| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 24 Jul 2025 07:49:27 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: pull_request_layout-fragment;desc="pull_request_layout fragment";dur=343.18076,conversation_content-fragment;desc="conversation_content fragment";dur=388.547591,conversation_sidebar-fragment;desc="conversation_sidebar fragment";dur=217.749047,nginx;desc="NGINX";dur=0.793899,glb;desc="GLB";dur=100.529921
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: fd8fbbc
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=tqLqPRs0K3cOmyXpF4x7nf3Y1JGn%2FNgGteRPQDKCahGY1UpqrOv7WcFvzMwxbP8mY%2FGiQnq3AtqF8SFjXQPUa3Dx1zuBY9K0qYuwSZ9IGPzXau0wH2RpVRFoYae7%2B4S2FPd1VQSjN4HQh%2Fd0yFj%2FnUBzvbx8BnSoUqHPn9LjNFiVFptzakHXE7RGE9wLg8dtu1oSgMq%2FIW5Klk1D1aGEzHngO9XoYIskDE9%2BgrX8C8J1Q%2Fh1pTrbfsW8sHapwwlEKGEtUFQjV9Z3x6lQvKVD8w%3D%3D--Il%2FdAepV0bgnFrL%2F--zwkX811YG9sebcS8Jg0sNA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1485422656.1753343366; Path=/; Domain=github.com; Expires=Fri, 24 Jul 2026 07:49:26 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 24 Jul 2026 07:49:26 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: AD0E:9C104:65159C:7E9414:6881E586
Test vectors for Kyber and ML-KEM. by sophieschmieg Β· Pull Request #110 Β· C2SP/wycheproof Β· GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 302
Test vectors for Kyber and ML-KEM. #110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
sophieschmieg
wants to merge
1
commit into
C2SP:main
Choose a base branch
from
sophieschmieg:kybertestvectors
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Specifically, for round 3 and for the NIST Draft standard, as well as the discussed potential modification of the draft standard that does silently reduce instead of failing on unreduced vectors: * The vectors of the round 3 submission package * Vectors where public or private keys are not reduced mod q * Vectors where the various parts of Kyber are too short or too long * Edge cases where the secret and/or the error are zero * Vectors where the ciphertext is random bytes * Bit flips in ciphertext * message all zero/all 0xff * Values of rho where SHAKE expands more than usual and read up to 591 bytes. * Values of rho where the matrix has relatively large values (maximizing the sum of all entries) * Values of rho where the matrix contains an unusual amount of zeroes in NTT form (I found a seed with 3 zeroes mod prime factor of (3329), and a number of seeds with 2 zeroes) * Values of rho for which the matrix fails to be invertible mod (3329), which is otherwise a property that a random matrix is expected to have with high probability.
This was referenced Aug 20, 2024
|
Hi, Thanks a lot for sharing these useful ML-KEM edge cases test vectors! Are there any updates planned for the finalized FIPS203 ML-KEM release from August 2024 which slightly differs from the previous NIST draft? (namely the addition of domain separation for K-PKE.KeyGen and the swapped indices for the matrix access). Thanks in advance, |
@sophieschmieg Would you be willing to regenerate these based on the finalized FIPS 203 spec? I would be very keen to see these land in-tree ASAP and I think that's the primary blocker. |
|
@sophieschmieg happy to do the leg work of reformatting these in a Wycheproof format as promised if you can update them to the final FIPS :) I think we can't do that easily on our side because some seeds will need to be re-bruteforced? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You canβt perform that action at this time.
Specifically, for round 3 and for the NIST Draft standard, as well as the discussed potential modification of the draft standard that does silently reduce instead of failing on unreduced vectors: