DRAFT: Add test coverage for SP decode pipeline and malformed response handling (to be rebased against #9)#10
Draft
p0mvn wants to merge 23 commits intomenonsamir:mainfrom
Draft
Conversation
…ding The `assert!(val < lwe_q_prime)` range checks in `decode_response_normal_yclient` (lines 718-723, 731-736) panic on malicious server responses in a way that depends on the client's secret key. A malicious server can craft responses that cause some keys to panic and others to succeed, leaking 1 bit of key-dependent information per query. This commit adds: - Comprehensive malformed-response test suites for all three decode paths (YClient::decode_response, decode_response_normal_yclient, decode_response_simplepir_yclient) - Two #[ignore]'d tests that demonstrate the selective-failure side channel with concrete observed outcomes - Boundary, overflow, and determinism tests for modulus_switch::recover Made-with: Cursor
p0mvn
changed the title
YClient methods were publicly exported, allowing callers to generate queries without first calling generate_secret_keys(). This tightens visibility so external consumers must use YPIRClient, which handles key generation internally. - Make most YClient methods private (fn); keep new() and generate_query_impl() as pub(crate) for server.rs - Refactor scheme.rs to use YPIRClient seed-based API instead of constructing YClient directly - Add decode_response_simplepir_raw() returning Vec<u64> for internal benchmarks - Move noise test into client.rs where it has private access - Make decode_response_*_yclient helpers private Made-with: Cursor
…-channel Improve test coverage and document possible vulnerabilities (unexploitable under different inter-query keys)
…ility Restrict YClient visibility to prevent queries without key generation
…responses Addresses the Zellic audit finding on insufficient test coverage (4.3), focusing on areas 1 (malformed server responses) and 2 (SP decode pipeline correctness). Area 1 - Malformed server response handling (25 tests in client.rs, 8 in modulus_switch.rs): - Truncated, empty, oversized, and misaligned response inputs - All-zeros and max-value adversarial responses - Key-independent panic behavior verification (side-channel detection) - 3 ignored tests documenting confirmed selective-failure side channel in decode_response_normal_yclient (assert!(val < lwe_q_prime) panics for some secret keys but not others on identical adversarial input) - PolyMatrixRaw::recover with wrong-length and adversarial byte inputs Area 2 - SP decode pipeline unit tests (20 tests in client.rs, 3 in modulus_switch.rs, 6 in bits.rs): - RLWE encrypt/decrypt round-trip with zero, known, and max plaintexts - decrypt_ct_reg_measured plaintext recovery verification - Modulus switch (q_prime_1=2^20, q_prime_2=Q2_VALUES[28]) round-trip with SP parameters preserving plaintext through switch/recover/decrypt - Full SP decode pipeline with synthetic RLWE response (no server needed) - Multi-instance SP decode with 14-bit word byte conversion round-trip - 14-bit word packing: round-trip, edge values, cross-byte boundaries - pack_query CRT encoding verification - rlwe_to_lwe extraction output length and zero-ciphertext invariants - Multi-trial statistical correctness across 5 different seeds - Various bit-width packing (1-64 bits) round-trip coverage Also fixes serialize.rs test module to compile without server feature by gating it behind #[cfg(all(test, feature = "server"))]. All 67 tests pass in ~1s without the server feature. No new dependencies. Made-with: Cursor
p0mvn
force-pushed
the
security/test-coverage-areas-1-2
branch
from
f40b8f5 to
490f0ba
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses the Zellic audit finding 4.3 (Insufficient test coverage), implementing areas 1 and 2 of the YPIR+SP test coverage plan:
Area 1: Malformed server response handling -- 33 new tests covering all three client decode paths (
decode_response,decode_response_normal_yclient,decode_response_simplepir_yclient) andPolyMatrixRaw::recoverwith adversarial inputs (truncated, empty, oversized, all-zeros, max-value, random bytes). Includes 3#[ignore]tests that confirm the selective-failure side channel indecode_response_normal_yclientwhereassert!(val < lwe_q_prime)panics for some secret keys but not others on the same adversarial input.Area 2: SP decode pipeline correctness -- 29 new tests covering every stage of the YPIR+SP response decoding pipeline: RLWE encrypt/decrypt round-trip,
decrypt_ct_reg_measuredplaintext recovery, modulus switch round-trip with SP parameters (q_prime_1 = 2^20,q_prime_2 = Q2_VALUES[28]), full synthetic SP decode pipeline (no server feature needed), 14-bit word packing round-trip,pack_queryCRT encoding,rlwe_to_lweextraction invariants, and multi-trial correctness across 5 seeds.Also fixes
serialize.rstest module to compile without theserverfeature.Test results: 67 passed, 0 failed, 4 ignored (~1s, no
serverfeature required).