I’m opening this issue to ask whether Wycheproof would be interested in a generator-backed workflow for adding more test vectors for known implementation attacks.
Many implementation attacks are described in papers, advisories, PoCs, or bug reports, but not all of them become reusable Wycheproof vectors. A small workflow could help turn some of these known attack conditions into Wycheproof/vectorlint-compatible test cases.
PR #255 is one concrete example: a known ML-DSA implementation bug can be represented as valid/invalid verify vectors where a conforming verifier and a buggy verifier disagree.
Would this kind of workflow be useful for Wycheproof, or is it preferable to submit only the final generated JSON files?
I’m opening this issue to ask whether Wycheproof would be interested in a generator-backed workflow for adding more test vectors for known implementation attacks.
Many implementation attacks are described in papers, advisories, PoCs, or bug reports, but not all of them become reusable Wycheproof vectors. A small workflow could help turn some of these known attack conditions into Wycheproof/vectorlint-compatible test cases.
PR #255 is one concrete example: a known ML-DSA implementation bug can be represented as valid/invalid verify vectors where a conforming verifier and a buggy verifier disagree.
Would this kind of workflow be useful for Wycheproof, or is it preferable to submit only the final generated JSON files?