Comments (13)
Very interesting. I can start playing with this a little.
from circl.
oh, while I'm here. I was recently informed by the author via linkedin that this exists and uses CIRCL
https://github.com/kuking/go-pqsw
thought you may want to know
from circl.
Hey @henrydcase @claucece , I'm the maintainer of Cryptofuzz. I'm still improving it every day. It now supports elliptic curve operations and has been effective at finding EC bugs (see full bug list here ). PQ crypto not yet but I'm planning on implementing that. Have you gotten around to work with Cryptofuzz to test circl? Feel free to reach out to me at [email protected] to discuss these plans in depth.
from circl.
Oh, wow, interesting @henrydcase .. check it out @bwesterb : https://github.com/kuking/go-pqsw
from circl.
Fuzzing is something we want to include in CIRCL, we are open for discussion.
thanks for the pointer @guidovranken
from circl.
I now have a circl module for Cryptofuzz https://github.com/guidovranken/cryptofuzz/tree/master/modules/circl
It found one bug so far #312
I can install it on OSS-Fuzz if you want @armfazh ?
from circl.
I now have a circl module for Cryptofuzz https://github.com/guidovranken/cryptofuzz/tree/master/modules/circl It found one bug so far #312
Thanks for writing the module.
I can install it on OSS-Fuzz if you want @armfazh ?
What does this implies and what it is required to be included? (sorry, not so familiar with the internals of the project).
from circl.
Basically:
- Requires participants to have a Google account. I need a list of e-mail addresses (linked to a Google account) of maintainers. Note: these will be public
- You will receive an e-mail notification when a bug is found, and when it is detected as fixed
- There is an expectation that bugs found by OSS-Fuzz will be fixed by the maintainers (you)
- Bugs found remain private for 90 days, then they are automatically publicly disclosed whether they are fixed or not
- "To be accepted to OSS-Fuzz, an open-source project must have a significant user base and/or be critical to the global IT infrastructure."
- Usage of OSS-Fuzz is free of charge
- I will collect the $1,000 integration reward
More information: https://google.github.io/oss-fuzz/
from circl.
Requires participants to have a Google account. I need a list of e-mail addresses (linked to a Google account) of maintainers. Note: these will be public
@guidovranken can you please clarify who the "participants" are here?
from circl.
People who receive the bug reports, typically the maintainers of the software being fuzzed, in this case the circl maintainers.
from circl.
@guidovranken just reached at this address https://guidovranken.com/contact/, please confirm you have received my email.
from circl.
Yes I did, thanks, I will reply in a minute.
from circl.
Tracking integration at: google/oss-fuzz#7262
from circl.
Related Issues (20)
- Compatibility with npmjs.com/package/dilithium-crystals HOT 5
- panic: unmarshalling 0 first byte private keys HOT 1
- [QUESTION]: is blindsign package post-quantum secure ? HOT 4
- Bytes() and SetBytes() are not match in BLS12381 G1 and G2 HOT 3
- repo: consider add govulncheck to CI job
- enhancement request: Implement McCallum-Relyea exchange HOT 1
- oprf: Update latest test vectors
- blindrsa: update test vectors to match RFC9474 HOT 1
- add disclaimer and warning to README about Kyber patent
- Unusual Behavior: Successful Signature Verification After Altering Private Key HOT 4
- Why were the patch versions for CVE-2023-1732 released so late? HOT 2
- does KyberSlash affect this verison of Kyber? HOT 3
- ML-DSA? HOT 1
- Implement MAYO
- cp-abe: plaintext exceeding a certain length will fail during decryption HOT 2
- kem: Scheme.DeriveKeyPair length check too strict HOT 6
- hpke: slice bounds out of range in shortKEM.UnmarshalBinaryPrivateKey HOT 3
- Align on `purego` build tag. HOT 1
- In ecc/bls12381, Pairing operations seems racy
- Unpacking Kyber keys from a FIPS 203 x509 key spec HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from circl.