International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems 2026

Finding Bugs and Features Using Cryptographically-Informed Functional Testing


README

Fuzzing Crypto

Code release for

Fenzi, G., Gilcher, J., Virdia, F. (2026).
Finding Bugs and Features Using Cryptographically-Informed Functional Testing.
IACR Transactions on Cryptographic Hardware and Embedded Systems, 2026(1).
https://eprint.iacr.org/2024/1122

In this repository, we include instructions to run our tests, instructions to run a baseline of generic fuzzing, and an explanation of our source code explaining how it is structured.

Dependencies

Instructions to run

bash run.sh

A terminal within the container will open.

To run experiments on liboqs

To run experiments on version:

Within the container, run

bash reproduce.sh ver_liboqs

Comment the values in BLACKLIST on lines 35-42 of fuzz_liboqs.py if you want a full run (it will take significantly longer).

To run experiments on supercop 20240107

Within the container

bash reproduce.sh supercop

Reports

The reports generated by the code above can be found inside /reports/, which is mounted as a volume within the docker container. The reports are generated in three formats, as SQLite database, as Excel file and as a Latex table.

The reports from the experiments described in the paper can be found in /paper_reports/.
The SQLite format was omitted due to the size of the databases.

Reading the reports

The reports generated by our code refer to the tests with specific names rather than numbers (as done in the paper). The mapping between the two is the following:

Paper test number Paper test name Report test name
Test 1 Hash(Maul(x)) this is the test performed on SUPERCOP
Test 2 Gen(; Maul(r)) KEM/Keygen/badrng and SIGN/Keygen/badrng
Test 3 Encaps(Maul(pk); r) KEM/Encaps/pk-0
Test 4 Decaps(sk, Encaps(Maul(pk); r)) KEM/Encaps/pk
Test 5 Encaps(pk; Maul(r)) KEM/Encaps/badrng
Test 6 Decaps(Maul(sk), c) KEM/Decaps/sk
Test 7 Decaps(sk, Maul(c)) KEM/Decaps/c
Test 8 Sign(Maul(sk), m; r) SIGN/Sign/sk
Test 9 Sign(sk, Maul(m); r) SIGN/Sign/m
Test 10 Sign(sk, m; Maul(r)) SIGN/Sign/badrng
Test 11 Verify(Maul(pk), m, sigma) SIGN/Verify/pk
Test 12 Verify(pk, Maul(m), sigma) SIGN/Verify/m
Test 13 Verify(pk, m, Maul(sigma)) SIGN/Verify/sig

Expected deviations

Some observed "software" crashes are partially probabilistic in nature. For example, hangs are measured by wall time, meaning that running the same tests on a slower CPU could result in more hangs being reported. Similarly, out-of-bounds memory writes may not cause segmentation faults if the memory they write in is not currently allocated to a different process.

This may result in slightly different numbers if reproducing our experiments on the same libraries but different hardware.

Baseline

The instructions in this section allow reproducing the experimental results from section "5.1.1 Baseline" in the paper.

First, create and run the same container as for the above experiments by running.

bash run.sh

A terminal within the container will open.

To run the baseline on liboqs

To run experiments on version:

Within the container, run

bash reproduce.sh ver_liboqs baseline

To run the baseline on supercop 20240107

Within the container, run

bash reproduce.sh supercop baseline

Source code structure

License

This software is distributed under the GNU General Public License version 3. See LICENSE for more details.

Contributors

Code was contributed by