Open tasks

This page lists open tasks which can be performed by students with no previous experience with CrypTool 2 (CT2). The proposed tasks are grouped into the following categories:

  • Thesis -- tasks which may be suitable for a bachelor or master thesis.
  • Project -- tasks which probably require an effort of a couple of weeks, but which do not qualify as a thesis topic. Tasks may be combined to a single project if one task proves to be less comprehensive than expected.

Note: For all tasks the CT2 team has more detailed information if a student or an advisor from another university is interested to take over a task. Writing a thesis includes the online help in CT2 (at minimum English) and templates for CT2.

As introduction to CT2 development, please have a look at our development video series on YouTube:

We are always happy to get further suggestions (maybe from your own research)


  1. Implement a Framework for Symmetric Cryptanalysis in CT2: This includes
    • attack key schedule of stream- and blockciphers
    • slide attacks on blockciphers (at least against all general Feistel type ciphers and Treyfer)
    • How should such a framework be designed to fit into CT2 and to enable other developers to easily add further attack plugins?
  2. Cipher Builder
    • create a component which allows to build modern ciphers out of standard components (like S-box, permutation)
    • this could, for instance, visualize Feistel networks
    • a start is to create (simple) SPN ciphers; later, extended to more complex ciphers
  3. Modern Cryptanalysis: Visualization of Differential Cryptanalysis (DCA) of SDES and FEAL
    • also possible on fcrypt by Wobst
    • the ciphers are already implemented in CT2
    • build on top of the existing DCA framework (Bender)
  4. Modern Cryptanalysis: Visualization of Linear Cryptanalysis of SDES and FEAL
  5. Modern Cryptanalysis: Visualization of Slide Attacks of SDES and FEAL
  6. Integer Linear Programming (ILinProg)
    • after creating a model for symmetric cryptanalysis and transfering it
  7. Implement SAT Cryptanalysis
    • exhaustive pre-work exists (Brandi)
  8. LFSR-Analyzer
  9. Breaking RSA OAEP with Manger’s attack
  10. Implement Cryptanalysis of Visual Cryptography
    • involve Nüsken (Schülerkrypto Bonn) for further material on that topic
  11. Implement Visual Cryptanalysis: Cipher Dags (Bernstein)
  12. Implement Quantum Algorithms from NIST Competition (Valence, Schrottenloher, Brands, ...)
  13. Implement Attack on ElsieFour (start with reduced version)
  14. Implement Key Recovery Attack for 10-Rounds AES
  15. Implement DROWN Attack
  16. Visualize the Off-the-Record (OTR) Messenger Protocol
  17. Visualize the Crypto Protocol of the Messenger Signal (Axolotl Ratchet)
  18. Machine Learning and Cryptology: Implement Analysis of Ciphers with Neural Networks or Artificial Intelligence
  19. Align Factorization Algorithms/Methods Already Existing in CT2
    • factorizer component (only brute-force, works)
    • quadratic sieve component (GUI made by Rech; uses msieve as library, works well)
    • NFS factorizer component (Inigo started to build it; uses yafu, partially works)
    • General Number Field Sieve component (started by Rech, uses msieve.exe, partially works)
    • --> Goal: ONE component (called Factorizer) that contains all methods (components) mentioned above
  20. Distributed Factorization using CrypCloud
  21. Cayley-Purser-Algorithmus und its Analysis
    • implement this algorithm which was awhile discussed in 1999 as an RSA alternative
  22. Achievement System for CT2
    • based on tasks users have to fulfill
    • achievement points are awarded to them
    • create a global best list
    • example: achievement system in World of Warcraft
  23. Implement all Major Algorithms on Permutations
    • see 1 and 2. This discusses the six major types of combinatorial collections with examples and formulas for counting. Expands with a C# generics-based set of classes for enumerating each meta-collection.
  24. Any hash function from SHA-3 contest, for the weak ones preferably with an attack sample (overview) -- e.g. MD6 implementation (Spec)
  25. Implement the current status of cryptanalysis against hash algorithms
    • show the effectiveness against weak or weakened (reduced) algorithms (explain collision resistance, 1st and 2nd pre-image)
    • breaking MD4 On-the-fly
    • attacks on MD5 and SHA-0 of Crypto 2004
    • How much faster are you when you find structural weaknesses in hash algorithms than when you do BF?
  26. Pre-Image Attacks on Arbitrary Hash Functions
    • brute-force
    • dictionary (rule-based)
    • inspired by "John the Ripper"
  27. Visualize Hash Functions (e.g. SHA1) in a Modern Way
    • not only the sensitivity and changes at the resulting hash value, but all changed bits after each step or round
    • visualize Merkle-Damgard construction
    • see here
  28. Implement Further Codes and Classical Ciphers, their According Cryptanalysis, and Assess their Strength
    • Straddling Checkerboard
    • Ché Guevara
    • Baconian
    • T9 ("mobile phone code")
    • Josse's Code (Remi Geraud presented this in Uppsala 2018)
    • Chaocipher
    • and more ...
  29. A Generic Heuristic Analyzer for Classic Algorithms (like the KeySearcher)
  30. Distributed Cryptanalysis of the Enigma Machine using CrypCloud
  31. Implement the Full Cryptanalysis Toolbox Used to Crack Simon Singh's Contest
  32. Ciphertext-only Analysis of the Hill Cipher: Limits and Possibilities
  33. Visualize Different Steganography Methods
    • steganography
    • (Example)
    • Done: text steganography, image steganography (LSB, BPCS)
    • Open: music steganography, "other" text and image steganography methods
  34. Implement Current Real Cryptanalytical Successes like RFID, WLAN, MiFare, Crypto1, A5/1
    • for more details on the cryptoanalytical successes read the proceedings of current conferences, e.g. see here.
  35. Cracking the Weak Encryptions in the VIM Editor
    • using them makes vim to warn: "Using a weak encryption method"
    • this happens for the two encryption modes 'zip' and 'blowfish'
  36. Identity-Based Encryption (IBE) According to C. Cocks, Based on Quadratic Residues
    • implement and analyze
  37. NTRU
  38. McEliece
    • implement and analyze
  39. Import and Export of Cryptographic Keys in PKCS#8 and X.509 formats
  40. GPU Against Classic and Modern Symmetric Cryptographic Methods
    • for this our didactic instruction "Cryptanalysis of classical ciphers using modern GPUs and CUDA" can be used
  41. Investigate the robustness of primality tests using
  42. Fried, Gaudry, Heninger, and Thomé: "A kilobit hidden SNFS discrete logarithm computation"
  43. Steven Galbraith, Jake Massimo, and Kenneth G. Paterson: "Safety in Numbers: On the Need for Robust Diffie-Hellman Parameter Validation"
  44. ROCA
  45. Daniel Shumow: "Incorrectly Generated RSA Keys: How To Recover Lost Plaintexts"


  1. Morse Code Audio Decoder: in the existing morse code component, create an input for audio data that converts morse sounds back to digital data
  2. Multiplex cipher: merge Cylinder Cipher component and M-138 component and create a common Multiplex Cipher component (including M-94, Bazerie, and M-138)
  3. HexEditor (#11)
  4. TextEditor (add syntax highlighting to TextInput and TextOutput) (AvalonEdit)
  5. Enhance the frequency test with a tabular presentation (similar to CT1) and a comparative feature: two text-inputs should be compared, the primary one is displayed as a chart, and the color of each bar is green if it matches the second input and red if not (and the entire color-span inbetween for matching values from good to bad). In case no secondary input is provided, standard english or german should be used for comparision
  6. Fuzzy string search (Example, Wikipedia)
  7. Enhance existing WordPatterns plugin
    • multiple word search with one TextInput (split words at whitespace)
    • enter max match number
    • enter pattern in number format (like 1-2-2-1)
    • add filter function (see Borland C++ tool)
    • save last input words and propose them to user
    • improve performance
    • support wildcard (*)
  8. Statistical tests for randomness (see NIST), maybe a new random number generator (see existing one first), see also 1, 2, 3, 4, 5, 6, 7
    • partially done
  9. Man-in-the-Middle-Plugin to modify traversing data
    • visualize Diffie-Hellman protocol with MitM
    • see existing BB84 template with eavesdropper
  10. Extend StringOperations component with annagramming function
    • could be used for manual attacking transposition ciphers
    • Input string is annagrammed and all resulting annagrams are outputted as String[]
    • good introduction task for new students/workers on CT2
  11. Implement special crypto algorithms/methods/protocols
  12. Establish ACA compatibility

Finished tasks (selection)

  1. ArrayIndexer (retrieve one object via numeric index from an array): Christian Arnold, Uni Due
  2. LengthOf (get length of string or array): Christian Arnold, Uni Due
  3. Check whether the plugin templates work: Matthäus Wander, Uni Due
  4. Create plugin similar to Substring (or enhance Substring) which cuts CryptoolStream and/or byte[] (see CRC32-sample for usage scenario): CT2 Team Transposition, Uni Due
  5. Create ButtonTrigger plugin which fires a bool output when user clicks a buttonj: CT2 Team Transposition, Uni Due
  6. Create regular expression plugin(s), for example match and replace (see System.Text.RegularExpressions): CT2 Team Transposition, Uni Due
  7. Combine Stream/String converters (add byte[] type): CT2 Team Distributed Cryptanalysis, Uni Due
  8. Create all cost functions used in enigma as plugins (i.e. entropy, log2-trigrams..): CT2 Teams Distributed Cryptanalysis & Transposition, Uni Due
  9. MD5 collider: Holger Pretzsch, Uni Due
  10. Nihilist: Fabian Enkler
  11. Vigenère-Autokey: Dennis Nolte, Uni Due
  12. Concept for (semi-)automatic plugin testing: Matthäus Wander, Uni Due
  13. Network sniffer (#32): Matthäus Wander, Uni Due
  14. Full Internationalization / Localization (#127): Sven Rech, Armin Krauss
  15. Lorenz SZ42 encryption: Implement and analyze. Integrate in CT2 a C# version of the ADA code of the winner from here. Assigned to: Wilmer Daza
  16. Visualization and advanced cryptanalysis of Enigma: Julian Weyers
  17. Implement a Navajo-Code component: This is basically a substitution component wich substitutes words from English with the corresponding Navajo words. For words which are not in the Navajo-Dictionary use spelling, i.e. substitute each letter with the corresponding Navajo-codeword. Additionally, the component should also try to parse Navajo-code language and translate back to English. See Navajo-Code Talker's dictionary for more details. - done by A. Wacker, Uni Kassel with the substitution component and a navajo codebook
  18. Implement a Morse-code component: translate letters forth and back to morse code: Nils Kopal, Uni Kassel
  19. SIGABA encryption, visualization and cryptanalysis: Julian Weyers, Uni Due (not in the nightly build since quality assurance has to be done)
  20. Diffie-Hellman visualization and analysis components.
  21. Create new monoalphabetic analysis (current one needs to be revised or rewritten from scratch). Should support any alphabet, e.g. [A-Z] or [A-Z0-9]
  22. Measure password strength
  23. Bar Code and Matrix Codes: implement and visualize them. Also analyze scanned bar codes. (implemented in Visual Encoder/Visual Decoder)
  24. Cryptanalysis of the Turning Grille (done in JCT)
  25. Describe and characterize the variants of cryptographic signatures and implement/visualize/document some of the them, like blind signatures. An extension could be to implement applications like electronic cash and voting systems to describe and implement them from a cryptanalytic perspective.
Last modified 11 months ago Last modified on Nov 26, 2020, 9:40:15 AM