International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems 2026

Finding Bugs and Features Using Cryptographically-Informed Functional Testing


Giacomo Fenzi
Computational Security Lab, EPFL, Lausanne, Switzerland

Jan Gilcher
Applied Cryptography Group, ETH Zurich, Zurich, Switzerland

Fernando Virdia
University of Surrey, Guildford, United Kingdom


Keywords: cryptographic implementation testing, metamorphic testing, implementation correctness


Abstract

In 2018, Mouha et al. (IEEE Trans. Reliability, 2018) performed a postmortem investigation of the correctness of reference implementations submitted to the SHA3 competition run by NIST, finding previously unidentified bugs in a significant portion of them, including two of the five finalists. Their innovative approach allowed them to identify the presence of such bugs in a black-box manner, by searching for counterexamples of expected cryptographic properties of the implementations under test. In this work, we extend their approach to key encapsulation mechanisms (KEMs) and digital signature schemes (DSSs). We perform our tests on multiple versions of the LibOQS collection of post-quantum schemes to capture implementations at different points of the recent Post-Quantum Cryptography Standardization Process run by NIST. We identify multiple bugs, ranging from software bugs (segmentation faults, memory overflows) to cryptographic bugs, such as ciphertext malleability in KEMs claiming IND-CCA security. We also observe various features of KEMs and DSSs that do not contradict any security guarantees but could appear counter-intuitive. Finally, we compare this methodology with a traditional fuzzing campaign against LibOQS and SUPERCOP, observing that traditional fuzzing harnesses appear less effective in surfacing software and logical bugs.

Publication

IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2026, Issue 1

Paper

Artifact

Artifact number
tches/2026/a3

Artifact published
March 31, 2026

Badge
IACR CHES Artifacts Functional

README

ZIP (30542265 Bytes)  

View on Github

License
GPLv3 This work is licensed under the GNU General Public License version 3 or later.

Note that license information is supplied by the authors and has not been confirmed by the IACR.


BibTeX How to cite

Giacomo Fenzi, Jan Gilcher, Fernando Virdia. (2026). Finding Bugs and Features Using Cryptographically-Informed Functional Testing. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2026(1), 425–447. https://doi.org/10.46586/tches.v2026.i1.425-447. Artifact at https://artifacts.iacr.org/tches/2026/a3.