Metamorphic testing is a property-based technique that does not assume the existence of a test oracle [1,3]. This paradigm therefore seems particularly suited for testing cryptographic implementations since — by design — such an oracle does not exist [2][4][8][10].
Over the last few years, the number of Rust-based implementations of cryptographic primitives has dramatically increased [5,6]. Proponents of using this language argue that its memory-, thread-safety and memory management properties make it a perfect target for such critical pieces of code. However, all reference implementations are written in C and test vectors are not always available, which makes it more difficult to trust Rust implementations.
The last vulnerability discovered in the reference Keccak implementation [7,11] once again reminded the community of the importance of correctly testing cryptographic implementations [9]. However, to the best of our knowledge, no systematic attempt has been made to assert the quality of the Rust cryptographic ecosystem.
In this project, we propose to implement a metamorphic library in Rust in order to fill this gap. To this aim, the recent paper by Fenzi et al. [10] could be used as a starting point to establish a list of tests, but more tests can be added. The library should use the interface definitions provided by the Rust
type-system — called traits — to separate testing logic and implementations, and provide a clean API that Rust programmers could use to test new implementations.
[1] https://arxiv.org/abs/2002.12543
[2] https://ieeexplore.ieee.org/document/9477673
[3] https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=931851
[4] https://csrc.nist.gov/CSRC/media/Events/lightweight-cryptography-workshop-2019/documents/papers/systematic-testing-of-lightweight-crypto-lwc2019.pdf
[5] https://cryptography.rs/
[6] https://github.com/aws/aws-lc-rs
[7] https://link.springer.com/chapter/10.1007/978-3-031-30872-7_1
[8] https://ieeexplore.ieee.org/document/8405614
[9] https://link.springer.com/chapter/10.1007/978-3-031-35486-1_9
[10] https://eprint.iacr.org/2024/1122
[11] https://www.cve.org/CVERecord?id=CVE-2022-37454