Skip to content

Question: generator-backed test vectors for known implementation attacks #256

Description

@programsurf

I’m opening this issue to ask whether Wycheproof would be interested in a generator-backed workflow for adding more test vectors for known implementation attacks.

Many implementation attacks are described in papers, advisories, PoCs, or bug reports, but not all of them become reusable Wycheproof vectors. A small workflow could help turn some of these known attack conditions into Wycheproof/vectorlint-compatible test cases.

PR #255 is one concrete example: a known ML-DSA implementation bug can be represented as valid/invalid verify vectors where a conforming verifier and a buggy verifier disagree.

Would this kind of workflow be useful for Wycheproof, or is it preferable to submit only the final generated JSON files?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions