Skip to content

test: add negative-verification coverage for generalized XMSS#55

Open
aryaethn wants to merge 1 commit into
leanEthereum:mainfrom
aryaethn:test/negative-verification-generalized-xmss
Open

test: add negative-verification coverage for generalized XMSS#55
aryaethn wants to merge 1 commit into
leanEthereum:mainfrom
aryaethn:test/negative-verification-generalized-xmss

Conversation

@aryaethn

@aryaethn aryaethn commented Jul 5, 2026

Copy link
Copy Markdown

Following up on #1.

What

test_signature_scheme_correctness covers completeness (an honest signature verifies) and the SSZ tests cover malformed bytes, but nothing asserts that verify rejects a well-formed signature presented against the wrong inputs — the properties the scheme's unforgeability rests on. This adds that adversarial counterpart.

  • test_signature_scheme_robustness<T: SignatureScheme> — a generic template mirroring the existing correctness one, asserting verify rejects a wrong message, a wrong (in-lifetime) epoch, and a wrong public key. Wired into the Poseidon-W1 and aborting-hypercube instantiations.
  • test_verify_rejects_tampered_signature — swapping two chain hashes yields a well-formed but invalid signature that must be rejected.
  • proptest_verify_rejects_wrong_message — fuzzes message binding.

Tests only — no production code changes.

Tested

$ cargo test --lib generalized_xmss::tests
test result: ok. 15 passed; 0 failed

$ cargo test --lib generalized_xmss::tests::test_verify_rejects_tampered_signature
test result: ok. 1 passed; 0 failed

$ cargo test --lib generalized_xmss::tests::proptest_verify_rejects_wrong_message
test result: ok. 1 passed; 0 failed

$ cargo clippy --all-targets --all-features -- -D warnings
Finished

Refs #1.

The signature suite covers completeness (test_signature_scheme_correctness:
an honest signature verifies) and rejects malformed SSZ bytes, but nothing
asserts that verify() rejects a well-formed signature presented against the
wrong inputs -- the properties the scheme's unforgeability rests on.

Add the adversarial counterpart:
- test_signature_scheme_robustness<T>: a generic template mirroring the
  correctness one, asserting verify rejects a wrong message, wrong epoch,
  and wrong public key. Wired into the Poseidon-W1 and aborting-hypercube
  instantiation tests.
- test_verify_rejects_tampered_signature: a tampered chain hash is rejected.
- proptest_verify_rejects_wrong_message: fuzzes message binding.

Tests only; no production code changes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant