Skip to content

Solvatore

Security Algorithms

Solvatore Cryptanalysis Tool

Section titled “Solvatore Cryptanalysis Tool”

Solvatore is a specialized tool designed to assist in the cryptanalysis of cryptographic primitives. It simplifies the process of finding integral distinguishers using the bit-based division property.

Overview

Section titled “Overview”

The primary objective of Solvatore is to identify distinguishers that allow a researcher to differentiate a cryptographic primitive from a truly random function. These distinguishers are often the first step in constructing powerful key-recovery attacks.

Integral Distinguishers

Section titled “Integral Distinguishers”

The tool searches for sets of inputs where certain output bits are “balanced.” A bit is considered balanced if the XOR sum of that bit across all outputs is zero with a probability of 1.

Key Features

Section titled “Key Features”

Division Property

Implements bit-based division property analysis for modern block ciphers.

Design Flexibility

Supports various design strategies: S-boxes, bit permutations, modular addition, and matrix multiplications.

Python Integration

Built with Python, leveraging pycryptosat for SAT-based solving of division trails.

Easy Modeling

Simple API for describing cipher structures and round functions.

Getting Started

Section titled “Getting Started”

Installation

Section titled “Installation”

  1. Install Dependencies Solvatore requires the pycryptosat package.

    Terminal window
    pip install pycryptosat

  2. Python Environment Compatible with both Python 2 and Python 3.

Example: Analyzing PRESENT

Section titled “Example: Analyzing PRESENT”

To analyze a cipher like PRESENT, you define its structure and use the Solvatore solver to check for balanced bits.

from solvatore import Solvatore
from ciphers import present


cipher = present.present
rounds = 9


solver = Solvatore()
solver.load_cipher(cipher)
solver.set_rounds(rounds)


# Check if bit 0 is balanced after 9 rounds with specific active bits
active_bits = {i for i in range(1, 64)} # Bit 0 is constant
if solver.is_bit_balanced(0, rounds, active_bits):
    print("Found distinguisher!")

Technical Components

Section titled “Technical Components”

Core Classes

Section titled “Core Classes”
  • CipherDescription: Used to model the internal state and operations of the primitive.
  • Solvatore: The main engine that processes the cipher description and evaluates division properties.

Supported Operations

Section titled “Supported Operations”
  • S-box Application: Map input bits to output bits through non-linear tables.
  • Permutations: Arbitrary bit-level shuffling.
  • Linear Layers: Support for complex linear transformations.