Automated testing of Crypto Software Using Differential Fuzzing

by Jean-Philippe Aumasson, Yolan Romailler Sept. 14, 2017 via www.blackhat.com

We present a new and efficient approach to systematic testing of cryptographic software: differential fuzzing. Unlike general purpose software fuzzing such as afl, differential fuzzing doesn't aim to find memory corruption bugs (although they might come as a by-product), but to find logic bugs. Compared to test vectors, differential fuzzing provides greater code coverage. Compared to formal verification, differential fuzzing is easier to apply, both for testers and developers.

https://www.blackhat.com/us-17/briefings.html#automated-testing-of-crypto-software-using-differen...

Avatar
Steven Ulm 4 weeks, 1 day ago

I can really see this implemented with cryptocurrencies as well... just saying.

Reply