Sujet de Cosmian

Metamorphic testing is a property-based technique that does not assume the existence of a test oracle [1,3]. This paradigm therefore seems particularly suited for testing cryptographic implementations since — by design — such an oracle does not exist [2][4][8][10].
Over the last few years, the number of Rust-based implementations of cryptographic primitives has dramatically increased [5,6]. Proponents of using this language argue that its memory-, thread-safety and memory management properties make it a perfect target for such critical pieces of code. However, all reference implementations are written in C and test vectors are not always available, which makes it more difficult to trust Rust implementations.
The last vulnerability discovered in the reference Keccak implementation [7,11] once again reminded the community of the importance of correctly testing cryptographic implementations [9]. However, to the best of our knowledge, no systematic attempt has been made to assert the quality of the Rust cryptographic ecosystem.
In this project, we propose to implement a metamorphic library in Rust in order to fill this gap. To this aim, the recent paper by Fenzi et al. [10] could be used as a starting point to establish a list of tests, but more tests can be added. The library should use the interface definitions provided by the Rust
type-system — called traits — to separate testing logic and implementations, and provide a clean API that Rust programmers could use to test new implementations.


Voir aussi dans «REDOCS’24»

Sujet d’Amossys Sujet de ScreenAct