symbolicsoft

symbolicsoft / crucible

Public

Cryptographic implementation conformance testing harness for ML-KEM and ML-DSA.

symbolic.software ml-dsa ml-kem
10
1
100% credibility
Found Mar 26, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

Crucible is a testing suite that verifies implementations of post-quantum cryptographic algorithms ML-KEM and ML-DSA against common real-world bugs.

How It Works

1
๐Ÿ” Discover Crucible

You learn about Crucible, a helpful tool that checks if cryptography code follows safety rules perfectly.

2
๐Ÿ“ฅ Get the tool

Download the simple package and prepare it with everyday instructions.

3
๐Ÿ”Œ Connect your crypto tools

Link up ready-made testers for popular cryptography libraries using provided guides.

4
Pick what to check
๐Ÿ”
Key exchange

Test secure key sharing between parties.

โœ๏ธ
Signatures

Test creating and verifying digital signatures.

5
๐Ÿš€ Run the safety checks

Hit go and watch it automatically test everything for hidden mistakes.

6
๐Ÿ“‹ Review the results

See easy reports highlighting what passed, what failed, and why.

โœ… Secure and confident

Your cryptography is verified safe, ready for real-world use without worries.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is crucible?

Crucible is a conformance testing harness for ML-KEM (FIPS 203) and ML-DSA (FIPS 204) implementations, running 78 targeted tests for KEMs and 51 for signatures across categories like compression, NTT, bounds checks, and serialization. Built in Rust with a simple CLI (`cargo run --bin crucible -- ./your-harness`), it spawns harnesses via JSON-over-stdin/stdout, outputs human-readable or JSON reports, and catches subtle bugs in advanced cryptographic implementations that NIST KATs missโ€”like rounding errors or dead bounds checks. Ships with pre-built harnesses for 15 libs in C, Go, Rust, and Java, including AWS-LC, CIRCL, and liboqs.

Why is it gaining traction?

It targets real-world cryptographic failures from audits (even in "high-assurance" code), filling the gap between black-box KATs and formal verification with deep white-box tests on internals like NTT zeta ordering or hint validation. Filters let you run specific categories (`--category ntt`) or param sets (`--param-set ML-KEM-768`), and deterministic mode enables byte-for-byte reference comparisons. Devs love the quickstart loop: build, test any impl, get a crucible report with bug classes, spec refs, and severity.

Who should use this?

Crypto engineers implementing or forking ML-KEM/ML-DSA in C or Go for production (e.g., TLS libs). Security auditors validating conformance in pq-crystals, Bouncy Castle, or wolfSSL. Teams auditing insecure cryptographic implementations before FIPS certification.

Verdict

Grab it if you're touching post-quantum cryptoโ€”solid docs and templates make adding harnesses easy, despite low 1.0% credibility from 10 stars signaling early maturity. Run the all-harnesses script for a conformance benchmark; it's constructive for spotting issues fast.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.