A property-based testing framework for encryption programs

Sun, C.T.; Wang, Zuoyi; Wang, Guan

doi:10.1007/s11704-014-3040-y

Cited by 11 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Batra and Singh [127] proposed using UML diagrams to guide the selection of metamorphic relations and presented a small case study using a banking application. Sun et al [128] reported several metamorphic relations for encryption programs. Aruna and Prasad [129] presented a small case study on the application of metamorphic testing to two popular graph theory algorithms.…”

Section: Other Domainsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Metamorphic Testing

Segura

Fraser

Sánchez

et al. 2016

IIEEE Trans. Software Eng.

432

230

View full text Add to dashboard Cite

Abstract-A test oracle determines whether a test execution reveals a fault, often by comparing the observed program output to the expected output. This is not always practical, for example when a program's input-output relation is complex and difficult to capture formally. Metamorphic testing provides an alternative, where correctness is not determined by checking an individual concrete output, but by applying a transformation to a test input and observing how the program output "morphs" into a different one as a result. Since the introduction of such metamorphic relations in 1998, many contributions on metamorphic testing have been made, and the technique has seen successful applications in a variety of domains, ranging from web services to computer graphics. This article provides a comprehensive survey on metamorphic testing: It summarises the research results and application areas, and analyses common practice in empirical studies of metamorphic testing as well as the main open challenges.

show abstract

Section: Other Domainsmentioning

confidence: 99%

“…where M f r is the number of tests in t derived from the relation r that detect the fault f , and T r is the total number of metamorphic tests derived from r. This metric is also called fault discovery rate [34], [85], [128].…”

Section: Fault Detection Ratiomentioning

confidence: 99%

A Survey on Metamorphic Testing

Segura

Fraser

Sánchez

et al. 2016

IIEEE Trans. Software Eng.

432

230

View full text Add to dashboard Cite

show abstract

“…The first paper applying metamorphic testing to encryption was [10]. Sun, Wang, and Wang metamorphically tested both the Hill algorithm and RSA, using mutation analysis, that is, creating mutants and investigating how effectively the tests discover faulty mutants.…”

Section: B Metamorphic Testing and Cryptographymentioning

confidence: 99%

Applying Metamorphic Testing to Homomorphic Cryptography

Wolf

Schönwälder

2021

2021 IEEE/ACM 6th International Workshop on Metamorphic Testing (MET)

View full text Add to dashboard Cite

Homomorphic encryption schemes allow applications to perform operations on encrypted data without decrypting the data. This is possible due to homomorphisms between the plaintext space and the ciphertext space. The open source PAL-ISADE software library implements a collection of homomorphic encryption schemes. The work described in this paper explores how metamorphic testing, a testing methodology alleviating the oracle problem, can be used to test the PALISADE library. Some faults are discovered and the applicability of metamorphic testing to homomorphic encryption is confirmed.

show abstract

“…However, in [20] MBT is applied at the application level (e.g., sequence of hash function calls), rather than for cryptographic primitives. Metamorphic testing has been applied to various security-related applications [21], and some work has been done towards developing metamorphic relations for cryptographic modules [22].…”

Section: Related Work and Traditional Approachesmentioning

confidence: 99%

Finding Bugs in Cryptographic Hash Function Implementations

et al. 2018

View full text Add to dashboard Cite

Cryptographic hash functions are security-critical algorithms with many practical applications, notably in digital signatures. Developing an approach to test them can be particularly difficult, and bugs can remain unnoticed for many years. We revisit the NIST hash function competition, which was used to develop the SHA-3 standard, and apply a new testing strategy to all available reference implementations. Motivated by the cryptographic properties that a hash function should satisfy, we develop four tests. The Bit-Contribution Test checks if changes in the message affect the hash value, and the Bit-Exclusion Test checks that changes beyond the last message bit leave the hash value unchanged. We develop the Update Test to verify that messages are processed correctly in chunks, and then use combinatorial testing methods to reduce the test set size by several orders of magnitude while retaining the same fault-detection capability. Our tests detect bugs in 41 of the 86 reference implementations submitted to the SHA-3 competition, including the rediscovery of a bug in all submitted implementations of the SHA-3 finalist BLAKE. This bug remained undiscovered for seven years, and is particularly serious because it provides a simple strategy to modify the message without changing the hash value returned by the implementation. We detect these bugs using a fully-automated testing approach.

show abstract

A property-based testing framework for encryption programs

Cited by 11 publications

References 20 publications

A Survey on Metamorphic Testing

A Survey on Metamorphic Testing

Applying Metamorphic Testing to Homomorphic Cryptography

Finding Bugs in Cryptographic Hash Function Implementations

Contact Info

Product

Resources

About