm used in the program is based on Kwan, Matthew: "Reducing the Gate Count of Bitslice DES." IACR Cryptology ePrint Archive 2000 (2000): 51, with other improvements. In addition to finding logic circuits using standard (NOT, AND, OR, XOR) gates, the program also supports AND-NOT gates and 3-bit LUTs.


Performs key-recovery attacks on the SoDark family of algorithms

SoCracked performs key-recovery attacks on the SoDark family of ciphers for automatic link establishment (ALE) in HF radios specified in MIL-STD-188-141. Based on Cryptanalysis of the SoDark family of cipher algorithms.

Cryptanalysis of an image scrambling encryption algorithm (ISEA)

Cryptanalysis of an image scrambling encryption algorithm (ISEA)

The repo contains codes about ciphertext-only attack and known-plaintext attack on ISEA, and codes for calculating Structural Similarity Index (SSIM) of an image based on the paper Cryptanalyzing an Image-Scrambling Encryption Algorithm of Pixel Bits

Bucketing Computational Analysis Attack

Implementation of the Bucketing Computational Analysis

The repository contains the core implementation of the Bucketing Computational Analysis (BCA) and some public white-box cryptographic implementations and the coressponding scripts to perform the BCA.

SPARX Differential Attacks

Repository for the differential Cryptanalysis of Round-Reduced Sparx 64/128

The repository contains implementation of the paper Differential Cryptanalysis of Round-Reduced Sparx-64/128 that was presented at ACNS 2018.



This list is released into the public domain.