Python implementations of cryptographic attacks and utilities.
- Key reuse attack (encrypt-and-MAC)
- Key reuse attack (encrypt-then-MAC)
- Key reuse attack (MAC-then-encrypt)
- ECDSA nonce reuse attack
- Frey-Ruck attack
- MOV attack
- Parameter recovery
- Singular curve attack
- Smart's attack [More information: Smart N. P., "The discrete logarithm problem on elliptic curves of trace one"]
- MNT curves
- Prescribed order
- Prescribed trace
- Supersingular curves
- Bleichenbacher's attack
- Khadir's attack
- Nonce reuse attack
- Base conversion factorization
- Branch and prune attack [More information: Heninger N., Shacham H., "Reconstructing RSA Private Keys from Random Key Bits"]
- Complex multiplication (elliptic curve) factorization [More information: Sedlacek V. et al., "I want to break square-free: The 4p - 1 factorization method and its RSA backdoor viability"]
- Coppersmith factorization
- Fermat factorization
- Ghafar-Ariffin-Asbullah attack [More information: Ghafar AHA. et al., "A New LSB Attack on Special-Structured RSA Primes"]
- Implicit factorization [More information: Nitaj A., Ariffin MRK., "Implicit factorization of unbalanced RSA moduli"]
- Known CRT exponents factorization [More information: Campagna M., Sethi A., "Key Recovery Method for CRT Implementation of RSA"]
- Known private exponent factorization
- Known phi factorization [More information: Hinek M. J., Low M. K., Teske E., "On Some Attacks on Multi-prime RSA" (Section 3)]
- ROCA [More information: Nemec M. et al., "The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli"]
- Shor's algorithm (classical) [More information: M. Johnston A., "Shor’s Algorithm and Factoring: Don’t Throw Away the Odd Orders"]
- Twin primes factorization
- Forbidden attack [More information: Joux A., "Authentication Failures in NIST version of GCM"]
Hidden Number Problem
- Extended hidden number problem
- Fourier analysis attack
- Lattice-based attack
- Low density attack [More information: Coster M. J. et al., "Improved low-density subset sum algorithms"]
- LCG parameter recovery
- Truncated LCG parameter recovery [More information: Contini S., Shparlinski I. E., "On Stern's Attack Against Secret Truncated Linear Congruential Generators"]
- Truncated LCG state recovery [More information: Frieze, A. et al., "Reconstructing Truncated Integer Variables Satisfying Linear Congruences"]
- Bleichenbacher's attack
- Bleichenbacher's signature forgery attack
- Boneh-Durfee attack [More information: Boneh D., Durfee G., "Cryptanalysis of RSA with Private Key d Less than N^0.292"]
- Common modulus attack
- CRT fault attack
- Extended Wiener's attack [More information: Dujella A., "Continued fractions and RSA with small secret exponent"]
- Hastad's broadcast attack
- Low public exponent attack
- LSB oracle attack
- Manger's attack
- Partial key exposure [More information: Boneh D., Durfee G., Frankel Y., "An Attack on RSA Given a Small Fraction of the Private Key Bits"]
- Related message attack
- Stereotyped message attack
- Wiener's attack
- Wiener's attack (Heuristic lattice variant) [More information: Nguyen P. Q., "Public-Key Cryptanalysis"]
- Boneh-Durfee method [More information: Boneh D., Durfee G., "Cryptanalysis of RSA with Private Key d Less than N^0.292"]
- Coron method [More information: Coron J., "Finding Small Roots of Bivariate Integer Polynomial Equations: a Direct Approach"]
- Herrmann-May method (Boneh-Durfee with unravelled linearization) [Herrmann M., May A., "Maximizing Small Root Bounds by Linearization and Applications to Small Secret Exponent RSA"]
- Howgrave-Graham method [More information: May A., "New RSA Vulnerabilities Using Lattice Reduction Methods (Section 3.2)"]
- Jochemsz-May method [More information: Jochemsz E., May A., "A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants"]